News

RSA - As Storm Fades, Botnet Fight Goes on

By Robert McMillan

April 09, 2008 — IDG News Service —

When Owen Walker was arrested for masterminding a massive international network of compromised computers last year, it seemed like a major victory in the war against botnets.

The 18-year-old New Zealander, who pleaded guilty to hacking charges last week, was arrested in the second of a series of actions, called Operation Bot Roast by the U.S. Federal Bureau of Investigation that were touted as major strikes against cyber-crime.

"The operation was an attempt to kind of smoke the botnet underground out," said Matthew Fine, the FBI special agent who worked on the case. "Did we make a dent? That is for you to determine," he told attendees during a panel discussion at the RSA Conference in San Francisco Tuesday.

According to one botnet hunter, not much has changed.

"I'm sorry to report this, but it did not make a dent in my workload," answered fellow panelist Joe Telafici, vice president of Avert operations with McAfee Inc. "The problem today is many orders of magnitude worse than it was."

Telafici believes that unless it becomes more expensive to run a botnet, nothing will change. It's simply too profitable to run these networks, and when someone like Owen Walker is arrested, there's always another criminal ready to take his place.

Some botnets are fading. Helped by better detection on the part of Microsoft's Malicious Software Removal Tool, which ships as part of the Windows operating system, the infamous Storm botnet has shrunk to a fraction of its former size.

On Tuesday, security vendor SecureWorks published a list of the largest botnets that are being used to send spam e-mail messages. Storm barely made the top five.

The largest and fastest-growing network is called Srizbi. With an estimated 315,000 bots, it can send as many as 60 billion messages per day. Last fall it made headlines when it sent out unauthorized spam messages promoting presidential candidate Ron Paul.

Written in part by a contract programmer from the Ukraine, Srizbi thrives using a technique known as social engineering -- it sends out links to malicious files, claiming that they are pornographic videos of celebrities. When the user clicks on the files, they become infected with the malware.

Storm has long thrived on social engineering techniques, too, sending malicious e-mail that is often linked to events in the news or holidays. But it now has only about 85,000 infected machines, and less than half of them are being used to send spam.

The other top spam-spewing botnets are Bobax, also known as Kraken, which has about 185,000 machines; Rustock, with 150,000, and Cutwail: 125,000.

1 | 2 |next page »

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Infrastructure

» Outbound Email and Data Loss Prevention
This report shows the findings of a recent Proofpoint and Forrester Consulting study on e-mail security, data loss prevention, and includes statistics on electronic risks.

» A Modern Approach to On-Demand Email and Data Security
Learn how Proofpoint delivers a dedicated, hosted e-mail security solution that combines state-of-the-art anti-spam and virus control.

» A Proactive Approach to e-Discovery
Learn about the key e-discovery challenges facing legal and IT departments today and how businesses can develop an e-mail archiving strategy to deal with e-discovery requests.

» The Advantages of Identity Based Encryption
Download this paper to learn why e-mail encyrption is critical to an organization's overall security architecture and the advantages of identity-based encryption.

» Global Best Practices in Email Security, Privacy and Compliance
This whitepaper discusses the latest global regulations that impact the e-mail security policies and strategies of today's enterprises, universities and government organizations.

Center sponsored by