Account confirmation spam is the latest spammer trick, asking recipients to confirm their account information with a bogus organization by logging into a Web site that is infected with the Storm Trojan malware. This latest technique is catching on: Account confirmation spam has grown in volume from 18 percent of all spam on Tuesday to 35 percent Wednesday.
These e-mails, spotted by security vendor Marshal, tell recipients they must visit a Web site and use the included temporary login details to set a permanent login and confirm their account. Unlike most spam, the link to the Web site is not an embedded URL but an IP address.
If followed, the link brings recipients to a Web site that asks them to install a 'secure login applet,' which in fact is the Storm Trojan, says Ed Rowley, an engineer at Marshal.
This spam blast gives a new cybercrime role to Storm Trojan, which secretly infects PCs and turns them into members of a botnet that attacks other PCs. The Trojan was first detected in January and has since been the payload of spam blasts ranging from fake headlines to greeting-card notifications.
With spam levels threatening to break records this month, spammers are coming up with new and different scams on a near-daily basis. Last week saw levels of PDF spam that pump penny stocks hit an all-time high. On that scam's heels is this completely different type of spam designed to grow botnets.
"The key item of interest is how quickly the criminal gangs are changing their techniques," says Rowley. "Over the last few weeks we have seen them experimenting with spam and using all sorts of different attachments. This time they are trying different techniques to get users to infect their machines and become part of the problem."