It is important for malware authors to keep a solid network connection between their malware on compromised computers and their own servers so that the malware can receive commands and be updated. However, communication between the malware and the malware servers may be filtered by a gateway or local firewall, or blocked by an intrusion prevention system (IPS). Consequently, malware authors try to find more secure methods of providing communication between the malware and the servers. For example, I wrote a blog last November detailing how Backdoor.Makadocs uses the Google docs viewer function as a proxy to maintain a solid connection between the malware and its servers. More recently, I discovered a Trojan horse that uses Sender Policy Framework (SPF), which is an email validation system designed to prevent email spam, to achieve the same goal.
read more..........http://www.symantec.com/connect/blogs/trojan-horse-using-sender-policy-framework?goback=%2Egmp_115855%2Egde_115855_member_208527707
read more..........http://www.symantec.com/connect/blogs/trojan-horse-using-sender-policy-framework?goback=%2Egmp_115855%2Egde_115855_member_208527707