Old and New Botnets Responsible for Spike in Spam

Written by Sue Walsh on March 13, 2013

malware

While spam levels continue to decline take botnet activity with it, a new report says that there are still occasional spikes in activity, and some familiar names are to blame. Festi, Cutwail, Waledac  and Kelihos are still out there and pumping out spam, even as they show signs they are on the decline. Another botnet, Darkmailer, has shown a sharp increase in activity, suggesting the criminals behind it have begun using a new technique.

The era of the monster botnets is over, thanks to better detection techniques and ramped up law enforcement efforts. Some of the largest botnets in history are now history themselves thanks to Microsoft and the FBI, who teamed up to eradicate botnets. Rustock, Donbot, and Grum are among the big names and another, Bagle, is close to death. Botmasters made an attempt to bring Waledec back to its former glory, only to be shut down by Polish authorities. While it’s still pumping out spam, its activity levels are low and showing no signs of growth.

Do botnets still have a place in spam distribution? Perhaps, but not the way they used to. They’re much smaller now, probably to avoid detection, and use much more sophisticated techniques to avoid shutdowns. With SMS and social media spam much more popular than traditional email spam, some botnets are being used to compromised websites rather than crank out emails, although some are still used to carry out phishing attacks. Cybercriminals seem to prefer affiliate scams and ransomware as their money making scams of choice, but that doesn’t mean you can turn off your spam filter. Spam may be declining but it’s not going anywhere anytime soon.

Comments

Laura March 26, 2013

I think it’s too early to declare victory on spambots. Yes, they might be low now but who knows what they might be preparing? Still it’s great that some of the biggest ones were taken down, this certainly is a contribution to spam decline.

Claudia March 29, 2013

There are far too many reports and surveys on spam and botnets that it’s definitely possible some would report a drop while others would talk about a spike. Until now there’s no clear framework on how these types of data are gathered, measured, and interpreted. Anyway, you’re right, Laura. It’s too early for a celebration. In fact, we shouldn’t as it may only make us very relaxed. When an attack occurs, we’ll be less prepared, and it’s going to hit us so strong we can potentially lose a lot of money.

Cyrus Mann March 30, 2013

I agree with Laura; we should not yet rejoice over the fact that spam levels are declining. The way I see it, they operate or work like a cycle. They lie low for awhile and come back with a big bang sometime soon. So, yes, we should all continue to regard our anti-spam filters with great value. We should not let our guards down yet. This significant decline – the negative signs of growth and zero activity level – however, is definitely good news! I hope this will continue. Who knows? Maybe the end of spambots is just around the corner!

  • (required)
  • (required)