Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Spam Comes From Just Six Botnets

Posted by CmdrTaco on from the all-obsessed-with-your-wang dept.

Ezhenito noted some research pointing out the (maybe) surprising bit of research that 6 botnets are responsible for 85 percent of the world's spam. That seems a bit high to me, but the only aspect of spam I am an expert in is *getting* it.

8 of 268 comments (clear)

  1. Most Spam Comes from just Six Bots, not Botnets by Aaron+Isotton · · Score: 5, Informative

    What TFA says is that most Spam comes from the following six types of Bot:

    Srizbi: 39%
    Rustock: 20%
    Mega-D: 11%
    Hacktool.Spammer: 7%
    Pushdo: 6%
    Storm: 2%
    Other: 15%

    This doesn't necessarily mean that most spam comes from six botnets. Some of the bots could be used by multiple bot masters; OTOH some botmasters could control multiple botnets using different bots.

    Something else I just thought of:

    The botmasters are going to use the best bot available, i.e. the one enabling them to send most spam at the least cost. On the other hand, the "good guys" are fighting spam (and the bots). So whenever a certain bot starts taking over (currently Srizbi) all the good guys will focus on that one and try to shut it down. So the bot decreases in value and another, better bot will take over. Evolution at its best.

    The Antivirus companies which are trying to fight the malware are also trying their best. The big difference is that while the success of a spambot can be easily measured by the customer (i.e. the botmaster), the success of an AV product is much harder to estimate. Also, the typical AV customer doesn't have the ability/time to find out which AV product is best for him. Moreover, AV products are some sort of subscription service (you buy the package and get 1 year of updates) which makes it hard to switch products. Often AV products are bundled with computers, selected by business principles and not by technical superiority.

    In other words, the evolution process of malware is far superior to the one of AV products.

    1. Re:Most Spam Comes from just Six Bots, not Botnets by xZgf6xHx2uhoAj9D · · Score: 4, Informative

      What does the underlying security model have anything to do with idiots running Windows as administrator?

      Everything. People run as administrator because they have to.

      How is your "poor Windows security model" different than someone running Linux as root?

      It's different in that a user does not have to run as root in Linux to get useful work done.

      Ever tried to debug as an unprivileged user on W2K? Ever tried to install software? Just what is the Windows equivalent of sudo that ships standard with Windows XP?

      Windows is secure once you spend 1 minute creating a non administrator account.

      Let me correct that for you: Windows won't let you do anything of substance once you're running as non-administrator. That is the problem.

      Disclaimer: this situation has changed somewhat in recent years. However, considering the number of Windows user still running W2K or Windows XP (and for good reason), it's still concerning.

    2. Re:Most Spam Comes from just Six Bots, not Botnets by jimicus · · Score: 4, Informative

      I've just spent the last week wrestling with Vista's implementation of UAC, and I agree with what you've been told.

      For better or for worse, I administer a bunch of desktops and my current build process consists of a number of automated installations (most software installations can have all the mindless "click next next next" automated away fairly easily). I am at an awkward point where I have enough machines to want to automate the process, but not enough that I can easily just buy 100 identical systems and ghost the lot. And before you ask, I don't run Active Directory so rollout through group policy is out of the question.

      It looks like this process will require substantial redesigning for Vista, as there doesn't seem to be an easy programnatic way to say "do everything below this point without bothering me through UAC". Neither is there an easy programmatic way to disable UAC altogether, even on a temporary basis. (Yes, I know about the registry setting from the command line. But that needs to run from an elevated command line which, guess what, you can't set up without interaction).

      The way UAC works is that normal users still can't do a bunch of things. This doesn't change; they probably won't ever see a UAC prompt. Administrators can do everything they're used to, but by default if they want to do anything administrative, UAC steps in and says "Cancel or allow?".

      I can understand from Microsoft's perspective that it's somewhat pointless to create such a system and then create an easy method to work around it, but I can't believe that in the whole corporation there aren't a few people with the brains between their two ears to realise that it's a very inelegant solution which adds hassle without really solving the problem.

    3. Re:Most Spam Comes from just Six Bots, not Botnets by dc29A · · Score: 4, Informative

      Everything. People run as administrator because they have to. Since when?

      On my non administrator account I run the following programs (Windows XP):
      - World of Warcraft.
      - A few other games I play once every blue moon.
      - Music player, video player, encoders, editing software.
      - Office.
      - VPN client for my job.
      - Firefox with Flash, Java, AdBlock and NoScript.
      - Azureus.
      - Thunderbird.

      I need administrator to run these:
      - Windows update (Duh!).
      - Various software updates (Duh!).

      How is that different from a typical Linux usage? I still need root access (via sudo or root) to update my OS and installed programs. So where is this "Windows won't let you do anything of substance once you're running as non-administrator." problem?. I can play video games, do video editing, listen to music, surf the web, use office and work from home via VPN and all that without being logged in as administrator. Where is the problem?

      I am perfectly aware that there are a few programs that have trouble running as non administrator most notably CD burning/ripping stuff. You can always run them "Run as administrator" or find one that works fine. Mind you, I never bothered finding one that works well, just picked up one from Sourceforge and run it as root.

      The whole Windows security "issue" is strictly educational. The underlying OS has a very solid security framework that IMHO is better than Linux because it's more granular.
  2. Re:How much spam do you actually get? by shird · · Score: 4, Informative

    rather than creating a new gmail account, you should look at spamgourmet.com. The email accounts are created and limited automatically. Just give out an email address, and it automatically is limited to x many emails. You need to have a read up on it, but its very easy to use.

    Or you can put a prefix to your gmail address with a '+'. ie. "temp+john38@gmail.com" the mail still gets delivered to john38@gmail, but with 'temp+john38@gmail.com' in the 'to:' field, allowing you to filter it easily.

    --
    I.O.U One Sig.
  3. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  4. Re:How much spam do you actually get? by Tacticus.v1 · · Score: 5, Informative

    I just checked this and i think you got the address round the wrong way.

    you need to put it john38+temp@gmail.com for it to work as the other way round just goes to the wrong address

  5. Re:Hmm by graphicsguy · · Score: 4, Informative

    Perhaps it's not a random Microsoft bash, but a reference to Bill Gates' claims in 2004 that the spam problem would be solved by 2006.