Monday, February 11, 2008

SecureWorks: Ozdok/Mega-D Trojan Analysis

Joe Stewart writes on the SecureWorks Research Blog:

Last week the TRACE research team at Marshal put forth some statistics regarding spam activity from botnets. The statistics pointed to a botnet dubbed "Mega-D" as the new leader of the spambot pack, spewing 32% of the world's spam according to Marshal's spamtraps. This set off a firestorm of speculation: what family of malware was behind this previously unknown botnet? How had it emerged to challenge Storm with hardly a mention in any research articles or press?

Based on spam samples provided by Marshal, we looked for unique patterns in the message headers, and began to filter traffic across our own monitored customer base to uncover the mystery malware. Based on the number of bots connecting to mail servers we monitor, we estimate that Mega-D consists of around 35,000 infected machines worldwide. This is a very strong botnet, but hardly a challenger to Storm. Even though Storm has waned to around 85,000 bots, it still holds far more spamming capacity. Why the Storm spam seen by Marshal's spamtraps has fallen off, we can only speculate...

More here.

posted by Fergie @ 2/11/2008 03:29:00 PM

0 Comments:

Post a Comment

<< Home