A botnet created by a trojan virus is sometimes referred to as SpamThru.

According to the Don’t Bounce Spam organization, spammers have become very sophisticated in the way they manage their botnets , and the SpamThru Trojan is the leading example. In at least one case the botnet consisted of over 73,000 computers.

SpamThru operates by using a peer-to-peer configuration, but all bots report to a central control server. The bots are separated into different server ports, depending on which variant of the trojan is installed. The bots are further segmented into peer groups of no more than 512 bots. This keeps the exposure overhead involved in exchanging information about other peer connections to a minimum. The SpamThru controller keeps statistics on the country of origin of all bots in the botnet.  The SpamThru controller also keeps statistics on what version of Windows each infected client is running, down to the service pack level.  The SpamThru bot also has the capability to scan the system for other malware on a system.  Imagine the intelligence of people who take the time to develop this type of sophisticated software, which is used for a very foolish purpose.

SpamThru uses a few registry keys to keep its hold on the system. It uses the classic HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun key in order to launch at startup, but also tries to start from HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler and SOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad, just in case the Run key is removed.

The SpamThru spammer has general lists of millions of email addresses. The SpamThru bot remote-control mechanism is designed to harvest email addresses from hard drives of infected systems. This gives the spammer a powerful advantage of being to reach individuals who never published their email address on the Internet or have given it out only to people they know.

With this type of botnet spammers are to develop targeted email address  lists. They accomplish this by hacking into smaller investment news websites and other ecommerce sites. Then the spammers downloading the customer database.

Armed with this information, administrators must be ever vigilant in protecting our email user community from our spammer foes.  It coninues to be an never ending battle.