Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam

Stony Stevenson writes "The new Mega-D Botnet has overtaken the notorious Storm worm botnet as the largest single source of the world's spam according to security vendor Marshal. This botnet currently accounts for 32 percent of all spam, 11 percent more than the Storm botnet which peaked at 21 percent in September 2007. It started about 4 months ago but has been steadily increasing since then. It is also using news headlines to trick victims into opening the spam, a technique synonymous with the Storm worm."

Hmm

[rakuen]

So what's the end goal? A botnet that accounts for 99.9% of all spam? Not that that would necessarily be all bad; at least then we'd be able to unite our ire against one entity.

The largest "single" source?

[n6kuy]

Largest multiple source, I'd say. It's a bot net after all.

Priorities

[Fuzzums]

Isn't is nice to see that governments rather go after internet gambling, something that really doesn't dother me at all, and completely ignore spam, something that is really annoying to us, the normal people...

It makes clear, once again, that governments are totally not 2.0-ready. They don't know about how technologies work and how to deal with it.

Re:Priorities

[erroneus]

Yes, because the voters are appeased when religion is appeased. Prostitution, gambling, drugs and alcohol are all vices that people have been engaged in since the dawn of man. Religion has been the **industry** (don't kid yourself, religion is an INDUSTRY) that has placed itself as an enemy of humanity's vices, its own nature, to justify its existence. Human nature won't change and the perceived need for religion will perpetuate itself for the duration of humanity's nature. And as long as people can be distracted by religion, people will continue to vote for the issues that win elections and enable laws.

The reason governments go after vice is because that's what religion wants and the people speak to what religion has brain washed them into demanding because only religion and religious values stand to fight something as unchangeable as human nature.

"Vice" laws need to go away. It should be written into the constitution of every government that morality is not the domain of government so long as it doesn't conflict with the government's obligation to maintain general welfare and common defense. Gambling, drugs and alcohol and prostitution could NEVER threaten general welfare of a population directly. So laws against them can only be the response of legislators who have responded to the demands of the religion industry.

(And before anyone starts responding with disease and violent crimes related to gambling, drugs and alcohol, and prostitution, you'll find that most of these things are caused by their existence as underground and largely illegal activities as demonstrated very well as the prohibition of alcohol created organized violent crime industries that disappeared when prohibition was repealed. Take away the laws against other vices and you will see similar decreases in the diseases and violence surrounding the other vices... they won't go away but they will actually be less of a threat to GENERAL public welfare.)

An end of religious law would allow the focus of law and regulation that actually serves the purpose of government -- to provide for the common defense and to promote the general welfare.

Re:Priorities

[the_macman]

Bravo sir, Bravo...What you've written is brilliant. I couldn't agree more. Unfortunately for you and I religion will NEVER go away. Here's the catch. Religion is based on faith. The opposite of faith is doubt. To a religious person, anyone who doubts religion is clearly wrong and that just means you must try harder to convince them of your religion. Not too many people say, "Damn your right. My religion doesn't make sense at all." Instead they say, "You poor misguided person. I will pray for you.", and become even more steadfast in their religion.

That's why I'm moving to mars.

Re:Castration

That's only a punishment if there's the remote possibility of the castrate-ee having kids at some point in the future. For most slashdotters (and likely those responsible for the botnet), that's not much of a punishment since we're extremely unlikely to reproduce anyway.

Is it time to thank the enablers?

[erroneus]

In a world full of people looking to get what they want at the expense of all others, we should learn to accept that the bigger fish will eat the smaller fish, but even the smaller fish gotta eat.

People drive their cars every day... there are accidents sometimes. The accidents slow the traffic and pisses everyone off. Sometimes accidents are actually the fault of stupid people. Sometimes the accidents are design problems in the cars. Sometimes the accidents are problems with the roads themselves. But when the accident is cleared and people are going their merry way, we forget the accidents and we certainly never give the causes another thought.

Sometimes people do things to help make the roads safer, but what really works is education and improving levels of awareness. Where driving is concerned, at least where I live, we're at a pretty good balance... not too many accidents and awareness is high enough that it stays that way. Because when it comes to travel on the roads, we know there are no safe roads and there are no safe cars. There are only safe drivers.

I'm trying to draw pictures to draw comparisons. The comparisons should be rather obvious if I haven't been modded -2 Off-topic already. I'm trying to show the motives and the mentality leading to how we got where we are... we have stupid people without awareness or education. We have unsafe computers and unsafe networks. The network needs to be safer, but it can only be "so safe" without removing too much of its usability. The computers need to be safer and certainly CAN be safer... just like cars, the makers need to be sued and regulated until they ARE safer. (Yes, that means Microsoft should be held accountable for their part of the blame!) But computers can only be made "so safe" without removing too much of its usability. After that, the rest of the balance can only be maintained with education and awareness and that's the job of the governing bodies.

We live in a world with a lot of problems and dangers. We teach about a lot of things and think it's rather natural that those things we don't teach and warn people about will naturally lead to problems related to it. We've got a culture and economic system that *VERY* dependent on the public internet and the use of personal computers. We've got heavy dependence on a very weak and exploitable system. I just have to wonder how bad it has to get before the enablers are finally held responsible.

The enablers are the designers of the internet, Microsoft and the governments. The internet is being fixed with IPv6 but not fast enough because the governments are in the pockets of the people who stand to make less profit while the transitions are being made from IPv4 to IPv6. Microsoft is a significant inhibitor (among others) of change and improvement because they are the dominant technology connecting the public internet to the users and to the resources and economy that they all mutually depend on. Government is the only way to make change happen because it is clear that the wisdom and intelligence of the public is low enough that they will always be ineffective. Microsoft and other industry players spend and pay so that they can remain unregulated. They are the enablers of the hell we live with. Let's thank them. Thank the enablers.

It is the government's responsibility to educate the people absolutely and they are failing in that responsibility absolutely. (Note that I don't say it is the government's responsibility to protect the people. Government needs only to provide for common defense and to promote general welfare.) It is also the government's responsibility to regulate things that can cause problems or interference with the general welfare which includes the economy. The public internet, anything dependent on the internet, and the economy are demonstrably threatened by unregulated majority and monopoly players such as Microsoft. They don't want to be regulated, but they need to be regulated as the general welfare is at risk.

A si

Re:Is it time to thank the enablers?

[Kineel]

It is the government's responsibility to educate the people absolutely and they are failing in that responsibility absolutely.

That is perhaps the single most frightening statement I have ever read. Government education has been responsible for some of the biggest crimes in the past couple of centuries. See Germany in the 1930's or the Soviet Union for the first half of the 20th century for examples of this.

However, reading the rest of your post proves that government education is alive and working here in the U.S.

STOP listening to what the big government is trying to teach you, get out of the house and talk to real people. NOT just your close friends.

Don't rely on the Government for absolute education. People need to understand humans act like humans, and the same goes for institutions run by humans. If the Government is failing to educate, then take it as a fundamental truth that the Government is not the place to turn to for education.

Re:Spam? What's that?

[chromatic]

Spam is not annoying any more.... So you say all this spam is clogging up bandwidth? Well I bet it's still nothing compared with the bandwidth consumed by file sharing and video web sites.

I bet you've never run a mail server.

Re:Spam? What's that?

[rakuen]

It's ridiculous to think that mail parsers mean spam is conquered. If it was, then the Mega-D botnet wouldn't have even gotten out the door. Yet it has. Until people are educated to avoid spam, it will never be conquered. And the lack of education is evident because this botnet easily contains a plurality of all spam messages.

Re:imagine what they could do...

[kramulous]

Except the compromised machines are probably the same ones.

Re:Q about the botnet world

[ShaunC]

I'd venture to say that a nontrivial number of infected hosts are victims of "botnets fighting over the same zombies." By default, the zombie population is a fairly fixed one; PCs whose owners have demonstrated a willingness to click on any random bullshit that shows up in their email. I'd say it's generally accepted that someone who has become infected with Botnet_A is far more likely to become infected with Botnet_B than someone who practices good security behavior. Of course this population is always growing as the number of PC owners increases, and I've seen stats showing that the normal seasonal variations occur... Botnet activity and the number of distinct zombies tends to go up just after Christmas, at the start of spring and fall college/university semesters, etc.

