{"id":1294,"date":"2009-10-10T23:56:37","date_gmt":"2009-10-11T03:56:37","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=1294"},"modified":"2022-12-30T12:18:48","modified_gmt":"2022-12-30T17:18:48","slug":"size-doesnt-matter-for-botnets","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/size-doesnt-matter-for-botnets\/","title":{"rendered":"Size Doesn’t Matter for Botnets"},"content":{"rendered":"

\"Size<\/a>DarkReading<\/a><\/em> points out a new report<\/a> released on 09-29-09 from researchers at Symantec’s<\/a> MessageLabs<\/a> unit which provides a detailed analysis of the size and output of current botnets<\/a>. One of the report’s conclusions: Size doesn’t always matter.\u00a0 Rustock<\/a>, for example, is still the largest of the botnets, with an estimated size of between 1.3 million and 1.9 million nodes. Cutwail<\/a> is next in size, with an estimated 1 million to 1.5 million bots.<\/p>\n

\"Size<\/a>But neither of these two botnets is the largest proliferator of spam, according to Paul Wood, senior analyst at MessageLabs and one of the authors of the report. That title goes to a rapidly emerging botnet called Grum<\/a>, which delivered an average of 39.9 billion spam messages per day last quarter — more than 23 percent of all the spam on the Internet.<\/p>\n

Despite the fact that it’s half the size of Rustock, Grum is generating much more spam,<\/em>” Wood says. “It’s getting each bot to do a lot more work.<\/em>”<\/p>\n

Bobax, a botnet that has been around for more than two years, is also becoming more efficient, generating more than 27 billion messages per day and 15.2 percent of all Internet spam<\/a>, the report says. That means each Bobax node generates more than 1,400 spam messages per minute.<\/p>\n

Botnet operators have discovered that many ISPs<\/a> don’t immediately recognize the huge output of individual bots because each bot’s performance is affected only on the upload, not on the download, Wood says. “Your computer might be a bot, but it might not affect your download performance very much,” he observes. “It’s only when users try to upload something and experience a performance problem that the ISP gets a complaint.<\/em>”<\/p>\n

As they become more sophisticated, botnet operators are finding ways to make their infrastructures more efficient, Wood says. A new botnet, Maazben, accounted for only 0.5 percent of Internet spam 30 days ago, but now is generating 4.5 percent — about 2.4 billion messages a day — at its peak. As with Bobax, each Maazben bot is highly productive, pushing out nearly 1,300 spam messages per minute.<\/p>\n

No matter what their size or how efficiently they operate, botnets clearly are at the heart of the spam problem, MessageLabs says. According to the report, botnets generated an average of more than 150 billion messages per day last quarter — nearly 88 percent of all the spam on the Internet.<\/p>\n

The takedown of ISPs like McColo<\/a> definitely helped, but it doesn’t solve the problem,<\/em>” Wood says. “Already we see botnet operators spreading traffic across multiple ISPs, effectively giving themselves better backup than some enterprises have.<\/em>”<\/p>\n

Related articles<\/h6>\n