Security experts have discovered new spambot software that installs its own pirated version of Kaspersky AntiVirus for
WinGate to eliminate competition and a number of other sophisticated features. That version of anti-virus software is customised to skip files known to be part of SpamThru itself, naturally. To make sure that detection by the major vendors is avoided by frequently updating the code.

SpamThru is a Trojan that turns a system into part of a network of bots designed to send out spam (bot-net). With help of such bot-net it is able to create a lot of attacks such as: DDOS (Distributed Denial Of Service), mass spamming and capturing sensitive data. The main goal of SpamThru is a money-making operation by sending spam.

It uses a custom peer-to-peer protocol to control communication with the network, which makes the bot network harder to kill. Control is still maintained by a central server, but in case the control server is shut down, the spammer can update the rest of the peers with the location of a new control server, as long as he/she controls at least one peer. Each client has its own spam engine, creating spam from a template that's transmitted using AES encryption to avoid giving access to competing spammers.

Source: By Matthew Broersma, Techworld, http://www.techworld.com/