Your spam, courtesy of 6 botnets

Three weeks ago we noted the Mega-D botnet was the leading source of spam. What a difference three weeks can make! In that time, the malware behind Mega-D was identified as Ozdok. Subsequently, we also posted that the Mega-D control servers went offline for around ten days during which time spam from this pesky botnet dropped to zero.

Since then, we have also identified more of the malware behind other leading spam types that we receive in our TRACE spam traps. So what does the spambot picture look like now? Here are our statistics for February:

With the impact on Mega-D’s operations, Srizbi has now taken over as the leader of the spam pack responsible for nearly 40% of spam. Srizbi is well known as a spamming Trojan, and an advanced one at that. As we reported here, lately Srizbi has been particularly active in distributing spam with URLs that link to websites hosting more copies of the spambot. Analysis of Srizbi indicates it is extremely stealthy, operating in full kernel mode, which, among other things, allows it to hide its network activities and bypass sniffer tools. One interesting thing we noticed about Srizbi is that it provides continuous feedback and statistics to control servers about which email addresses were good, and which were bad. (link)

Advertisements

0 Responses to “Your spam, courtesy of 6 botnets”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express


%d bloggers like this: