SecureWorks: Spam Botnets to Watch in 2009
Joe Stewart writes on the SecureWorks Research Blog:
Last year, we reported on the top spam botnets plaguing the world. Since then there have been significant changes to the botnet landscape, so we've decided to issue a new report covering a brief history of spam botnets in 2008, detailing the latest botnet threats.More here.
After two years of domination, the Storm botnet finally died on September 18, 2008. Multiple academic and professional botnet reseachers had been drawn to study Storm, and because of some mistakes/bad choices in the encryption protocols, some discovered ways to disrupt the botnet. But because of the P2P functionality in the Storm code, it was never fully possible to take over the entire botnet at once. The number of Storm infections was further impacted by Microsoft's Malicious Software Removal Tool (MSRT), taking out hundreds of thousands of bots at a time. Storm's numbers continued to fall off over the course of 2008, before it was apparently abandoned in September.
One of the biggest factors in the shifts we've seen is the takedown of the notorious McColo hosting operation. In the second half of last year, we detailed just how many spam botnets were dependent on McColo's connectivity, and we predicted that if McColo were shut down, worldwide spam would be cut in half. Shortly after that, McColo was featured in a blog posting by Brian Krebs, and the attention caused its upstream ISPs to pull the plug. According to various sources, spam dropped by anywhere from 50 to 75 percent on the very same day.