Skip to navigation
   
Davey Winder's Blog
RSS

Death, Taxes and Botnets

By Davey Winder in Editorial

Posted in Blog, Spam, Security, email, Internet on September 30, 2009 at 9:45 am

Permalink | Author Profile

If Benjamin Franklin were alive today I’m pretty sure he would amend his famous “…in this world nothing is certain but death and taxes” line to include botnets. Every single day, some 150 billion spam messages are distributed by botnets and, like death and taxes, no matter how hard we try nothing seems to be able to prevent botnet growth. Well, almost nothing.

With botnets now being responsible for some 88% of all global spam by volume, and the computers of those unsuspecting folk which contribute to the botnet collectives being at risk of an assortment of auxiliary security and privacy compromises, something has to be done. That much is obvious. According to the latest Symantec MessageLabs Intelligence Report, that something has been the closure of hosting outfits that it describes as ‘rogue Internet Service Providers’ such as McColo, PriceWert and Real Host. These closures came after a four month investigation by the Washington Post which forced the suppliers of their connectivity to take action.

At the time of the McColo takedown, late in 2008, the impact was felt almost immediately. IT Pro reported how during the first 12 hours following the pulling of the plug, spam volumes dropped by as much as 70%, and how those spam volumes remained low for a few weeks. However, within a month security researchers were seeing a steady climb in spam activity as the botnets found new homes for their command and control centres. By the start of this year, Mega-D had come back from the dead and was responsible for around half of all the spam flowing through security honeypots. Other botnet brands, if you can call them that, such as Cutwail and Srizbi have also hit that 50% figure at their peak.

But, as the new Symantec MessageLabs report reveals, botnet trends come and go like the seasons. Srizbi has vanished from the spamming scene entirely it would appear, and Mega-D has been shrinking in size so rapidly that it is now only one tenth as big as it was in June in terms of compromised computers. That does not mean that Mega-D is no longer a player, of course, in fact it is putting the bots it does have left to work at a far harder pace and is churning out spam at a rate per minute that can only be beaten by a relative newcomer called Bobax. depending on your point of view Bobax either sounds like a cuddly teddy bear or a nasty disease. I favour the latter, especially when the spam output per compromised computer is claimed to be the highest that MessageLabs has ever seen. Currently, Bobax is responsible for some 15.7% of all global spam by volume. That still falls short of another new name, Grum, which is apparently churning out 23% of global spam right now, having ramped up the output per bot significantly since the summer.

The largest botnet if measured by the number of compromised computers under its direct control would have to be Rustock, claiming anything up to 1.9 such PCs. In sheer botnet size terms it has grown to double what it was at the start of the summer. Yet in terms of actual spam output it is struggling against the competition. Researchers insist that what sets Rustock apart from the rest is the ‘highly automated cycle of spamming activity’ it displays, with spam output accelerating from 8am (GMT) and peaking at noon. The newest of the major botnets to watch is Maazben, a casino only spammer at the moment but one which is growing at a rapid rate (up from 0.5% of global spam to 1.4% in just a few weeks) recently without increasing the spam output. This suggests it could be getting ready for a move into other spamming markets soon.

“Over the past year, we have seen a number of ISP’s taken offline for hosting botnet activity resulting in a case of sink or swim and an ensuing shift in botnet power,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “This has undermined the power of the more dominant botnets like Cutwail and cleared the way for new botnets like Maazben to emerge. However, this won’t always be the case as botnet technology has also evolved since the end of 2008 and the most recent ISP closures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.”

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by ed hardy shoes - October 9, 2009 on 7:51 am

nice

Comment by links of london - November 4, 2009 on 10:09 am

good I like it

Trackback by Fernando Platero - February 9, 2012 on 7:20 am

will smith cd sales…

[…]have granted their choice just before Xmas but as the new yr methods it now seems to be […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

sick Amazon IT Apple Trojan technology Mobile Phones compromise policy HP VM Vista Sex millions office China Netbook digitise mail payment server Mafia Marketing IBM Sony virtual world DNS work iPhone worm social networking documentation Experiment Yahoo Research black hat Browsers outsourcing christmas credit crunch Russia acquisition OCR Top 500 students President fake Energy Parenting development Europe iPhone 3G Death Apps Twitter computing computer Deal Olympics copyright environment theft Cisco Tesco storage Performance computing Microchip size patch management Backlash world of warcraft web MSNBC family productivity Ballmer MiniBook Advertising Kill Switch VeriSign Spotify Steve Jobs worker Voice shopping services hubdub computers Obama iPod Meh OS support Study money iPad e-commerce EU stupidity ISPA network Google FBI hypervisor staffing Geeks debian service McKinnon Beta standards Project BOFH Gartner Web Development mobile fool hacker Internet Madness VPN Android books Gadget Dell Guardian Nexus payments innovation virtual machine Kin smartphone exploit data Enterprise ROFL encryption Eee PC management Facebook Palm printing archiving privacy Psion Retail survey Banned adware cloud Music Nintendo scareware Licensing credit card fraud security monetisation App Mars banking Top 10 Data Centre App Store terrorism Software politics Intel code Psychic disclosure admin broadband Health AMD transactional security Funny PS3 RATM botnet Children carbon copy poll Porn Trousers home Media Paris Hilton science Big Brother patent MessageLabs Notebooks Adobe Steve Ballmer earth hour Windows recession Hack The Federation Programming statistics Addiction Flash scan trust ID Theft Employment USA BSI Pirate ISP report Game spam gadgets Review Battery meme Internet Explorer Business fraud Noro Press virtualisation museum stupid console Networks NASA betting e Texting Windows 7 Acer prison dumb search Bill Gates Lotus NBC Election Analysis economy GSM global teleworking biometrics Finjan RAM Application gaming Army fun Patents news games migration Eee Linux holidays Rant ecommerce workplace Silverlight Google Earth IDC Harry Potter snooping banks man-in-the-middle web 2.0 tax economics InfoSec universe Developers nightmare Blog help Michael Jackson Zango virus XP School eBook CAPTCHA Education library SMS crime Texas Instruments linkedin Architecture Scotland hardware Recall campaign second life YouTube football Jesus Phone MSN iPhone 3GS Jobs law wifi tech surveys hacking Rumour data protection Windows Phone 7 Series memory HPC Mobile Phone parental control Government lawsuit chips GMail SSL Kaspersky Opinion desktop Video email Microsoft Digg xmas Conference remote graphics green phishing Johnny Depp malware Gateway Blogging Supercomputer rootkits Digital Footprint symantec hoax ASUS IP remote working Military spending Space information Browser Kindle Firefox open source scam avatar Palm Pre
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement