According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.
Although they are introduced as marketing programs, they are actually spam programs. Thus, caution is advised to the users.
The PUP above is a spam program that automatically sends messages on a certain web portal. As shown in the program in Figure 3, it has features to set the sender account, receiver account, and the content of the message, and other features to change IP and schedule messages.
The code is designed to bypass the blocking of the service provider by changing IP and avoid the account from being blocked. The method of the code above aims to change IP in an environment that uses mobile network connected via USB, and there are other codes that attempt to bypass using VPN as well.
CAPTCHA is a technology built to block bots, program used for malicious purposes (e.g. continuously sending spam messages), on a web page. The PUP above also has a feature to bypass CAPTCHA. This feature sends CAPTCHA via a certain website instead of a self-developed code and uses the returned result value.
This PUP combines PC information and uses it as a serial value. The program is managed in a blog of the account that is suspected to be the developer, and the information above, including the names of the buyers, is disclosed on the blog.
The serial list of spam program buyers in Figure 7 shows that there are multiple users (individuals and companies) and that it was distributed until recently. Serial lists of PUP programs other than the spam program existed.
To send promotional information for commercial purposes, explicit consent by the receiver is required. This is clearly stated in the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, and thus such PUP program must not be used.
Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.