Top Botnets Control Some 1 Million Hijacked Computers 250
Puskas writes "Joe Stewart is the director of malware research at SecureWorks, and presented a dire view of the current botnet landscape at the RSA conference this week. He conducted a survey of the top spamming 'nets, extrapolating their size from the volume of emails that flow across the internet. By his calculations, the top 11 networks control just over a million machines, hitting inboxes with some 100 billion messages a day. 'The botnet at the top of the chart is Srizbi. According to Stewart, this botnet — which also goes by the names "Cbeplay" and "Exchanger" — has an estimated 315,000 bots and can blast out 60 billion messages a day.
While it may not have gotten the publicity that Storm has during the last year, it's built around a much more substantial collection of hijacked computers, said Stewart. In comparison, Storm's botnet counts just 85,000 machines, only 35,000 of which are set up to send spam. Storm, in fact, is No. 5 on Stewart's list.'"
How do I tell...? (Score:5, Interesting)
I don't necessarily trust that a clean-virus scan means a whole lot.
What's the best way to make this determination?
Why don't the ISPs do something? (Score:5, Interesting)
My wife's notebook is one of them (Score:5, Interesting)
Re:How do I tell...? (Score:1, Interesting)
Re:This is a job for goons (Score:3, Interesting)
Re:Just a thought... (Score:4, Interesting)
Why? (Score:3, Interesting)
Why does spam work? Who are these stupid people and why do they click? Also, if you get 80 spam a day for the same fake product, why would pick one at random and say, "der, I think I'll go buy this!"
Can someone please tell me why?
I wish some news reporter would send out a billion spam but then, instead of taking money from the people who click, contact them and do an interview. I want to know who these people are and what the hell they are thinking.
Botnets-spam (Score:3, Interesting)
Re:Let's see some truthful tagging (Score:3, Interesting)
Compromised Linux machines are an integral part of the botnet. [softpedia.com]
No technology can replace determined stupidity... or just plain arrogance.
But... you are INVINCIBLE!, right?
Re:How do I tell...? (Score:3, Interesting)
Sadly there's no way a typical user could do this, but I don't know how else you can be sure your safe.. Although like anything, nothing is 100% a sure bet.
Re:Take away their licenses (Score:3, Interesting)
My home ISP just started outbound blocking traffic from DSL customers to port 25 a few days ago, which has stirred up some controversy [lowyat.net]. Maybe I'm just imagining things, but I believe my connection has been faster since then. We're always suffering from bandwidth problems (the downside of being on the end of a very long cable across the Pacific) so anything that eliminates our share of 100 billion daily spams clogging the line is a good thing in my book.
On mail servers I use spamdyke [spamdyke.org] to immediately drop connections from end-user IP addresses (using the reject-ip-in-cc-rdns rule and Spamhaus PBL [spamhaus.org]) and it's been remarkably effective.
If everyone did this, the botnets would be useless.
Re:Why don't the ISPs do something? (Score:3, Interesting)
You can't even sensibly put something like that into law. How? What do you have to do to secure your machine? How are you supposed to be responsible for it? What's to be considered "justifiable expense" when it comes to security (i.e. what do you require from a user)? Do you want to force someone to run AV tools to have his bases covered?
The questions are hard to answer. I would love to see some sort of legal liability for damage done by your computer, but I would like to see sensible limits. Nobody can make 100% sure all of the time that his machine is perfectly malware free. What precautions would you consider sensible demands from a user to be a "good netizen" and pull his weight to avoid the spread of botnets?
Interesting approach to spam. (Score:3, Interesting)
A friend of mine is investigating an interesting approach to spam.
From this article it quite clear that chasing the source of the spam is quite pointless.
His research is into tracking the destination.
Spams only make sense if they can make some money from it. This means the payload(content) must lead
someplace with a URL to order, a URL with adds, or a phone number for orders.
His blog is at:
http://spamdirect.blogspot.com/ [blogspot.com]
I have to push him to post some of the more interesting stuff he has discussed in E-Mails with me.
One very odd note.
My domain unmailable.com get's no spam!
without any filters and addresses even posted publicly there is just no spam to it.
I think they must remove any mail reference to unmailable assuming it must not be a real domain.
Apple vs Microsoft (Score:1, Interesting)