New Botnets Emerge as Older Peers Limp Along
A changing of the guard has taken place among spam-spewing botnets. Who are some of the ones to watch?
While botnets suffered a major setback late last year, the networks of hacker-controlled PCs are beginning to make their return, researchers said.
The Net's major botnets -- Storm and Srizbi -- seem to have been dealt a crippling blow when their chief Web host, McColo, lost its access to the Internet. But a number of successors are already spreading rapidly and sending out increasing amounts of spam and malware.
Sergeant's conclusions illustrate the difficulties facing security vendors and the online community at large in stopping the spread of botnets and spammers. Storm worm had been the biggest botnet through 2007 and most of 2008, infecting up to 50 million PCs. It was later overtaken by Srizbi, which battled with Rustock, another up-and-comer, for the No. 1 position.
When McColo's ISPs shut off its Internet access, Storm and Srizbi largely went dormant and worldwide spam levels fell by up to 70 percent. But spam levels began increasing within weeks as new players emerged.
Google, for instance, told InternetNews.com that it expects botnets' spam activity to equal pre-McColo levels by the end of the month.
Behind the resurgence are a rogue's gallery of botnets that include names like Mega-D, Xarvester and Donbot, according to MessageLabs' research.
Of the group, Mega-D has emerged as the most prolific botnet, sending out about 26 million spams per minute on average. Each PC infected by this virus sends more than 589,000 e-mails a day.
Others are proving less of a threat -- for the moment. Xarvester, for instance, looks like an old version of Storm but isn't proving as dangerous, Sergeant said.
"It's probably owned by the same people, but is not as capable as the newer versions of Storm we saw last year," he said.
Yet others seem to be lying low. Donbot is a new botnet that has not yet begun sending out much spam, but MessageLabs said it has the potential to be more dangerous than it now is.
Likewise, Cutwail, also known as Pandex, existed before the McColo takedown. While it controls more infected PCs than Mega-D does, it only sends out five million spams a minutes on average, MessageLabs found. Sergeant added that it's is a key botnet to watch.