Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam

Stony Stevenson writes "The new Mega-D Botnet has overtaken the notorious Storm worm botnet as the largest single source of the world's spam according to security vendor Marshal. This botnet currently accounts for 32 percent of all spam, 11 percent more than the Storm botnet which peaked at 21 percent in September 2007. It started about 4 months ago but has been steadily increasing since then. It is also using news headlines to trick victims into opening the spam, a technique synonymous with the Storm worm."

Using Headlines to Trick People Into Clicking

[tomhudson (43916)]

"Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam - using headlines to trick people into clicking"

It must work - I clicked on this article ...

Re:

[Amorymeltzer (1213818)]

Oh god... Taco, What have you done?!

Re:

[utopianfiat (774016)]

Moreover the headline sounds more like a sci-fi cyberpunk b-movie
"Mega-D Botnet Overtakes Storm the Movie"

imagine what they could do...

[Cyko_01 (1092499)]

...if they were to work together against a common enemy!

Re:

[kramulous (977841)]

Except the compromised machines are probably the same ones.

Nothing!

[QuickFox (311231)]

"Mega-D botnet"? Pffft! That's nothing compared to the latest ship-and-anchor technology!

Re:

[qkslvr846 (925002)]

I'm going to get dekarma'd but that was simply brilliant humor. My chair nearly capsized.

Re:

[by Anonymous Coward]

I believe that is called a "dragnet"

Hmm

[rakuen (1230808)]

So what's the end goal? A botnet that accounts for 99.9% of all spam? Not that that would necessarily be all bad; at least then we'd be able to unite our ire against one entity.

Spam? What's that?

[Stochastism (1040102)]

I don't quite get the spam thing anymore. It's solved. Spam is not annoying any more. Just use one of the big free email providers and you get relatively little spam. Even most corporations do a reasonable job with 3rd party spam filters. Sure, you still get it, but it's not annoying if it's a trickle.

Don't want to use a web interface? No problem, just get the free email service to fetch your mail, then download your filtered email by POP or IMAP. Okay, there's only one provider I know that lets you do that for free, but it probably has the best spam filtering too.

So you say all this spam is clogging up bandwidth? Well I bet it's still nothing compared with the bandwidth consumed by file sharing and video web sites. The economics of spam is changing, with fewer results per email sent, and more jail time per email sent, I reckon you'd have to be nuts to be a spammer these days.

Phishing on the other hand.. now that's bad.

Re:Spam? What's that?

[chromatic (9471)]

Spam is not annoying any more.... So you say all this spam is clogging up bandwidth? Well I bet it's still nothing compared with the bandwidth consumed by file sharing and video web sites.

I bet you've never run a mail server.

Re:Spam? What's that?

[ScrewMaster (602015)]

Spam is not annoying any more.... So you say all this spam is clogging up bandwidth? Well I bet it's still nothing compared with the bandwidth consumed by file sharing and video web sites.

It's not? You might lose that bet.

I bet you've never run a mail server.

I doubt he has either. My bandwidth logs show that several hundred megabytes of crap hits my network every day, and that's just what is allowed past the firewall. I don't really know how much other stuff is coming at my IP, because it's blocked. The amount of spam is really unbelievable, though, and it's pretty much just a continuous unauthorized consumption of my paid-for resources that does me no good at all. I also get unending attacks on my FTP and other remote services, constant port scans and worm penetration attempts. All that does is clog my pipe, and eats ISPs profit margins.

Besides, torrents and video sharing sites are services that benefit the end user. Regardless of whether people like the GP believe that people are paying their ISPs enough for them, they don't claim vast amounts of bandwidth in order to sell a few thousand bottles of fake Viag!ka and make a few dozen people wealthy. The cost/benefit ratio of bit torrent is quite a bit better than that of spam, I'd say.

+1

[toadlife (301863)]

If spam went away, everyone except for the largest email providers could run their MTAs on old surplus pentium 100s...and mail would flow very quickly.

Re:Spam? What's that?

