Mega-D usurps Storm Worm as top spam botnet

Share this article:
Storm Worm is no longer the biggest spam-generating botnet on the block.

The well-known trojan botnet is now just a minor spam source, accounting for only two percent of junk email. Meanwhile, the Mega-D spambot type is responsible for nearly one-third (32 percent) of all unwanted email, according to researchers at Marshal, a U.K.-based messaging security firm.

A year ago, Mega-D, which distributes spam advertising male enhancement pills such as Maxherbal, Express Herbals, Herbal King and VPXL, was disseminating 11 percent of spam, according to Marshal researchers.

“This one bot has already exceeded Storm's records and it has done it quietly without attracting too much attention,” said Bradley Anstis, Marshal vice president of products. “This might signal a new strategy by some of the spam crews to try and draw less attention to themselves through high-profile email campaigns.”

Meanwhile, the Storm botnet, which has used an arsenal of dissemination tactics, had been distributing 20 percent of all global spam last September, according to Marshal.

Likewise, the Pushdo trojan was responsible for 20 percent of all spam last December, but it now distributes only six percent of global junk mail.

Anstis said that Storm may be a victim of its own high profile.

“Microsoft has been targeting Storm with its Malicious Software Removal Tool since September of last year. They claim that they have cleaned around 200,000 computers per week of the Storm bot since then,” he said in a news release. “If that is accurate, it must be a key reason for the decline of Storm.”

The Storm botnet, first seen in January, 2007, claiming to have fresh news about European wind storms, has posed as Valentine's Day greetings and redirected recipients to fake medical sites.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.