Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Spam-a-bot: The Gift That Keeps On Giving: Page 2 of 3

Bots are the biggest threat today, continues Yaneza. "In the past, we've talked about hybrid malware and how a single malware could eventually download plug-ins to extend functionality. Today, these come as bots that are self-contained with full functionality. However, it doesn't stop there. With access to the larger Internet and using previously good-intentioned technologies, like fast-flux and double-fast-flux, as we've seen in previous bots like Storm, the introduction of active and targeted compromise surely makes any bot network--whether running 100 or 1 million nodes--of large concern. The pervasive techniques such as stealth rootkits, new mediums such as mobile phones, man-in-the-middle attacks a la Zeus are even more proof."

There is no end in sight to spam, notes Joe Stewart, with the Dell SecureWorks Counter Threat Unit research team. Instead, there is an overall maturation to the spambot ecosystem, with fewer new spambot families emerging and only incremental changes in the existing spambot families.

With an estimated 250,000 bots, Rustock is the most prolific spam botnet around, says Stewart. It was designed as a rootkit, burying its files and activity deep inside the Windows operating system where it can hide from popular anti-malware products and remain on an infected system longer.

At 100,000 bots, Cutwail holds down the No. 2 spot, using custom encryption to disguise its communications. Lethic, with 75,000 bots, uses a "connect-back" scheme that causes the bot to reach out to the Lethic controller to begin receiving traffic.

Dell says other popular bots include Grum (65,000), Festi (60,000) and Maazben (30,000). While spam botnet sizes and spam volume are down over last year, one trend that can be seen is spambots piggybacking on existing worms and viruses to extend their reach.