📚 Spambot Checks Spam Blacklists for the Victim's IP to Avoid Wasting Its Time

Malware keeps getting clever and clever, and one trick that's worth mentioning is one discovered by the researchers at Palo Alto's Unit42 research team, who recently uncovered a spambot that checks if the infected victim's IP is included in a spam blacklist before using the PC to send out unwanted emails. The tactic is clever and devilish at the same time and shows why fighting spam is a 24/7 job, not just a one-time duty. The malware in question is named Sarvdap, a generic term given by Microsoft to a broad set of malware variants used for transforming regular PCs into spambots. Sarvdap part of the Andromeda botnet Palo Alto says it detected this Sarvdap variant distributed by the group behind the ancient Andromeda botnet, and they used it to spread pharma spam and the Andromeda malware itself, in order to ke... ...