New Botnets Emerge as Older Peers Limp Along

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  


While botnets suffered a major setback late last year, the networks of hacker-controlled PCs are beginning to make their return, researchers said.

The Net's major botnets -- Storm and Srizbi -- seem to have been dealt a crippling blow when their chief Web host, McColo, lost its access to the Internet. But a number of successors are already spreading rapidly and sending out increasing amounts of spam and malware.

"Srizbi and Storm don't seem to be able to send out code any more, and we've got new botnets out there now," Matt Sergeant, senior anti-spam technologist at MessageLabs, told InternetNews.com. He added that said he believes that botnet operators are regrouping and will begin launching more attacks later in the year.

Sergeant's conclusions illustrate the difficulties facing security vendors and the online community at large in stopping the spread of botnets and spammers. Storm worm had been the biggest botnet through 2007 and most of 2008, infecting up to 50 million PCs. It was later overtaken by Srizbi, which battled with Rustock, another up-and-comer, for the No. 1 position.

When McColo's ISPs shut off its Internet access, Storm and Srizbi largely went dormant and worldwide spam levels fell by up to 70 percent. But spam levels began increasing within weeks as new players emerged.

Google, for instance, told InternetNews.com that it expects botnets' spam activity to equal pre-McColo levels by the end of the month.

Behind the resurgence are a rogue's gallery of botnets that include names like Mega-D, Xarvester and Donbot, according to MessageLabs' research.

Of the group, Mega-D has emerged as the most prolific botnet, sending out about 26 million spams per minute on average. Each PC infected by this virus sends more than 589,000 e-mails a day.

Others are proving less of a threat -- for the moment. Xarvester, for instance, looks like an old version of Storm but isn't proving as dangerous, Sergeant said.

"It's probably owned by the same people, but is not as capable as the newer versions of Storm we saw last year," he said.

Yet others seem to be lying low. Donbot is a new botnet that has not yet begun sending out much spam, but MessageLabs said it has the potential to be more dangerous than it now is.

Likewise, Cutwail, also known as Pandex, existed before the McColo takedown. While it controls more infected PCs than Mega-D does, it only sends out five million spams a minutes on average, MessageLabs found. Sergeant added that it's is a key botnet to watch.

This article was first published on InternetNews.com. To read the full article, click here.