Skip to navigation
   
Davey Winder's Blog
RSS

Death, Taxes and Botnets

By Davey Winder in Editorial

Posted in Blog, Spam, Security, email, Internet on September 30, 2009 at 9:45 am

Permalink | Author Profile

If Benjamin Franklin were alive today I’m pretty sure he would amend his famous “…in this world nothing is certain but death and taxes” line to include botnets. Every single day, some 150 billion spam messages are distributed by botnets and, like death and taxes, no matter how hard we try nothing seems to be able to prevent botnet growth. Well, almost nothing.

With botnets now being responsible for some 88% of all global spam by volume, and the computers of those unsuspecting folk which contribute to the botnet collectives being at risk of an assortment of auxiliary security and privacy compromises, something has to be done. That much is obvious. According to the latest Symantec MessageLabs Intelligence Report, that something has been the closure of hosting outfits that it describes as ‘rogue Internet Service Providers’ such as McColo, PriceWert and Real Host. These closures came after a four month investigation by the Washington Post which forced the suppliers of their connectivity to take action.

At the time of the McColo takedown, late in 2008, the impact was felt almost immediately. IT Pro reported how during the first 12 hours following the pulling of the plug, spam volumes dropped by as much as 70%, and how those spam volumes remained low for a few weeks. However, within a month security researchers were seeing a steady climb in spam activity as the botnets found new homes for their command and control centres. By the start of this year, Mega-D had come back from the dead and was responsible for around half of all the spam flowing through security honeypots. Other botnet brands, if you can call them that, such as Cutwail and Srizbi have also hit that 50% figure at their peak.

But, as the new Symantec MessageLabs report reveals, botnet trends come and go like the seasons. Srizbi has vanished from the spamming scene entirely it would appear, and Mega-D has been shrinking in size so rapidly that it is now only one tenth as big as it was in June in terms of compromised computers. That does not mean that Mega-D is no longer a player, of course, in fact it is putting the bots it does have left to work at a far harder pace and is churning out spam at a rate per minute that can only be beaten by a relative newcomer called Bobax. depending on your point of view Bobax either sounds like a cuddly teddy bear or a nasty disease. I favour the latter, especially when the spam output per compromised computer is claimed to be the highest that MessageLabs has ever seen. Currently, Bobax is responsible for some 15.7% of all global spam by volume. That still falls short of another new name, Grum, which is apparently churning out 23% of global spam right now, having ramped up the output per bot significantly since the summer.

The largest botnet if measured by the number of compromised computers under its direct control would have to be Rustock, claiming anything up to 1.9 such PCs. In sheer botnet size terms it has grown to double what it was at the start of the summer. Yet in terms of actual spam output it is struggling against the competition. Researchers insist that what sets Rustock apart from the rest is the ‘highly automated cycle of spamming activity’ it displays, with spam output accelerating from 8am (GMT) and peaking at noon. The newest of the major botnets to watch is Maazben, a casino only spammer at the moment but one which is growing at a rapid rate (up from 0.5% of global spam to 1.4% in just a few weeks) recently without increasing the spam output. This suggests it could be getting ready for a move into other spamming markets soon.

“Over the past year, we have seen a number of ISP’s taken offline for hosting botnet activity resulting in a case of sink or swim and an ensuing shift in botnet power,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “This has undermined the power of the more dominant botnets like Cutwail and cleared the way for new botnets like Maazben to emerge. However, this won’t always be the case as botnet technology has also evolved since the end of 2008 and the most recent ISP closures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.”

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by ed hardy shoes - October 9, 2009 on 7:51 am

nice

Comment by links of london - November 4, 2009 on 10:09 am

good I like it

Trackback by Fernando Platero - February 9, 2012 on 7:20 am

will smith cd sales…

[…]have granted their choice just before Xmas but as the new yr methods it now seems to be […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Obama Psychic search management desktop Analysis wifi Recall iPod Browsers Browser eBook Government library Spotify virtual machine OCR Steve Jobs Business transactional security Harry Potter Banned family Health scareware nightmare survey technology stupidity School storage home Flash Parenting IP mobile Firefox FBI black hat phishing archiving Advertising iPad Texas Instruments social networking USA campaign remote computing Networks surveys President mail recession Microchip Palm virus law Blogging broadband EU snooping IBM Patents Video admin Texting virtualisation Scotland exploit poll Developers DNS XP Noro Hack Rumour smartphone Software GSM sick privacy symantec terrorism spam VPN prison Twitter Review Guardian ASUS hacking Pirate Children Android IT acquisition hypervisor size computer science YouTube worm Supercomputer console Web Development Marketing Tesco ISP parental control Programming web environment PS3 Press Enterprise Mobile Phones McKinnon ecommerce disclosure Sex Space ROFL Big Brother Top 10 Windows Silverlight staffing spending Michael Jackson RAM support MessageLabs Madness MSNBC Adobe Gateway OS Meh e-commerce Performance computing data protection compromise Kindle AMD theft Steve Ballmer App Store banking Windows Phone 7 Series earth hour Application Acer Game fraud Cisco payments linkedin Europe Internet network service Military monetisation Ballmer meme Geeks Jobs millions politics holidays SSL gaming economy graphics hoax report Nintendo MSN InfoSec Battery scam Kill Switch Facebook statistics carbon copy Death Opinion global MiniBook Digg Voice xmas IDC Retail iPhone 3G students christmas remote working NBC Amazon hubdub China hacker lawsuit encryption iPhone 3GS hardware Top 500 standards economics Rant shopping Google Zango Addiction Media cloud museum Palm Pre information computers outsourcing fake Music green iPhone Trojan dumb workplace worker teleworking digitise Conference botnet games Kaspersky Digital Footprint Experiment fun productivity Blog books services memory tax Notebooks Russia work email CAPTCHA SMS NASA Vista Mobile Phone Funny banks world of warcraft gadgets Project Paris Hilton web 2.0 Linux The Federation Eee Energy Yahoo avatar Finjan scan help VeriSign Army universe patch management App Gartner Employment e Google Earth Study Education betting Beta malware HP Dell Trousers Mafia Psion Porn news patent data ID Theft Internet Explorer tech Mars Sony payment server BSI Research Windows 7 credit crunch Architecture printing GMail rootkits Deal innovation BOFH football Election Lotus copyright policy Kin crime ISPA VM Bill Gates documentation development migration security office debian credit card fraud Olympics Data Centre man-in-the-middle RATM Johnny Depp money adware second life open source Nexus Gadget Intel Microsoft fool Backlash Licensing stupid Jesus Phone HPC trust Eee PC chips virtual world Apps code biometrics Netbook Apple
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement