85% of spam comes from six botnets-February report from TRACE

By Janine de Blois

TRACE’s (Threat Research and Content Engineering) spam traps show February’s spam output as the six main botnets vie for position.

In the beginning of February the Mega-D botnet was responsible for 32% of all spam, with male enhancement pills being its main use.

It has since dropped to fourth position as Srizbi has risen as leader of the pack at 39% by using celebrities as a lure.

Promising anything from naked videos to sexy songs of the stars to get recipients of the spam to download their malware, which includes the sophisticated Srizbi Trojan.

Rustock is the next most significant spambot at 20%. Hacktool.Spammer (which has multiple aliases, including Spam-Mailer) is responsible for 7%; Pushdo (aliases Pandex and Cutwail) at 6%; and Storm at a relatively insignificant 2%.

How many bots a botnet has does not correspond to how much spam it sends.

Two weeks ago, Mega-D’s botnet of 35,000 was responsible for considerably more spam than the Storm’s botnet of an estimated 85,000 bots. There is a huge variation in the rate that different bots pump out spam.

At least five of the big botnets send out spam that leads to the same website-offering herbal supplements for male enhancement, of course it is only the botnets that receive any enhancement by those that are duped into clicking the link.