[rakuen (1230808)]

It's ridiculous to think that mail parsers mean spam is conquered. If it was, then the Mega-D botnet wouldn't have even gotten out the door. Yet it has. Until people are educated to avoid spam, it will never be conquered. And the lack of education is evident because this botnet easily contains a plurality of all spam messages.

Re:

[QuantumRiff (120817)]

If its solved, why did I just have to spend several thousand dollars of taxpayer money to purchase an appliance to combat spam. Were blocking a few dozen thousand messages a day. We don't give students email addresses, just for the 80 or so full time staff. Being a school, we could have used that several thousand dollars to do something that would enhance the learning of our students, like purchase Photo shop for our labs, Or upgrade some computers, or even gotten a few more Mb/s on our internet pipe. Bu

Re:

[Khyber (864651)]

Gmail has been out of beta as far as I can tell. The only 'beta' stuff about Gmail are the new features being implemented.

Re:Spam? What's that?

[SL Baur (19540)]

I don't quite get the spam thing anymore. It's solved.

I'll bet that you've never had an important message bounced or misfiled as SPAM and I'm sure you have never run a mail server.

SPAM is the biggest internet problem and has been for a long time and just keeps getting bigger. Whether you see it or not, I guarantee you, you are paying for it.

Re:Spam? What's that?

[totally bogus dude (1040246)]

Just to add to QuantumRiff's sentiments, calling spam "solved" by spam filters is like calling world wide conflicts "solved" by the arms race. Spam is only a trickle for you because many people spend a lot of time/money (and I mean, a lot) developing and purchasing anti-spam software and hardware. This stuff is under constant development to keep up with the latest techniques used by the spammers. This is similar to how the current state of superpower militaries keeps the peace; large-scale wars of aggression aren't viable at the moment. But this balance of power could shift pretty quickly, for example if someone has a major technological breakthrough that they're able to exploit before anyone else.

Even if we are able to keep up the pace of anti-spam technological improvements indefinitely, it's still a massive waste of resources. The spam problem just shouldn't exist. Sure we do get some dividends in terms of research into natural language parsers and the other techniques being used to automatically classify messages, but most of the people doing this could be doing more productive things with their time.

In the end I think it will only be solved when we solve the botnet problem, but it doesn't look like that's going to happen any time soon.

P.S. If you're trying to argue that something is "solved", it's usually a bad idea to also admit that there's only one provider of a viable solution (i.e. pop3/imap spam-free email) in the entire world. That's not a "solution", that's "an invitation to charge us whatever you wish for your service". Also free providers are a bad fit for businesses: using gmail or other free providers for your corporate email address makes your company look a bit cheap; not to mention the privacy issues.

P.P.S. You might find a trickle of spam not to be annoying, but plenty of others do, especially those who are responsible for implementing your so-called solution.

107% of all SPAM!

[StCredZero (169093)]

Release a botnet that becomes self aware. Such that, it takes over 100% of all spam production, plus a large fraction of the emails sent by a genuine sentience.

The largest "single" source?

[n6kuy (172098)]

Largest multiple source, I'd say. It's a bot net after all.

No longer synonymous, then

[gardyloo (512791)]

If this new guy uses a technique which something else used, the technique is no longer synonymous with either of them.

Re:

[Fiznarp (233)]

'Synonymous' describes two words that are synonyms. Since the subject described (a technique) isn't a word to begin with, I doubt it was ever synonymous at all. Though it may have been 'commonly associated' with the Storm worm.

Windows users

[by Anonymous Coward]

For those of us still running Windows XP, I remember there being several products from Mcafee and Symantec that would be available for free download to remove the latest pieces of malware. I don't know what the latest and greatest is now. Are there any specific tools we can use (beyond a virus scanner) to check for and removed malware?

Re:

[ISurfTooMuch (1010305)]

One thing that comes to mind is Microsoft's Malicious Software Removal Tool, which comes out each month in Windows Update. Another tool is Trend Micro's online virus scanner, located at http://housecall.trendmicro.com./ [housecall.trendmicro.com]

The tools you're thinking of were standalone removal tools for specific pieces of malware. I'm sure they still release these from time to time. They usually came out for malware that was especially high-profile, so don't expect to see one for every one out there.

