The research team at Verint, an Israeli security firm has recently discovered a new, unknown but most importantly active version of the Torte botnet malware.
Dubbed SpamTorte 2.0, Verint has claimed it is a powerful, multi-layered Spambot (Spam Botnet) that is capable of running large-scale, efficient spam campaigns while cleverly masking itself to avoid detection.
According to Verint, the new version of SpamTorte includes multiple C&C servers compromised due to vulnerable Joomla / WordPress extensions, use of thousands of spam mailers, and updates to both the size and cookie structure of the malware itself.
As well as these changes, Verint has said that the threat actors have made multiple changes to enable more efficient malware campaigns - the attacks can be better orchestrated and more bots can be managed simultaneously.
Verint points out that the group behind this operation has thousands of compromised Mailer bot servers (compromised websites), which distribute spam messages. Each distribute a different piece of the spam message (email address, email content and the mailer URL).
The size of this ongoing spam operation is definitely worth taking notice of and understanding.
A spokesperson for Verint told SCMagazineUK.com: “The fact that this is such a widespread operation that is employing more advanced techniques both to hide itself and to cause damage is just another example of the ongoing evolution of the cyber landscape.”
SpamTorte is a spambot that has been around since 2014. It is a multi-layered, decentralised, and widely distributed botnet that attackers have used to launch coordinated brute-force spamming campaigns. It was originally named “Torte” due to its structure resembling a multi-layered cake.