KEY POINTS:
A handful of botnets are responsible for 85 per cent of spam, according to web security experts.
Marshal's TRACE team, which monitors spam, phishing and virus activity around the world, has identified the six botnets that it says are sending the bulk of spam.
Botnets are virtual networks of private computers that are secretly controlled and used to distribute malware or viruses to other machines. Owners of such infected machines are almost never aware their computers are being used maliciously.
The Mega-D botnet, which was the top spammer early last month before disappearing off the radar, has now resurfaced, with a massive 35,000 machines under its control.
"This week, Mega-D returned again to represent 21 per cent of spam after a 10-day period of inactivity," explains New Zealand-based Bradley Anstis, Marshal's VP of products.
"Owing to the break, Mega-D only accounted for an average of 11 per cent of spam during February. At its peak last month, it was responsible for a third of all the spam we caught in our spam traps.
"While recent publicity spooked the Mega-D spammers into taking their control servers offline, they have now clearly re-established themselves elsewhere."
Top botnet is now Srizbi, which is distributing a massive 39 per cent of spam using what Anstis describes as "advanced and extremely stealthy malware".
"Lately, Srizbi has been particularly active in attempting to spread itself through spam campaigns using celebrities as lures," he said."
The Rustock botnet is in second place, followed by Mega-D. Other significant nets identified by Marshal TRACE are Hacktool Spammer (also known as Spam-Mailer) and Pushdo (also Pandex and Cutwail).
Some botherders are controlling more than one botnet, Anstis believes, after the other main spammers have sent mail containing links to a web page usually contained in Mega-D spam.
Mega-D is well known for concentrating on so-called male enhancement products with names like 'Megadik' or 'VPXL' and brands like 'Express Herbals' and 'Herbal King'.
Marshal reports that other botnets - including Srizbi and Pushdo - have been simultaneously sending spam with links to the same web page.
"It appears the spammers behind this campaign have access to more than one botnet to distribute their messages," said Anstis. "It's also a possibility that one group controls more than one of these botnets".
The infamous Storm botnet, which is estimated to control 85,000 machines, is currently responsible for only three per cent of spam.
"The size of a botnet, measured by how many bots it has, does not necessarily correlate with how much spam it sends," Anstis says.
- NZ HERALD STAFF