But the most useful tools,

Priorities

[Fuzzums (250400)]

Isn't is nice to see that governments rather go after internet gambling, something that really doesn't dother me at all, and completely ignore spam, something that is really annoying to us, the normal people...

It makes clear, once again, that governments are totally not 2.0-ready. They don't know about how technologies work and how to deal with it.

Re:Priorities

[causality (777677)]

Isn't is nice to see that governments rather go after internet gambling, something that really doesn't dother me at all, and completely ignore spam, something that is really annoying to us, the normal people...

It makes clear, once again, that governments are totally not 2.0-ready. They don't know about how technologies work and how to deal with it.

What surprises me is the benefit of doubt that is always given to those in power. There is much political power to be had by allowing something to become a crisis and then stepping in with "justifiable measures" to address said crisis. This is referred to by various names; the two which come to mind are Problem, Reaction, Solution and the other is Thesis, Antithesis, Synthesis. The idea comes mainly from Hegel although I suspect it's actually older than this.

Really, don't you ever wonder why most "crises" were foreseeable events that were ignored or neglected until they became huge problems? Personally, I am not so quick to assume they just innocently "don't get it." They might or might not understand the technologies involved, but they certainly do understand what millions of people demanding that they "do something right now" can mean for their political careers.

Re:

[Fuzzums (250400)]

Interesting reply

So you're saying for politicians it would be more interesting, career wise, to follow the path of Hegel et al and first let something become a problem, wait for a lot of complaints, solve it because a lot of people demand it and then become the "hero".

Still, if I look at some measures like demanding from ISP's to keep record their users's traffic information for 3 yeard, I still have a faint impression they don't know what they're dealing with and how to deal with it.

Re:

[Bill, Shooter of Bul (629286)]

Very Interesting. I think that idea really trancends politics to almost every area. People are more willing to let a crisis come, rather than taking steps to prevent it. I'm nto sure how much of that is caused by psychological inertia, and how much of it is malicious.

Re:Priorities

[erroneus (253617)]

Yes, because the voters are appeased when religion is appeased. Prostitution, gambling, drugs and alcohol are all vices that people have been engaged in since the dawn of man. Religion has been the **industry** (don't kid yourself, religion is an INDUSTRY) that has placed itself as an enemy of humanity's vices, its own nature, to justify its existence. Human nature won't change and the perceived need for religion will perpetuate itself for the duration of humanity's nature. And as long as people can be distracted by religion, people will continue to vote for the issues that win elections and enable laws.

The reason governments go after vice is because that's what religion wants and the people speak to what religion has brain washed them into demanding because only religion and religious values stand to fight something as unchangeable as human nature.

"Vice" laws need to go away. It should be written into the constitution of every government that morality is not the domain of government so long as it doesn't conflict with the government's obligation to maintain general welfare and common defense. Gambling, drugs and alcohol and prostitution could NEVER threaten general welfare of a population directly. So laws against them can only be the response of legislators who have responded to the demands of the religion industry.

(And before anyone starts responding with disease and violent crimes related to gambling, drugs and alcohol, and prostitution, you'll find that most of these things are caused by their existence as underground and largely illegal activities as demonstrated very well as the prohibition of alcohol created organized violent crime industries that disappeared when prohibition was repealed. Take away the laws against other vices and you will see similar decreases in the diseases and violence surrounding the other vices... they won't go away but they will actually be less of a threat to GENERAL public welfare.)

An end of religious law would allow the focus of law and regulation that actually serves the purpose of government -- to provide for the common defense and to promote the general welfare.

