Forgot your password?
typodupeerror
Spam Security

Most Spam Comes From Just Six Botnets 268

Posted by CmdrTaco
from the all-obsessed-with-your-wang dept.
Ezhenito noted some research pointing out the (maybe) surprising bit of research that 6 botnets are responsible for 85 percent of the world's spam. That seems a bit high to me, but the only aspect of spam I am an expert in is *getting* it.
This discussion has been archived. No new comments can be posted.

Most Spam Comes From Just Six Botnets

Comments Filter:
  • by elrous0 (869638) * on Monday March 17, 2008 @09:03AM (#22772306)
    Bet I could connect any one of these bots to Kevin Bacon in 3 or less.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      It only takes one. I can't count the number of times I've received spam that tries to get me to "3nl4rge my K3v1n B4c0n".
  • by sakdoctor (1087155) on Monday March 17, 2008 @09:08AM (#22772328) Homepage
    Srizbi is the largest contributor at 39%
    I believe this figure could be much larger if the Trojan.Srizbi client was ported to Mac and linux
    Anyone know what licence it's distributed under?
  • by blcamp (211756) on Monday March 17, 2008 @09:13AM (#22772372) Homepage

    Why can't they focus thier efforts and resources on shaping traffic to block this kind of nonsense, rather than Torrents?

    • Re: (Score:3, Insightful)

      by AltGrendel (175092)

      1) There are "fewer" people using torrents than using email.

      2) Email users include businesses that probably include a draconian SLA on the ISPs part and they don't want to mess with that.

      3) And as always, it affects Profit!!!

    • by Von Helmet (727753) on Monday March 17, 2008 @09:34AM (#22772576)

      Spam affects the little guy. Torrents affect (apparently) the big guy.

    • Re: (Score:3, Informative)

      by gmuslera (3436)
      Torrents/p2p uses its own ports and protocols, and here you just target client machines. You can easily (?) filter them. Much different is something that is just mail, and there you get it from your mail server, whatever it is, whatever measure is taking. And one of the most used techniques to reduce spam (greylisting) is specifically targetted by Snzbi (the bot responsible back at the time this was published, almost 3 weeks ago, of 39% of the spam), so it dont stop this particular botnet.
  • by Aaron Isotton (958761) on Monday March 17, 2008 @09:16AM (#22772402)
    What TFA says is that most Spam comes from the following six types of Bot:

    Srizbi: 39%
    Rustock: 20%
    Mega-D: 11%
    Hacktool.Spammer: 7%
    Pushdo: 6%
    Storm: 2%
    Other: 15%

    This doesn't necessarily mean that most spam comes from six botnets. Some of the bots could be used by multiple bot masters; OTOH some botmasters could control multiple botnets using different bots.

    Something else I just thought of:

    The botmasters are going to use the best bot available, i.e. the one enabling them to send most spam at the least cost. On the other hand, the "good guys" are fighting spam (and the bots). So whenever a certain bot starts taking over (currently Srizbi) all the good guys will focus on that one and try to shut it down. So the bot decreases in value and another, better bot will take over. Evolution at its best.

    The Antivirus companies which are trying to fight the malware are also trying their best. The big difference is that while the success of a spambot can be easily measured by the customer (i.e. the botmaster), the success of an AV product is much harder to estimate. Also, the typical AV customer doesn't have the ability/time to find out which AV product is best for him. Moreover, AV products are some sort of subscription service (you buy the package and get 1 year of updates) which makes it hard to switch products. Often AV products are bundled with computers, selected by business principles and not by technical superiority.

    In other words, the evolution process of malware is far superior to the one of AV products.
    • If you really want to focus the discussion on business principles, then you would realize the cost of a satisfied, virus-free customer is far less than the profit derived from picking a anti-virus package to bundle. Don't underestimate or trivialize the amount of effort OEMs go through in picking out their software bundles. Some of the bundles are shit, some are for pure profit, and a lot is unnecessary for an individual user, but if you're selling to ten million people, one person's "bloat" is another's re
      • Come on. The software bundles are *always* ludicrous. They typically include: - A crappy "Home User"-Antivirus with huge splash screens and big colorful dialog boxes pissing you off a few times a day. - A crappy toolbar for your browser (often Yahoo or Google, sometimes worse) - Some "software update center" which is usually far worse than even Windows Update - A CD Recording application which is ALWAYS crap. - A software firewall yelling "OMG PACKET" every time someone sends an UDP broadcast on your netwo
        • Yes, you typically get a yahoo or google toolbar as well as those half a dozen "click here to sign up" programs. The bright side of these programs is that they subsidize part of the cost of the computer. Annoying, definately.. but certainly innocous at worst and benifical at best. CD recording software? Last bundle I had included Nero, which I already use by choice and have a purchased license for. My last bundle also included Norton Internet Security as a free bundle, but it was only a 90-day trial, but I
      • Re: (Score:3, Insightful)

        by Aaron Isotton (958761)
        (Same post as before, formatted properly)

