Skip to navigation
   
Davey Winder's Blog
RSS

Death, Taxes and Botnets

By Davey Winder in Editorial

Posted in Blog, Spam, Security, email, Internet on September 30, 2009 at 9:45 am

Permalink | Author Profile

If Benjamin Franklin were alive today I’m pretty sure he would amend his famous “…in this world nothing is certain but death and taxes” line to include botnets. Every single day, some 150 billion spam messages are distributed by botnets and, like death and taxes, no matter how hard we try nothing seems to be able to prevent botnet growth. Well, almost nothing.

With botnets now being responsible for some 88% of all global spam by volume, and the computers of those unsuspecting folk which contribute to the botnet collectives being at risk of an assortment of auxiliary security and privacy compromises, something has to be done. That much is obvious. According to the latest Symantec MessageLabs Intelligence Report, that something has been the closure of hosting outfits that it describes as ‘rogue Internet Service Providers’ such as McColo, PriceWert and Real Host. These closures came after a four month investigation by the Washington Post which forced the suppliers of their connectivity to take action.

At the time of the McColo takedown, late in 2008, the impact was felt almost immediately. IT Pro reported how during the first 12 hours following the pulling of the plug, spam volumes dropped by as much as 70%, and how those spam volumes remained low for a few weeks. However, within a month security researchers were seeing a steady climb in spam activity as the botnets found new homes for their command and control centres. By the start of this year, Mega-D had come back from the dead and was responsible for around half of all the spam flowing through security honeypots. Other botnet brands, if you can call them that, such as Cutwail and Srizbi have also hit that 50% figure at their peak.

But, as the new Symantec MessageLabs report reveals, botnet trends come and go like the seasons. Srizbi has vanished from the spamming scene entirely it would appear, and Mega-D has been shrinking in size so rapidly that it is now only one tenth as big as it was in June in terms of compromised computers. That does not mean that Mega-D is no longer a player, of course, in fact it is putting the bots it does have left to work at a far harder pace and is churning out spam at a rate per minute that can only be beaten by a relative newcomer called Bobax. depending on your point of view Bobax either sounds like a cuddly teddy bear or a nasty disease. I favour the latter, especially when the spam output per compromised computer is claimed to be the highest that MessageLabs has ever seen. Currently, Bobax is responsible for some 15.7% of all global spam by volume. That still falls short of another new name, Grum, which is apparently churning out 23% of global spam right now, having ramped up the output per bot significantly since the summer.

The largest botnet if measured by the number of compromised computers under its direct control would have to be Rustock, claiming anything up to 1.9 such PCs. In sheer botnet size terms it has grown to double what it was at the start of the summer. Yet in terms of actual spam output it is struggling against the competition. Researchers insist that what sets Rustock apart from the rest is the ‘highly automated cycle of spamming activity’ it displays, with spam output accelerating from 8am (GMT) and peaking at noon. The newest of the major botnets to watch is Maazben, a casino only spammer at the moment but one which is growing at a rapid rate (up from 0.5% of global spam to 1.4% in just a few weeks) recently without increasing the spam output. This suggests it could be getting ready for a move into other spamming markets soon.

“Over the past year, we have seen a number of ISP’s taken offline for hosting botnet activity resulting in a case of sink or swim and an ensuing shift in botnet power,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “This has undermined the power of the more dominant botnets like Cutwail and cleared the way for new botnets like Maazben to emerge. However, this won’t always be the case as botnet technology has also evolved since the end of 2008 and the most recent ISP closures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.”

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by ed hardy shoes - October 9, 2009 on 7:51 am

nice

Comment by links of london - November 4, 2009 on 10:09 am

good I like it

Trackback by Fernando Platero - February 9, 2012 on 7:20 am

will smith cd sales…

[…]have granted their choice just before Xmas but as the new yr methods it now seems to be […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

eBook Scotland Noro Porn HPC Hack Windows 7 Intel ecommerce biometrics Music Palm Europe IT MSNBC The Federation mail computing Kaspersky FBI payment server symantec Psion Gadget help gadgets Sony dumb virtual world Addiction hypervisor CAPTCHA second life Michael Jackson hacking Children Lotus monetisation Twitter environment remote Eee size carbon copy spam holidays mobile Google betting Game Kin hoax documentation Zango management shopping Mars iPhone Parenting Windows iPod Netbook credit card fraud Licensing Blog teleworking admin SMS adware scareware Nexus Bill Gates books Silverlight chips Recall McKinnon BSI Paris Hilton green School fun money virtual machine Big Brother BOFH Internet Explorer Web Development privacy Performance computing Nintendo EU Voice earth hour politics standards Military stupid museum linkedin terrorism payments data protection GSM Windows Phone 7 Series science Backlash economics archiving Election information Flash survey hacker Olympics students Banned workplace SSL Rant Data Centre RAM Top 500 prison sick ISP Android patch management App Store Apple family Review Programming Ballmer Browser world of warcraft Jobs Madness phishing migration exploit recession virtualisation outsourcing services Notebooks credit crunch campaign gaming graphics Research Amazon security scan remote working code service Mafia Architecture Health printing Jesus Phone data IBM Digg Cisco malware Tesco universe fake RATM XP Gateway ISPA law Business Guardian IP surveys Mobile Phone trust football tax technology Blogging GMail compromise Facebook Linux Funny desktop IDC e Harry Potter global black hat Supercomputer Pirate Microsoft botnet iPhone 3GS ID Theft storage Geeks OCR debian China worm stupidity support Johnny Depp President social networking worker Finjan Steve Jobs poll broadband Palm Pre Rumour ASUS Army Firefox Study Advertising AMD Psychic Software wifi Top 10 hubdub Obama computers VeriSign Gartner avatar games Press fool crime Developers parental control acquisition computer scam Space millions Kindle Spotify meme Education Opinion Texas Instruments HP office Texting patent search fraud Mobile Phones virus NASA report Vista Conference Apps InfoSec Google Earth home smartphone Trousers open source Internet xmas Marketing hardware theft transactional security Trojan spending Death economy Video Enterprise copyright Government Digital Footprint NBC cloud Acer staffing Retail Deal Beta Dell Microchip YouTube web DNS VM man-in-the-middle rootkits VPN Eee PC Meh Steve Ballmer network Experiment Employment email Kill Switch encryption Sex Battery work Patents digitise Russia statistics Analysis Networks iPad USA productivity snooping OS Adobe console Media banking MessageLabs banks innovation disclosure App news Yahoo tech lawsuit e-commerce MSN web 2.0 Project iPhone 3G Energy development Browsers memory policy ROFL PS3 nightmare MiniBook christmas Application library
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement