Stupid Srizbi Spam

We are continuing to see large runs of spam containing links to malicious files hosted on the web.  Over the last few days, the subject lines include these:

We caught you on hidden cam  [name]

what a stupid face you have here [name]

You look really stupid [name] 

 

 The links use a doubleclick redirect, and simply point to a file called “video.exe”:  

These spam runs are not new. They originate from the prodigious Srizbi botnet and have been going on in various forms for months.  We have reported on them previously here and here and here.  They are now a daily feature in our spam traps.  The volume of this specific campaign is significant - currently around 2-5% of total spam received.  (Note: The proportion of all spam originating from Srizbi is now over 50%, as you can see in our spam statistics.)

If “video.exe” is downloaded and executed, it will install the Srizbi bot, and effectively turn the computer into a spam machine capable of sending up to 25,000 spam messages per hour.

The style of attack is reminiscent of last year’s Storm “e-card” spam campaigns – large volume combined with simple social engineering.