Six spam botnets around the world

Source: Internet
Author: User

 

Three weeks ago, mega-D's botnet was the world's largest spam source. Later, the malicious program ozdok behind mega-D was confirmed and immediately, mega-D's Control Server disappears for about 10 days. During that period, spam information from this botnet was almost zero.

Since then, Marshal has used their spam traps to detect more malicious programs used by spam senders. The latest distribution of spam sources is as follows.

With the disappearance of mega-D, srizbi has become the new spam master, accounting for 40% of the total spam mails in the world. Srizbi is known as a Spam Trojan. Recently, srizbi has been exceptionally rampant and sent a large number of links containing viruses. Research statistics show that srizbi is very hidden and runs at the kernel level, this allows sribzi to hide from network activity records and bypass sniffing tools. Sribzi has an interesting feature that sends continuous feedback to the control server to confirm which email addresses are correct and which are wrong.

Among other spam sources, rustock ranks second with 20% of its share. Rustock has been present for a long time in disguise and is famous for its powerful sending capabilities. Other major spam sending sources include hacktool. spammer (this spam source also has many aliases, such as spam-mailer); pushdo family (also known as pandex and cutwail), which is also known for its large-scale spam malicious program celebrity hooks; last, the notorious storm, ranked sixth.

It is worth mentioning that the size of botnets measured by the number of botnets is not proportional to the number of spam mails they send. As mongoal saw two weeks ago, the sending capabilities of mega-D's 35000 botnets far exceed those of storm's 85000 botnets. At the marshal lab, people found that the ability of different botnets to send spam varies significantly.

The relationships between different botnets are also intriguing. Mega-D is known for advertising male organ enlargement drugs, such as "gemadik" and "vpxl", which are branded by "express herbals" and "herbal King" (see name, like traditional Chinese medicine-translator). Then, mongoal recently found that there are at least four other botnets, srizbi, rustock, and hacktool. spammer and pushdo are also sending spam ads containing "express herbals" links. Apparently, the interest groups behind the scenes have penetrated into different botnets to convey their voices.

 

Http://www.marshal.com/trace/traceitem.asp? Article = 567, translated by 35 km and published on comsharp CMS official site team blog.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.