New Survey Lists Top Eleven Botnets

May 31st, 2008 Comments Off

New Survey Lists Top Eleven Botnets

Joe Stewart, director of malware research at SecureWorks Inc., presented a survey ranking the top 11botnets that send an estimated 100 billion spam messages a day from over a million hacked systems.

Botnet # of botsSpam capability
1Srizbi315,00060Billion/day
2Bobax185,0009Billion/day
3Rustock150,00030Billion/day
4Cutwail125,00016Billion/day
5Storm85,0003Billion/day
6Grum50,0002Billion/day
7Onewordsub40,000Unknown
8Ozdok35,00010Billion/day
9Nucrypt20,0005Billion/day
10Wopla20,000600Million/day
11Spamthru12,000350Million/day

Stewart’s research also helps categorize bots and reduce confusion regarding different botnets under the same name, proving through SMTP ‘fingerprints’ that certain previously discovered bots like “Kracken” are
really just variations of existing bots, in the case of Kracken, Bobax.

Tags: ,

Author: Christopher

Where are the zombie IPs? (November 2007)

December 10th, 2007 Comments Off

Throughout November we compiled data for the source of Zombie IPs and their geographic locations.

  • 14% U.S.
  • 6% Russia
  • 6% Brazil
  • 5% Italy
  • 5% Poland
  • 5% Mexico
  • 5% Turkey
  • 4% Spain
  • 4% Germany
  • 4% China
  • 3% U.K.
  • 3% Korea
  • 3% France
  • 31% Other

Zombie IPs frequently change to conceal their identity, and they may even force an IP change on their infected host.

Tags:

Author: Christopher