The Last Watchdog

on Internet security by Byron Acohido

Spam respite over — levels rising again

Posted on | January 14, 2009 | 1 comment

Major bot networks dedicated to the spreading of spam are once again thriving. This  new Symantec report documents how spam has been steadily creeping back up to its pre-November levels, accounting for upwards of 80% of all Internet traffic.

You may recall spam cratered spectacularly in mid-November after Washington Post reporter Brian Krebs wrote stories about how half of all spam routed through San Jose-based Web hosting service McColo.

Securityworks senior researcher Joe Stewart yesterday issued a report that says the temporary curtailing of McColo’s hosting services severely impacted two of the largest botnets, Rustock and Srizbi, causing spam traffic to fall 50% overnight, according to Symantec.   In his report, Stewart makes the case that botnets that did not rely on McColo  began, naturally enough, to send much more spam. joestewart

“This demonstrates the separation between botnet owners and spammers,” says Stewart. “The persons actually sending the spam are simply relying on the services of criminals who rent the botnet to them. Most of the top botnets have easy-to-use HTML-based interfaces, so moving from one spam system to another is incredibly easy, and we believe there was a migration of spammers from the spam botnets that were down to systems that were still up.”

Stewart provides sort of a player’s guide that describes the size and characteristics of the Top 10 spam spreading botnets. Collectively, the top botnets are capable of sending over 100 billion spams per day, he says. His report exposes two new botnets: Cimbot and Donbot, which Stewart descibes as the “swiss-army knife” of spam botnets.

–Byron Acohido

Bookmark and Share
Category: For consumers, For technologists, Imminent threats

Comments

1 Comment »

  1. Spam isn’t going to go away until people learn to stop buying goods advertised via spam, and stop clicking on unsolicited links and attachments.

    So err.. that’ll be never then. :-/

    The community that got McColo thrown off the internet deserve to be applauded.

    Even though in the future more botnets are unlikely to have a single point of failure, and so it will be harder to shut them down, it does set a precedent which will allow all of us on the “good side of the force” to pressure the companies doing business with the bad guys to think about the possible consequences.

    Comment by Graham Cluley, Sophos — 1/22/2009 @ 10:51 am

RSS feed for comments on this post.

Leave a comment

Search Last Watchdog

Navigate Last Watchdog