Over on SecureWorks there's a research write-up titled Inside the "Ron Paul" Spam Botnet that provides a look behind the scenes of an email spam botnet. What's impressive about this particular story is that it's both well written and goes into quite a bit of detail for a report of this type.
The story starts by describing the telltale features used to identify the spam messages and goes on to work upstream, getting access to copies of the malware, looking at how it spread, and ultimately nabbing a copy of the administrative interface for sending the spam.
In fact, the details alone are so interesting that by the time you reach the conclusion, you've stopped caring about this particular spam episode. What's far more captivating is getting a good look into the mechanics behind a reasonably sized spam operation.
Good stuff. Give it a read.
Thanks to Joe Stewart and the folks at SecureWorks for making the data available and telling the story from beginning to end.
See Also: Ron Paul spam traced to Ukrainian botnet (InfoWorld)
Posted by jzawodn at December 05, 2007 07:32 AM