Re:

[the_macman (874383)]

Bravo sir, Bravo...What you've written is brilliant. I couldn't agree more. Unfortunately for you and I religion will NEVER go away. Here's the catch. Religion is based on faith. The opposite of faith is doubt. To a religious person, anyone who doubts religion is clearly wrong and that just means you must try harder to convince them of your religion. Not too many people say, "Damn your right. My religion doesn't make sense at all." Instead they say, "You poor misguided person. I will pray for you.", and bec

Re:

[causality (777677)]

Yes, because the voters are appeased when religion is appeased. Prostitution, gambling, drugs and alcohol are all vices that people have been engaged in since the dawn of man. Religion has been the **industry** (don't kid yourself, religion is an INDUSTRY) that has placed itself as an enemy of humanity's vices, its own nature, to justify its existence. Human nature won't change and the perceived need for religion will perpetuate itself for the duration of humanity's nature. And as long as people can be dist

Re: Priorities

[Black Parrot (19622)]

Isn't is nice to see that governments rather go after internet gambling, something that really doesn't dother me at all, and completely ignore spam, something that is really annoying to us, the normal people...

Coming down on gambling will garner the votes of a vocal bloc who think it's immoral. How many of "us, the normal people" will ever be single-issue voters with a focus on spam?

Re:

[cmacb (547347)]

How many of "us, the normal people" will ever be single-issue voters with a focus on spam?

Probably few to none. It is, unfortunately the lock that both parties have on single-issue-voters that makes progress on many many issues unlikely. If the parties can get all the votes they need on issues such as abortion, gun control, immigration and special rights for various groups, what incentive will they ever have for focusing on the economy as a whole, improving our infrastructure (or getting out of the way so

Is it time to thank the enablers?

[erroneus (253617)]

In a world full of people looking to get what they want at the expense of all others, we should learn to accept that the bigger fish will eat the smaller fish, but even the smaller fish gotta eat.

People drive their cars every day... there are accidents sometimes. The accidents slow the traffic and pisses everyone off. Sometimes accidents are actually the fault of stupid people. Sometimes the accidents are design problems in the cars. Sometimes the accidents are problems with the roads themselves. But when the accident is cleared and people are going their merry way, we forget the accidents and we certainly never give the causes another thought.

Sometimes people do things to help make the roads safer, but what really works is education and improving levels of awareness. Where driving is concerned, at least where I live, we're at a pretty good balance... not too many accidents and awareness is high enough that it stays that way. Because when it comes to travel on the roads, we know there are no safe roads and there are no safe cars. There are only safe drivers.

I'm trying to draw pictures to draw comparisons. The comparisons should be rather obvious if I haven't been modded -2 Off-topic already. I'm trying to show the motives and the mentality leading to how we got where we are... we have stupid people without awareness or education. We have unsafe computers and unsafe networks. The network needs to be safer, but it can only be "so safe" without removing too much of its usability. The computers need to be safer and certainly CAN be safer... just like cars, the makers need to be sued and regulated until they ARE safer. (Yes, that means Microsoft should be held accountable for their part of the blame!) But computers can only be made "so safe" without removing too much of its usability. After that, the rest of the balance can only be maintained with education and awareness and that's the job of the governing bodies.

We live in a world with a lot of problems and dangers. We teach about a lot of things and think it's rather natural that those things we don't teach and warn people about will naturally lead to problems related to it. We've got a culture and economic system that *VERY* dependent on the public internet and the use of personal computers. We've got heavy dependence on a very weak and exploitable system. I just have to wonder how bad it has to get before the enablers are finally held responsible.

The enablers are the designers of the internet, Microsoft and the governments. The internet is being fixed with IPv6 but not fast enough because the governments are in the pockets of the people who stand to make less profit while the transitions are being made from IPv4 to IPv6. Microsoft is a significant inhibitor (among others) of change and improvement because they are the dominant technology connecting the public internet to the users and to the resources and economy that they all mutually depend on. Government is the only way to make change happen because it is clear that the wisdom and intelligence of the public is low enough that they will always be ineffective. Microsoft and other industry players spend and pay so that they can remain unregulated. They are the enablers of the hell we live with. Let's thank them. Thank the enablers.

