NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0492 Spam-Botnet Statistics:
With a current collective capacity for sending more than 100 BILLION spams per day,
template-based spam botnets are yet capable of even greater efficiency, according to
a recently released study by SecureWorks, a large managed security services provider.
Whiel the Storm botnet has faded to only a fraction of its former self with 85,000 bots
(only 35,000 of which send email), a botnet dubbed Srizbi now maintains the top spot
both in terms of number of bots - 315,000 - and spamming capacity - 60 BILLION spams/day.
The Bobax botnet is probably the longest-lived of the template-based spamming botnets
and ranks number two in number of bots with 185,000. Ozdok/Mega-D is still realtively
small in numbers (35,000) but makes up for its diminutive size with aggressive amounts
of spam sent per bot giving it capacity for 10 BILLION spams/day, according to SecureWorks.
In the last four years, botnets used for sending spam - spambots - have made a transition from
proxy-based spamming to template-based spamming. Proxy-based spam botnets, such as Sobig
(circa 2003) gave spammers the ability to disguise their origin by proxying through infected
hosts, but they had to expend a lot of resources maintaing banks of machines and network
connectivity to pump spam through the proxy servers day and night. In addition, the
introduction of consumer-level network address translation routers caused many of these proxies
to be unreachable from the internet because the infected computers had personal intranet
(RFC 1918) IP addresses.
Around 2004 we saw the first template-based spamming botnets, designed to solve these problems.
By sending bots a spam template along with a list of email addresses, the work, and wait, of
connecting to remote mail servers could be offloaded to each individual bot. With the switch
to a template-based system, spam botnet efficiency increases exponentially.
One template-based botnet (Warezov/Stration/Opnis), which was a major player six months ago,
has completely dropped off the radar. Warezov was known for sending Chinese pump-and-dump stock
spam. The demise of this botnet coincided with the time frame when spam kingpin Alan Ralsky was
arrested and charged, among things, with sending pump-and-dump stock spam for Chinese companies.
(www.secureworks.com 08APR08)