MessageLabs Enlists Most Active Botnets for 2009
Security company MessageLabs has just released its yearly report which highlights the most dangerous botnets for 2009. The report states that three botnets which were the most active throughout 2009 were Cutwail, Rustock and Mega-D.
Of these, Mega-D sent the maximum number of spam. This botnet, consisted of 300,000-500,000 compromised PCs, emerged after the shutdown of McColo. However, with the progress of 2009, the number of bots in Mega-D shrunk to 100,000 bots. Consequently, Mega-D appeared to send an increasing number of spam from the individual bots within the network so that the overall output volume could be sustained.
As 2009 near to its end, Mega-D apparently dispatched more of pharmaceutical spam along with certain phishing e-mails.
Following Mega-D, the second most active botnet was Cutwail, accounting for 46.5% of the total junk e-mails on May 14, 2009. This botnet comprised 1 Million-1.5 Million bots throughout 2009, sending 17% of the total e-mail junk.
It also spread Bredolab Trojan, distributed fake e-cards with malicious links, aided in phishing acts, and spammed bogus pharmaceuticals and counterfeit watches.
Furthermore, the third strongest botnet during 2009 was Rustock, which often sends its maximum number of spam for brief time, and then becomes inactive for a long stretch of time. During August-September 2009, the botnet commandeered 1.3 Million-2 Million bots.
The report states that for the greater part of 2009, Rustock was responsible for 10%-20% of the total spam, but by the time 2009 approached its end, the botnet became quite stable and dominant in delivering its output at the rate of 18% of the total spam. Moreover, it sent mostly medical and pharmaceutical spam.
Apart from these particular botnets, a few others too featured the MessageLabs' report. These are Bobax (or Kraken), Bagle, Grum, Festi, Maazben, Donbot, Gheg and Xarvester.
According to security researchers, about 89.5 Billion unsolicited e-mails are sent daily from PCs, which have been hijacked and added to a botnet. Other than flooding users' mailboxes with spam, these botnets are also utilized for hosting websites or launching DDoS attacks.
Related article: Mozilla Rules Out Bug in Its Firefox
» SPAMfighter News - 19-12-2009