It is the government's responsibility to educate the people absolutely and they are failing in that responsibility absolutely. (Note that I don't say it is the government's responsibility to protect the people. Government needs only to provide for common defense and to promote general welfare.) It is also the government's responsibility to regulate things that can cause problems or interference with the general welfare which includes the economy. The public internet, anything dependent on the internet, and the economy are demonstrably threatened by unregulated majority and monopoly players such as Microsoft. They don't want to be regulated, but they need to be regulated as the general welfare is at risk.

A si

Re:

[Kineel (315046)]

It is the government's responsibility to educate the people absolutely and they are failing in that responsibility absolutely.

That is perhaps the single most frightening statement I have ever read. Government education has been responsible for some of the biggest crimes in the past couple of centuries. See Germany in the 1930's or the Soviet Union for the first half of the 20th century for examples of this.

However, reading the rest of your post proves that government education is alive and working here in t

Re:

[causality (777677)]

We live in a world with a lot of problems and dangers. We teach about a lot of things and think it's rather natural that those things we don't teach and warn people about will naturally lead to problems related to it. We've got a culture and economic system that *VERY* dependent on the public internet and the use of personal computers. We've got heavy dependence on a very weak and exploitable system. I just have to wonder how bad it has to get before the enablers are finally held responsible.

We've got a

Re:

[SirSlud (67381)]

How is this a cultural issue? This is life. 600 years ago, you were still dependent on whatever the best information was available on how to spread your sickness or how to build a house without it collapsing on your visitors, or what-have you.

Technology has made it easier to go out and self-educate; it hasn't changed the facts that:

a) you have to be able to discern what is 'correct' information versus 'false' information, even if there is often no actual basis for proving which is which unless you're fairly

Who cares about the exploiters?

[Idiomatik (1228742)]

Chasing after security vulnerabilities and hackers is ridiculous. There wouldnt be spam-botnets if you hit the people paying the hackers. Killing a bot or imprisoning a hacker causes a tiny blip. If we charged every company being advertised in the spam the problem would go away. Spam wouldnt be profitable anymore.

Re:

[Dirtside (91468)]

If we charged every company being advertised in the spam...

...then I could torpedo any company I wanted just by sending out spam with their name in the message.

dumb idea #2

[icepick72 (834363)]

In the case of a large botnet, instead of each security company trying to compete for user downloads (e.g. Symantec, AVG, Kapersky, Microsoft OneCare, etc) they should all get together, make one free download that specifically targets and eradicates the botnet source on the computer (on any OS) and ensure it gets shoved through all the distrubution channels like Microsoft download, Linux package installers, other tool updates, etc. Maybe the botnet is too complicated for this. I don't know the detials. However I know it's within the software companies' reaches to work together in spcial situations.

Re:

[drspliff (652992)]

That would defeat capitalism though, and at the moment I don't think I could trust one big anti-virus vendor knowing the attempts of various governments recently *cough*germany*cough*.

Re:

[ymgve (457563)]

In the case of a large botnet, instead of each security company trying to compete for user downloads (e.g. Symantec, AVG, Kapersky, Microsoft OneCare, etc) they should all get together, make one free download that specifically targets and eradicates the botnet source on the computer (on any OS) and ensure it gets shoved through all the distrubution channels like Microsoft download, Linux package installers, other tool updates, etc. Maybe the botnet is too complicated for this. I don't know the detials. Howe

Re:dumb idea #2.5

[icepick72 (834363)]

Very good point. Most people I know don't run Windows update, many because their Windows isn't "Genuine" and would likely be disabled. This also leaves my original suggestion in a bind. If Malicious Software Removal Tool (MSRT) could be pushed through means other than the Windows update process then more people might receive it and be vaccinated.

