April 22, 2009, 5:25 PM — Some bot-infected PCs can crank out as many as 25,000 spam messages per hour, new research released Wednesday claimed.
California-based Marshal8e6 deliberately infected machines in the lab of its research arm, TRACElabs, with the malware responsible for the world's nine biggest spam botnets, then observed the PCs' behavior, including each bot's top-end spam capacity.
"One of the our objectives over the past few years has been to emphasize the dominant role that a handful of key botnets play in the spam we see today," said Phil Hay, a senior threat analyst with TRACElabs, in an e-mail today.
TRACElabs concluded that Rustock and Xarvester, the latter perhaps linked to the down-and-out Srizbi botnet, are the most efficient spam-spewers of the nine bots. Each is capable of sending up to 25,000 messages per hour, or 600,000 per day, and 4.2 million per week.
The next-most effective spam bot, said TRACElabs, is Mega-D, one of the bots that took advantage of the November 2008 takedown of McColo Corp., a hosting company that harbored the command-and-control servers for several big botnets, including Srizbi and Rustock.
When McColo's connection to the Internet was severed by its upstream providers -- in large part because of investigative work done by security researchers such as Joe Stewart, director of SecureWorks Inc.'s counterthreat unit -- spam volumes plunged as botnet controllers couldn't tell hijacked PCs what to do. Since then, however, spam has essentially returned to pre-McColo levels as a bot master resuscitated damaged botnets or unaffected botnets picked up new spamming customers, and thus the slack.
Some well-known names rated relatively low on TRACElabs' list. Waledac, which analysts have said is a successor to 2007-08's Storm bot, was recently in the news when it was installed by PCs infected with the Conficker worm. The botnet can cough up 7,000 messages an hour, or 168,000 a day.
According to TRACElabs, Rustock bots were responsible for 26% of the spam generated in the first quarter of 2009, with Mega-D and Pushdo not far behind at 22% and 18%, respectively. The other efficient bot -- Xarvester -- held fourth place, accounting for just 8% of all spam.
Today's revelations aren't the first to note that some botnets are far more efficient at spamming than others. In a botnet census he conducted a year ago this month, SecureWorks' Stewart said that Srizbi -- later the biggest loser in the McColo takedown -- was capable of delivering 60 billion spam messages per day.