I doubt that Mega-D is version n+1 of some other malware; this is someone new making their entrance into the underground enterprise. A bot herder has no real incentive to develop an entirely new trojan when their existing bot is still effective. Most modern bots have three primary directives: send spam, propagate, and upgrade/polymorph themselves. If something about Storm, for example, is rendered ineffective by AV or antispam products, it's much easier (and cheaper) for the Storm herder to push out a new release of Storm than it is for him to procure a completely new trojan. The ability to detect and upgrade to new builds is an inherent capability of Storm. Why bother trying to deploy something new when you can upgrade what you already "own?"

It's been shown that Storm's herder can petition off groups of hosts into sub-botnets, presumably to be sold or rented to specific customers. They're still technically part of the Storm botnet, though. Smaller players may have a reason to maintain a series of independent, parallel botnets if they find that their trojans don't deploy well. Surely if you're in the botnet business and you can't reach the "market share" of Storm or Mega-D, it would be to your advantage to experiment and diversify. I wouldn't be surprised if many of the smaller, less successful botnets are actually controlled by a handful of people trying to break into the game.

But I guess all of this is just speculation until we actually catch a few of these assholes and learn firsthand how they operate.

Re:PEBKAC

[Ox0065]

The solution is out there. Have you ever heard someone tell you that

• they must have security updates turned off, because they might break the computer? (This is where your proposal falls down)
• they don't need virus protection, because they have a fire wall
• they can't use passwords, because "what if someone else needed to get on"
• they are perpetually in an administrator account, because right clicking executable & selecting "run as" is WAY to inconvenient
• they are using internet explorer, because their favourite website only works if they allow the world to run unsigned activeX controls
• they are using outlook, because learning how to use any other calendar & task list is IMPOSSIBLY EXPENSIVE. Think of the down time
• their computer takes 30mins to boot up
• their internet connection is slow
• they have regular IT outages costing them WHAT?
• the government & their ISP should do something about these damn spammers
• they didn't have a virus before they spoke to you
• all of the above

Solutions exist. The problem is all the wrong kinds of 'education'

+1

[toadlife]

If spam went away, everyone except for the largest email providers could run their MTAs on old surplus pentium 100s...and mail would flow very quickly.

Re:Spam? What's that?

[totally+bogus+dude]

Just to add to QuantumRiff's sentiments, calling spam "solved" by spam filters is like calling world wide conflicts "solved" by the arms race. Spam is only a trickle for you because many people spend a lot of time/money (and I mean, a lot) developing and purchasing anti-spam software and hardware. This stuff is under constant development to keep up with the latest techniques used by the spammers. This is similar to how the current state of superpower militaries keeps the peace; large-scale wars of aggression aren't viable at the moment. But this balance of power could shift pretty quickly, for example if someone has a major technological breakthrough that they're able to exploit before anyone else.

Even if we are able to keep up the pace of anti-spam technological improvements indefinitely, it's still a massive waste of resources. The spam problem just shouldn't exist. Sure we do get some dividends in terms of research into natural language parsers and the other techniques being used to automatically classify messages, but most of the people doing this could be doing more productive things with their time.

In the end I think it will only be solved when we solve the botnet problem, but it doesn't look like that's going to happen any time soon.

P.S. If you're trying to argue that something is "solved", it's usually a bad idea to also admit that there's only one provider of a viable solution (i.e. pop3/imap spam-free email) in the entire world. That's not a "solution", that's "an invitation to charge us whatever you wish for your service". Also free providers are a bad fit for businesses: using gmail or other free providers for your corporate email address makes your company look a bit cheap; not to mention the privacy issues.

P.P.S. You might find a trickle of spam not to be annoying, but plenty of others do, especially those who are responsible for implementing your so-called solution.