Srizbi Grows Into World's Largest Botnet

Srizbi is taking the Internet by storm, and taking Storm by storm as well.

The prodigious Srizbi botnet has continued to grow and now accounts for up to 50 percent of the spam being filtered by one security company.

If the latest figures from security company Marshal can be taken at face value -- their engines scan much the same traffic as do others in the industry -- then Srizbi is now the biggest single menace on the Internet, dwarfing even the feared and mysterious Storm.

Having compromised 300,000 PCs around the world, it was now sending out an estimated 60 billion spam emails per day on "watches, pens, male enlargement pills", a torrent that consumed huge amounts of processing power to keep in check.

"Srizbi is the single greatest spam threat we have ever seen. At its peak, the highly publicized Storm botnet only accounted for 20 percent of spam. Srizbi now produces more spam than all the other botnets combined." said Marshal's Bradley Anstis.

In March of this year, Marshall's Threat Research and Content Engineering team (TRACE) reported the botnet as a growing problem among a small family of super-botnets, a sign that a few highly-successful bots were starting to monopolize traffic.

If it's growing, what is it about this botnet that has made it so successful? Srizbi appears to spread by as part of the spam messages it sends, meaning that its lifecycle extends to reproducing itself and not just distributing email. This is not a unique feature, but it could be that it is either evading detection at this stage or tricking people using more sophisticated social engineering.

What makes Srizbi slightly baffling is that botnet controllers like bots to stay out of the headlines. At the point they become as large as Srizbi has become, the chances of them being detected and countered increases. It's possible that Srizbi has been more successful that its creators expected.

If there's hope, it's in the fate of the infamous Storm, which appeared in early 2007, and became the malware phenomenon of that year. Marshall's figures suggest it now accounts for less than 1 percent of spam traffic, which suggests that Sribzi will one day go the same way. However, by the time that this happens, it is also possible that a new super-botnet will have taken its place.

"Microsoft recently announced its success combating the Storm botnet with their Malicious Software Removal Tool (MSRT). The challenge now is for the security industry to collectively turn its sights on Srizbi and the other major botnets. We look forward to seeing Microsoft target Srizbi with MSRT in the near future," said Marshal's Anstis.

Copyright © 2008 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline