Skip to navigation
   
Davey Winder's Blog
RSS

Death, Taxes and Botnets

By Davey Winder in Editorial

Posted in Blog, Spam, Security, email, Internet on September 30, 2009 at 9:45 am

Permalink | Author Profile

If Benjamin Franklin were alive today I’m pretty sure he would amend his famous “…in this world nothing is certain but death and taxes” line to include botnets. Every single day, some 150 billion spam messages are distributed by botnets and, like death and taxes, no matter how hard we try nothing seems to be able to prevent botnet growth. Well, almost nothing.

With botnets now being responsible for some 88% of all global spam by volume, and the computers of those unsuspecting folk which contribute to the botnet collectives being at risk of an assortment of auxiliary security and privacy compromises, something has to be done. That much is obvious. According to the latest Symantec MessageLabs Intelligence Report, that something has been the closure of hosting outfits that it describes as ‘rogue Internet Service Providers’ such as McColo, PriceWert and Real Host. These closures came after a four month investigation by the Washington Post which forced the suppliers of their connectivity to take action.

At the time of the McColo takedown, late in 2008, the impact was felt almost immediately. IT Pro reported how during the first 12 hours following the pulling of the plug, spam volumes dropped by as much as 70%, and how those spam volumes remained low for a few weeks. However, within a month security researchers were seeing a steady climb in spam activity as the botnets found new homes for their command and control centres. By the start of this year, Mega-D had come back from the dead and was responsible for around half of all the spam flowing through security honeypots. Other botnet brands, if you can call them that, such as Cutwail and Srizbi have also hit that 50% figure at their peak.

But, as the new Symantec MessageLabs report reveals, botnet trends come and go like the seasons. Srizbi has vanished from the spamming scene entirely it would appear, and Mega-D has been shrinking in size so rapidly that it is now only one tenth as big as it was in June in terms of compromised computers. That does not mean that Mega-D is no longer a player, of course, in fact it is putting the bots it does have left to work at a far harder pace and is churning out spam at a rate per minute that can only be beaten by a relative newcomer called Bobax. depending on your point of view Bobax either sounds like a cuddly teddy bear or a nasty disease. I favour the latter, especially when the spam output per compromised computer is claimed to be the highest that MessageLabs has ever seen. Currently, Bobax is responsible for some 15.7% of all global spam by volume. That still falls short of another new name, Grum, which is apparently churning out 23% of global spam right now, having ramped up the output per bot significantly since the summer.

The largest botnet if measured by the number of compromised computers under its direct control would have to be Rustock, claiming anything up to 1.9 such PCs. In sheer botnet size terms it has grown to double what it was at the start of the summer. Yet in terms of actual spam output it is struggling against the competition. Researchers insist that what sets Rustock apart from the rest is the ‘highly automated cycle of spamming activity’ it displays, with spam output accelerating from 8am (GMT) and peaking at noon. The newest of the major botnets to watch is Maazben, a casino only spammer at the moment but one which is growing at a rapid rate (up from 0.5% of global spam to 1.4% in just a few weeks) recently without increasing the spam output. This suggests it could be getting ready for a move into other spamming markets soon.

“Over the past year, we have seen a number of ISP’s taken offline for hosting botnet activity resulting in a case of sink or swim and an ensuing shift in botnet power,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “This has undermined the power of the more dominant botnets like Cutwail and cleared the way for new botnets like Maazben to emerge. However, this won’t always be the case as botnet technology has also evolved since the end of 2008 and the most recent ISP closures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.”

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by ed hardy shoes - October 9, 2009 on 7:51 am

nice

Comment by links of london - November 4, 2009 on 10:09 am

good I like it

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Music Finjan world of warcraft science copyright computing theft Noro RATM acquisition open source crime Supercomputer ID Theft Kindle policy Apps The Federation teleworking fake Paris Hilton workplace statistics Nintendo BOFH home Lotus graphics migration Parenting Cisco money Intel hacking stupid Palm Army parental control ISP Flash scareware credit crunch Johnny Depp Notebooks help web Guardian hypervisor hoax Gateway remote working service snooping Facebook admin productivity Hack Microchip recession Space network Gadget OCR symantec IDC Texas Instruments Kill Switch Web Development size HP MiniBook Analysis Top 10 green Advertising Nexus chips phishing campaign family Russia exploit Obama fun storage MSNBC patch management Rumour report innovation Gartner news Backlash Mafia Employment Opinion development technology wifi BSI Mobile Phones debian payment server Linux Twitter GMail VPN Vista Blog iPhone 3G VM desktop Meh Tesco Top 500 Digg staffing tax lawsuit Jobs hardware web 2.0 Palm Pre sick Experiment Rant ISPA Europe Media stupidity computers ecommerce Voice documentation Developers search Amazon books eBook Government Porn biometrics Big Brother compromise patent Michael Jackson printing scan earth hour gaming broadband carbon copy outsourcing Silverlight Sony Education office Death MSN RAM Windows 7 Windows Phone 7 Series Software ASUS archiving email School Psion Research Harry Potter Digital Footprint spending Children Performance computing Zango politics iPad EU Video console privacy Licensing China MessageLabs Google USA Yahoo Mars dumb Olympics Banned survey Eee PC Military Android security data protection Project man-in-the-middle remote Application mail virus museum rootkits scam standards banking ROFL OS Funny PS3 Press cloud Pirate management Business memory information Battery iPhone 3GS millions Acer Jesus Phone digitise Enterprise Internet Explorer prison Kin hubdub malware iPhone universe HPC Microsoft services App hacker Election virtual machine Browsers Study XP SSL law social networking DNS Spotify second life worm Geeks virtualisation worker banks Psychic students mobile Trojan NASA GSM football VeriSign Internet Steve Ballmer shopping Networks FBI virtual world Architecture terrorism spam e Netbook transactional security games Data Centre Google Earth Kaspersky Marketing computer Addiction smartphone fraud surveys data Mobile Phone CAPTCHA meme nightmare Scotland Recall economics e-commerce Madness Sex holidays Texting Deal Energy IBM disclosure NBC Programming McKinnon code betting botnet Health Ballmer Review President Bill Gates Eee Patents Trousers credit card fraud black hat Dell linkedin encryption global poll work trust Conference Beta support SMS Game environment xmas Firefox fool avatar iPod economy christmas payments AMD library Retail Apple adware YouTube App Store Blogging InfoSec Windows IT Browser IP Steve Jobs Adobe tech monetisation gadgets
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement