Srizbi grows into world's largest botnet
The prodigious Srizbi
botnet has continued to grow and now accounts for up to 50 percent of the
spam being filtered by one security company.
If the latest figures from security company Marshal can be taken at face value
-- their engines scan much the same traffic as do others in the industry --
then Srizbi is now the biggest single menace on the Internet, dwarfing even
the feared and mysterious Storm.
Having compromised 300,000 PCs around the world, it was now sending out an
estimated 60 billion spam emails per day on "watches, pens, male enlargement
pills", a torrent that consumed huge amounts of processing power to keep
in check.
"Srizbi is the single greatest spam threat we have ever seen. At its peak,
the highly publicized Storm botnet only accounted for 20 percent of spam. Srizbi
now produces more spam than all the other botnets combined." said Marshal's
Bradley Anstis.
In March of this year, Marshall's Threat Research and Content Engineering team
(TRACE) reported the botnet as a growing problem among a small family of super-botnets,
a sign that a few highly-successful bots were starting to monopolize traffic.
If it's growing, what is it about this botnet that has made it so successful?
Srizbi appears to spread by as part of the spam messages it sends, meaning that
its lifecycle extends to reproducing itself and not just distributing email.
This is not a unique feature, but it could be that it is either evading detection
at this stage or tricking people using more sophisticated social engineering.
What makes Srizbi slightly baffling is that botnet controllers like bots to
stay away for the headlines. At the point they become as large as Srizbi has
become, the chances of them being detected and countered increases. It's possible
that Srizbi has been more successful that its creators expected.
If there's hope, it's in the fate of the infamous Storm, which appeared in
early 2007, and became the malware phenomenon of that year. Marshall's figures
suggest it now accounts for less than 1 percent of spam traffic, which suggests
that Sribzi will one day go the same way. However, by the time that this happens,
it is also possible that a new super-botnet will have taken its place.
"Microsoft recently announced its success combating the Storm botnet with
their Malicious Software Removal Tool (MSRT). The challenge now is for the security
industry to collectively turn its sights on Srizbi and the other major botnets.
We look forward to seeing Microsoft target Srizbi with MSRT in the near future,"
said Marshal's Anstis.
» posted by abennett
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