        Come on. The software bundles are *always* ludicrous. They typically include:

        - A crappy "Home User"-Antivirus with huge splash screens and big colorful dialog boxes pissing you off a few times a day.
        - A crappy toolbar for your browser (often Yahoo or Google, sometimes worse)
        - Some "software update center" which is usually far worse than even Windows Update
        - A CD Recording application which is ALWAYS crap.
        - A software firewall yelling "OMG PACKET" every time someone s
  • You have 11292 unread messages: Inbox(7803), Bulk(3489)

    this is from a 10 year old yahoo account that i only visit once a month to keep it active, i log in and never open anything, i dont care = its not my harddrive all that spam is sitting on...
  • Is it possible to identify a trojanned machine that's sending out spam, like maybe find if it responds to some "unexpected" port? If you could do this, you could quickly check "unknown" mail servers and see if they were really an 0wned Windows box spewing out spam.
    • Okay, lets say you're right, and the "0wned" servers listen on port 666.
      I'll leave you to reprogram every single smtp server in the world to check for that condition.
      Just remember, the next version of the bot might use port 667 so you better hurry!
      • by rcw-home (122017)

        I'll leave you to reprogram every single smtp server in the world to check for that condition.

        Most SMTP servers have the ability to check a blacklisting service - so that's all you have to program.

  • You know... we don't let people drive without a drivers license and insurance. The general public has to start taking some responsibility here.

    I would suggest some measures we can use:

    1) static IP's. Then we can easily track down infected machines and take them offline.

    2) Laws that require people to assume some form of responsibility when they connect a computer to the net.

    3) Perhaps some form of compulsory insurance policy.

    4) Laws that require ISP's to disconnect spam bots and take some responsibility.

    If
    • by CaptainPatent (1087643) on Monday March 17, 2008 @09:52AM (#22772724) Journal
      What you have is a good idea in principle, but with potentially horrible consequences.

      I would suggest some measures we can use:

      1) static IP's. Then we can easily track down infected machines and take them offline.
      Advertising companies are jumping for joy at this one. The more stable the IP address, the more they can bombard you with ads specially tailored for you. I like the fact that DHCP refreshes my IP every day or so, it means that sites that use web-bugs and other semi-devious methods of gathering information and (much worse) sell it to other companies, only have a very limited time frame to do so - and the fact that my IP does refresh makes them that much less able to make any profit off of me.

      2) Laws that require people to assume some form of responsibility when they connect a computer to the net.
      And what's going to happen if they don't "take responsibility?" By what metric do we judge responsibility? It sounds like the only way to enforce this is to dig into private internet usage information. I think the last thing I want is another person snooping around in the internet garbage bin for places my computer has been and is going to.

      3) Perhaps some form of compulsory insurance policy.
      Mainly see the above, but in addition the last thing we need is another mandatory insurance policy.

      4) Laws that require ISP's to disconnect spam bots and take some responsibility.
      This one may not be a terrible idea in practice, but ISP's are currently going nuts over things like bittorrent. What's to stop them from classifying bittorrent activity as "suspected botnet activity?"

      I do like the spirit of the post, but I don't think there's a clear-cut solution to the problem.
    • Re: (Score:3, Informative)

      by ledow (319597)
      Let's ignore all your points for a second and cut to the crux of the matter. The country you live in could legally enforce all of your suggestions absolutely perfectly. It wouldn't make a dent. You could do it in twenty, fifty countries. You still wouldn't make a dent. Law is not universal. In my continent you can't HAVE software patents, they actually do not exist. You aren't going to make that change any time soon no matter what your country does. Similarly for any legal resolution to spam, viruse
    • I don't think legislation is the answer... and doubly so when it comes to anything technology related... and doubly so again when it comes the the internet.

      a) who has jurisdiction?
      b) we're talking about politicians writing the laws. -- never a good idea

      I think that the "real" solution is to re-write e-mail protocols... but I'll be the first to admit, I don't have a good solution either.
    • 4) Laws that require ISP's to disconnect spam bots and take some responsibility.


