Fresh Botnets Emerging Despite Closure of Spam-friendly ISPs
Researchers at the online security firm 'Symantec' have found that a newly emerged botnet 'Maazben' that was first observed during late May 2009 contributed 1.4% of all junk e-mails during September 2009 in comparison to 0.5% of unsolicited e-mails during August 2009, while the very old and massive 'Rustock' became twofold in magnitude from June 2009, as reported by Itwire on October 1, 2009. Evidently, majority of the spam mails pushed out were related to online casinos.
MessageLabs reports that Rustock is the sole network which takes rest from spamming for about eight hours daily. The botnet is a only network that spews spam in a routine sequence, as well as represents a highly dominant botnet, accounting for 10% of the total junk e-mails, with its model of spam reflected inside the general daily model.
Security researchers state that the shutdown of rogue hosting companies has eliminated erstwhile prominent botnets like 'Cutwail,' but other bot-infected networks, active for long time, continue to be a nuisance.
The researchers stated that prior to the shutdown efforts against cyber crime supportive, California based ISP 3FN during early June 2009, Cutwail pushed out 45.8% of the total spam. However, to compensate for the gap on account of Cutwail's closure, 'Grum' spewed about 23.2%, while 'Bobax,' 15.7%, of the total spam to represent as the key spam networks.
Moreover, Paul Wood, Senior Analyst at MessageLabs Intelligence, stated that the total number of bot hosting ISPs being shutdown was leading to an instance of 'drown or float' and a resulting change in botnet power, as reported by Itpro on September 30, 2009.
Wood continued that the changeover had weakened the more forceful zombie networks such as Cutwail, while allowing newer botnets such as Maazben to emerge.
Security researchers stated that it wasn't just that smaller botnets' presence was far more common, but they were configured to perform various malicious acts. Majority of such botnets were built with the well-known DIY malware toolkits like Poison Ivy and Zeus, and were being utilized in corporate network exploration or for establishing backdoors on vital computers.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 19-10-2009