Maybe another company should run an update service for only "critical" situations to push these tools to users without sharing information with Microsoft, assuring

Re:PEBKAC

[Ox0065 (1085977)]

The solution is out there. Have you ever heard someone tell you that

• they must have security updates turned off, because they might break the computer? (This is where your proposal falls down)
• they don't need virus protection, because they have a fire wall
• they can't use passwords, because "what if someone else needed to get on"
• they are perpetually in an administrator account, because right clicking executable & selecting "run as" is WAY to inconvenient
• they are using internet explorer, because their favour

Q about the botnet world

[A nonymous Coward (7548)]

How much of this is just botnets fighting over the same zombies -- how many existing old botnet zombies get taken over by the new botnet?

Heck, how many actual botnet masters are there? Is this just the same people but with new malware? Is this malware just version n + 1 of the old malware? Or do the same botnet masters have several botnets?

I sure don't know much about these in this kind of sense.

Re:Q about the botnet world

[ShaunC (203807)]

I'd venture to say that a nontrivial number of infected hosts are victims of "botnets fighting over the same zombies." By default, the zombie population is a fairly fixed one; PCs whose owners have demonstrated a willingness to click on any random bullshit that shows up in their email. I'd say it's generally accepted that someone who has become infected with Botnet_A is far more likely to become infected with Botnet_B than someone who practices good security behavior. Of course this population is always growing as the number of PC owners increases, and I've seen stats showing that the normal seasonal variations occur... Botnet activity and the number of distinct zombies tends to go up just after Christmas, at the start of spring and fall college/university semesters, etc.

I doubt that Mega-D is version n+1 of some other malware; this is someone new making their entrance into the underground enterprise. A bot herder has no real incentive to develop an entirely new trojan when their existing bot is still effective. Most modern bots have three primary directives: send spam, propagate, and upgrade/polymorph themselves. If something about Storm, for example, is rendered ineffective by AV or antispam products, it's much easier (and cheaper) for the Storm herder to push out a new release of Storm than it is for him to procure a completely new trojan. The ability to detect and upgrade to new builds is an inherent capability of Storm. Why bother trying to deploy something new when you can upgrade what you already "own?"

It's been shown that Storm's herder can petition off groups of hosts into sub-botnets, presumably to be sold or rented to specific customers. They're still technically part of the Storm botnet, though. Smaller players may have a reason to maintain a series of independent, parallel botnets if they find that their trojans don't deploy well. Surely if you're in the botnet business and you can't reach the "market share" of Storm or Mega-D, it would be to your advantage to experiment and diversify. I wouldn't be surprised if many of the smaller, less successful botnets are actually controlled by a handful of people trying to break into the game.

But I guess all of this is just speculation until we actually catch a few of these assholes and learn firsthand how they operate.

Re:

[A nonymous Coward (7548)]

Thanks. I wonder if one of the ways for a new player to get a new botnet off the ground would be to hijack an existing botnet. It makes me think of the Mafia and other gangs, where one of the ways of showing what a tough guy you are is to take over a rival gang. In fact, that may be the only way, i both cases, since the existing gangs and botnets have skimmed the cream along with a lot of the milk. But unlike a gang, where new gangsters can start at the bottom and work their way up by proving their mett

Re:

[ShaunC (203807)]

I wonder if one of the ways for a new player to get a new botnet off the ground would be to hijack an existing botnet

This is a curious point. A great deal of effort has been put into investigating the Storm network. We're on the eve of the 2nd Super Bowl in a row that Storm will be spamming copies of itself. It's arguably the longest-lasting and most pervasive malware plague we've ever seen. Hundreds of man-hours have been devoted to researching and reporting on its capabilities. Thousands of man-hours hav

Spam is the government?

[Max_W (812974)]

I remember a scandal, when British PM Tony Blair bought 2 apartments for times lower price than the market price.

The deal was handled by his associate, the convicted crook, who was the mastermind behind the Herbalife spam. It made me think...

Spam is responsible for the largest part of the Internet traffic. It should make the spammers most influential people.

They are rich, they have an access to all private information on our computers, they can bring down an infrastructure of any country, they can pro

Jack Black?

[StCredZero (169093)]

Or, they could develop a much more robust variant, called the Tenacious-D!