I never liked zombies, or daleks and cybermen for that matter, because they were relentless in their attacks. At least vampires tended to be solitary creatures with well defined weak spots. Zombies, although a bit slow and stupid and vulnerable to simple decapitation, hunted in packs. That’s what scared me as a kid, and scares me as an IT security geek.

Let me explain.

Those of you who have been following my writings here on IT Pro over the years will know that:

1. 90% of your email by volume is actually spam-ridden crap, whether you get to see it or it or it gets filtered out the fact remains that only 10% of what is sent to you is not crap.
2. Most of that spam gets pushed in your direction not from China, or whichever eastern European nation is flavour of the month with the crime bosses at the moment, but from the good old US of A. That said, Europe is the most spammy continent according to those who know about such things.
3. And spambots are the tech equivalent of the living dead. As long as they have a steady supply of link-clicking idiots to satisfy their hunger (and, frankly, there really is no shortage) the spambot army will continue to march ever onwards.

According to the Dell SecureWorks Counter Threat Unit there is “an overall maturation to the spambot ecosystem” which has meant fewer new spambot families emerging but development continuing at a pace which corresponds to the “size of the botnet and the volume of spam sent by each”. Spambots are, in other words, evolving and not being killed off as some reports have suggested during the last couple of years.

Currently the ‘leading’ spambots would appear to be Rustock with around a quarter of a million bots working away, Cutwail with 100,000, Lethic on 75,000, Grum with 65,000, Festi on 60,000 and bringing up the rear Maazben with 30,000 bots. But the Dell SecureWorks Counter Threat Unit warns that these are only the big names, following in their evolutionary footsteps are many smaller spambots comprised of between 5,000 and 30,000 bots each.

You might think that is good news this following pack appear to have hit something of a growth peak and now remain static in size, or are even shrinking when it comes to the number of bots they are made up from. The truth is just the reverse, with smaller botnets being seen by many criminals as easier to operate under the radar and so less likely to get caught and stopped. Not to mention being cheaper to establish and operate. yes, even crime gangs are feeling the recessionary pinch.