Spammers are looking to hijack .mil and .edu servers in their latest campaign. The Malware that is served up in the spam is looking for open relay servers, demonstrating that old tricks still work.
Military and government email servers being targeted. [IMG: J.Anderson]
Open relay is an SMTP server that will allow anyone on the web to send email through it. Open relay was the accepted standard in the 80’s and middle 90’s. This form of configuration for email servers is due to the “store-and-forward” method of transporting messages. Once spam started to get out of hand, and email worms took advantage of open relay mail servers, the practice was forgotten. (UNIX systems used to have open relay as a default.) Now, because open relay makes no effort to verify the sender, and you can connect to your SMTP server directly, most servers using this method are blocked. (Most ISP use DNSBL to block access to open relay servers.)
Researchers at BitDefender have discovered a series of emails that are linked to videos. The link leads to a page, which will ask the user to download a “media player” which is actually Backdoor.Edunet.A. This family of Malware uses the victim’s computer to communicate with remote mail servers.
BitDefender took a closer look at the code and discovered that the Malware was in fact attempting to discover open relay servers on .mil and .edu domains. The list of servers to scan is retrieved from a series of web servers, which are either compromised themselves or part of the attackers’ own network. The list of web servers is continuously changing, but BitDefender says that the targets have remained constant.
"It's not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays,” declared Sorin Dudea, BitDefender’s head of AV Research. “It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common.”
It goes without saying that administrators should check their servers and ensure they are not relaying messages. A Quick tool to check is here:
http://www.checkor.com/
There are currently no comments for this article. Be the first to comment!
Advertising
![Military and government email servers being targeted. [IMG: J.Anderson]](http://www.thetechherald.com/media/images/200818/Spam2.jpg)
There are currently no comments for this article. Be the first to comment!