The Top 10 ‘Most Wanted’ Spam-Spewing Botnets

Spam continues to grow largely due to the growth in malicious botnets. Many botnets are command-and-control systems used by criminals and are still the main way that spam is spewed into your e-mail box. M86 Security says that the worldwide spam volume has now climbed to 230 billion messages per day, up from 200 billion at the start of 2010.

America’s 10 most wanted botnets

M86 Security has created the “Top Ten Most Wanted” Spam-Spewing Botnets list, many of them are believed to be controlled in Eastern Europe by criminals who manipulate compromised systems, mostly PCs, around the world to generate spam, according to M86.

With Botnets Everywhere, DDoS Attacks Get Cheaper

The Botnet World is a Booming World

1. Rustock (generating 43% of all spam)

The current king of spam, its malware employs a kernel-mode rootkit, inserts random text into spam and is capable of TLS encryption. Concentrates solely on pharmaceutical spam.

2. Mega-D (10.2%)

A long-running botnet that has had its ups and downs, owing to the attention it attracts from researchers. Concentrates mostly on pharmaceutical spam.

3. Festi (8%)

A newer spambot that employs a kernel mode rootkit and is often installed alongside Pushdo on the same host.

4. Pushdo (6.3%)

A multi-faceted botnet or botnets, with many different types of campaigns. A major distributor of malware downloaders and blended threat e-mails, but also sends pharma, replica, diploma and other types of spam.

5. Grum (6.3%)

Also employs a kernel-level rootkit. A wide range of spamming templates changes often, served up by multiple Web servers. Mostly pharma spam.

6. Lethic (4.5%)

The malware acts as a proxy by relaying SMTP from a remote server to its destination. Mostly pharma and replica spam.

7. Bobax (4.3%)

Another long-running botnet that employs sophisticated methods to locate its command servers. Mostly pharma spam.

8. Bagle (3.5%)

The name derives from an earlier mass-mailing worm. Nowadays, Bagle variants act as proxies for data, and especially spam.

9. Maazben (2.0%)

By default, uses a proxy-based spam engine. However, it may also use a template-based spam engine if the bot runs behind a network router. Focuses on Casino spam.

10. Donbot (1.3%)

Donbot is named after the string “don” found in the malware body. Mainly pharma spam.

“Other” spambots account for 10.7% of all spam. According to security firm Sophos, the Top 12 spam-relaying countries now are:1. United State (15.2%)2. India (7.7%)3. Brazil (5.5%)4. United Kingdom (4.6%)5. South Korea (4.2%)6. France (4.1%)7. Germany (4.0%)8. Italy (3.5%)9. Russia (2.8%)10. Vietnam (2.7%)11. Poland (2.5%)12. Romania (2.3%)”Other” is said to account for 40.9%.

Sophos also notes spam is becoming increasingly malicious as it’s more often being used to steal identity and bank-account information.

Read more about wide area network in Network World’s Wide Area Network section.