[ insider_reports_insider ]
The Botnet Heavyweights Of 2009
SecurityProNews
Staff Writer
2009-01-16
 Insider Reports RSS Feed
SecureNetworks' list of "bots to watch in 2009" reads like an overview of heavyweight boxers, detailing weight, records, and fighting styles. The good news is some heavy hitters retired in 2008.
 | | The Botnet Heavyweights Of 2009 |  |
The Storm botnet, for example, met its official end on September 18, 2008. But Storm has a successor in Waledac, which uses many of the same "old tricks" like P2P, encryption, e-card links, spam, DDoS, double fast-flux hosting. (That last one I think was a move Sugar Ray used to use.)
Waledac made its debut over Christmas, spooking the security industry with well-wrought e-cards and ripoff Christmas sites. Only 10,000 strong online so far, Waledac has been reasonably contained, but researchers expect big numbers from this rookie in the future.
Rustock, Srizbi, and Bobax, if not finished, are nearly there. Thanks to the McColo server shut down and infosec disruptions, these botnets may never recover from their injuries. But security researchers know better than to count a good botnet out.
SecureNetworks' Director of Malware Research, Joe Stewart, put together this list of botnets to watch in 2009, and goes into greater detail at the Secure Networks' Site:
CUTWAIL: 175,000 estimated bots, and one of the few to escape the McColo shutdown and instead gained strength because of so many sudden free agents signing up. Variety is this spambot's weapon, sending out anything from pharmaceutical and casino spam to phishing and virus spam.
RUSTOCK: 130,000 estimated bots, this bot likes to hide inside newsletter templates ripped off from legitimate businesses to get past email filters. Specializing in enlargement products, typically this bot wins by inches.
DONBOT: 125,000 estimated bots, one could call this one the DonJuanBot as it is not loyal to one set of spammers or networks. Even so, weight loss, stock pump-and-dump, and debt settlement seem to be its specialty.
OZDOK: 120,000 estimated bots, is small but efficient, pumping out "generous" amounts of enlargement and designer knockoff spam.
XARVESTER: 60,000 estimated bots, Xarvester benefited from the McColo shutdown as well, and went from a minor player in 2008 to being listed as one as the "top spamming botnets" of 2009. Pharma, diploma mills, watches, Russian leagues, it's all the same to Xarvester.
GRUM: 50,000 estimated not-so-smart bots using the newsletter template to fool filters while using ED-related subject lines, meaning a good defense is best against Grum's pathetic offense.
GHEG: 50,000 estimated bots. Stewart calls this one "the Swiss Army knife of spambots." Versatility is this botnet's claim to fame, executing template-based direct-to-MX spam, proxylock ISP routing, and sometimes acting as a conventional socks proxy spambot. A sure triple-threat.
CIMBOT: 10,000 estimated bots, Cimbot is a master of misdirection, sending out requests to affiliate click websites to pull attention away from command-and-control requests.
View All Articles by SecurityProNews
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
