One bot-infected PC = 600,000 spam messages a day
Some bot-infected PCs can crank out as many as 25,000 spam messages per hour, new research released Wednesday claimed.
California-based Marshal8e6 deliberately infected machines in the lab of its research arm, TRACElabs, with the malware responsible for the world's nine biggest spam botnets, then observed the PCs' behavior, including each bot's top-end spam capacity.
"One of the our objectives over the past few years has been to emphasize the dominant role that a handful of key botnets play in the spam we see today," said Phil Hay, a senior threat analyst with TRACElabs, in an e-mail today.
TRACElabs concluded that Rustock and Xarvester, the latter perhaps linked to the down-and-out Srizbi botnet, are the most efficient spam-spewers of the nine bots. Each is capable of sending up to 25,000 messages per hour, or 600,000 per day, and 4.2 million per week.
The next-most effective spam bot, said TRACElabs, is Mega-D, one of the bots that took advantage of the November 2008 takedown of McColo Corp., a hosting company that harbored the command-and-control servers for several big botnets, including Srizbi and Rustock.
When McColo's connection to the Internet was severed by its upstream providers -- in large part because of investigative work done by security researchers such as Joe Stewart, director of SecureWorks Inc.'s counterthreat unit -- spam volumes plunged as botnet controllers couldn't tell hijacked PCs what to do. Since then, however, spam has essentially returned to pre-McColo levels as a bot master resuscitated damaged botnets or unaffected botnets picked up new spamming customers, and thus the slack.
Some well-known names rated relatively low on TRACElabs' list. Waledac, which analysts have said is a successor to 2007-08's Storm bot, was recently in the news when it was installed by PCs infected with the Conficker worm. The botnet can cough up 7,000 messages an hour, or 168,000 a day.
According to TRACElabs, Rustock bots were responsible for 26% of the spam generated in the first quarter of 2009, with Mega-D and Pushdo not far behind at 22% and 18%, respectively. The other efficient bot -- Xarvester -- held fourth place, accounting for just 8% of all spam.
Today's revelations aren't the first to note that some botnets are far more efficient at spamming than others. In a botnet census he conducted a year ago this month, SecureWorks' Stewart said that Srizbi -- later the biggest loser in the McColo takedown -- was capable of delivering 60 billion spam messages per day.
Computerworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
spam
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