      No. Then they will kill those of us who are running our own mail servers. Make it a law, and they get to abuse me even more than they already do.
  • Well, that's convenient - my hand [wikipedia.org] cannon [wikipedia.org] holds six bullets.
  • This is just like the specious 'War on Drugs' that's been so remarkably successful over the past decades. The problem here is that there are morons who actually send money for bootleg Viagra pills, male-member enhancers, and other quality merchandise which these spams promote. Just say no!

    Life on the internet was a lot simpler when all stupidity could be pinned on AOL users.

    Now if we could only get rid of all those easily bot-ified Minesweeper/Solitaire boxes.....
  • Did the Futurists predict this and we just didn't take heed*? Or did no one predict this? I've always heard "never underestimate the power of human stupidity", but I guess we shouldn't misunderestimate the power of money and the drive to get it. 20 years ago, if you had told Alvin Toffler that this great interconnected information system was going hijacked by pharmaceutical ads, he'd have told you that you were a lunatic.

    *I just saw BladeRunner-TFC again this weekend. Ridley Scott gave us the Blimp with
  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Monday March 17, 2008 @09:57AM (#22772772) Homepage Journal
    Seeing that six botnets propagate most of the spam really shouldn't be a surprise to anyone who is familiar with spamhaus. After all, why would the spammers want to reinvent the wheel and produce new botnets when each botnet is itself constantly gaining new zombie PCs?

    Really, this is nowhere near as useful as the spam distribution data that is available through spamhaus, telling us who is behind the bulk of the spam, and what geographic parts of the world they are associated with. The botnet building and controlling seems to be the easy part of the spammers' game now, and we can all thank our neighbors and their new un-patched boxes on 24/7 DSL / cable connections for that.
  • I predict tomorrow's headline to be "90% of x computers belong to one of six bot nets." where x is either a group of foreign countries, corporate computers, or home computers depending on the mood of the day.
  • by ThirdPrize (938147) on Monday March 17, 2008 @10:02AM (#22772810) Homepage
    While most of us treat spam as junk it is there to serve a very specific purpose. To get our money into the accounts of unscrupulous companies. A mate of mine (honestly) replied to spam and got some pills back. There are proper businesses behind them. Why can't we trace where the money goes and sue their butts off?

    How many companies are actually advertising at any one time? Is all the spam for one company, ten companies, a thousand companies or a million?
    • by oliderid (710055) on Monday March 17, 2008 @10:24AM (#22773002) Journal
      Precisly...For example US mortgages debt. I guess the "real" businesses behind could be easily tracked but US police officers. All you have to do is respond to the SPAM and wait until you get a phone number, a bank account or whatever. Or those VIAGRA pills...If they are "officals", then you can track their production numbers to the last "official" resellers.

      There are plenty of spams requiring real businesses behind. Most of these businesses are located in western countries. Why can't they track them?

    • Re: (Score:2, Informative)

      by vsloathe (1257618)
      There's a very simple reason you can't sue the companies who advertise via spam. They are not the ones sending you spam. Most email spam you receive is the result of affiliates of these companies who get paid a commission to sell you their products. Most companies strictly forbid the use of non CAN-SPAM compliant marketing, but some allow it "off the record". The best you can do is send an email to the online pharmacy or mortgage company or retailer on the other end and let them know "xyz account" is using
    • You are 100% correct. Going after the companies that profit from sale would cut of the air supply for the industry. It would be just like the internation ban on the trade of ivory that pretty much halted poaching.
  • That targets the top 5, 10 etc botnet issues so they can be addressed specifically without having to do broad spectrum AV searches (That fail depending on product)
  • So what this article is saying is that I wont get c1@l1s ads for my chinchilla?

    My chinchilla and his harem are greatly disappointed.

    N.B. No chincillas, real or fictional, were harmed in the making of this post.
  • The only way to fix this is to just release a competing bot that destroys all of the other bots and is otherwise harmless. There's no other way around it. I've seen zombie PCs and their owners and I don't think you can do anything to fix either one. After getting paid twice to fix their machine and educate them about how to keep it fixed - I gave up. They couldn't have paid me enough to come back a third time. They obviously just didn't care about learning how to use a computer properly. Apparently smiley f
  • I thought it was ironic the article about spam had a classic spam ad in it.
  • Which is the high part? The 85% spam number, or that it takes 6 entire bot-nets to generate it?

16.5 feet in the Twilight Zone = 1 Rod Serling

Working...