In association with heise online

03 March 2008, 09:09

Six botnets responsible for nearly all spam

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Eighty five per cent of spam comes from just six different bot networks, according to research just published by network security provider Marshal. The Marshal analysis identifies "Srizbi" as the largest such network. It is now responsible for 39 per cent of all spam – almost twice the proportion found a few weeks ago. Srizbi is apparently extremely active and keeps growing its bot network by including links to infected websites in the spam it distributes.

The size of a bot network apparently has little correlation with its activity. Marshal found that Mega-D's estimated 35,000 drones are responsible for 11 per cent of all spam e-mails, while the Storm network only generates 2 per cent even though it has 85,000 drones. Marshall says there is a big difference between the speed at which various bot networks pump spam into the internet. It is practically impossible to count drones with accuracy, so estimates are subject to wide tolerances. Although Eastern Asia is generally considered to be a major source of spam, Marshal put the US at the top of its country ranking with a 12 per cent share. Analysed by continent, Asia only came in second; Europe has the dubious privilege of taking first prize.

If Marshal's analysis is representative, the well known Storm worm network, which once again made headlines on Valentine's Day, has fallen too far behind now to even contend for first place. One reason may be that Microsoft's Malicious Software Removal Tool reportedly detects and eliminates the Storm network client. Nonetheless, the total volume of spam has hardly changed as bot network operators continue to come up with new versions of their malware to circumvent protection measures.

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-734381
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit