Mega-D usurps Storm Worm as top spam botnet

Share this article:
Storm Worm is no longer the biggest spam-generating botnet on the block.

The well-known trojan botnet is now just a minor spam source, accounting for only two percent of junk email. Meanwhile, the Mega-D spambot type is responsible for nearly one-third (32 percent) of all unwanted email, according to researchers at Marshal, a U.K.-based messaging security firm.

A year ago, Mega-D, which distributes spam advertising male enhancement pills such as Maxherbal, Express Herbals, Herbal King and VPXL, was disseminating 11 percent of spam, according to Marshal researchers.

“This one bot has already exceeded Storm's records and it has done it quietly without attracting too much attention,” said Bradley Anstis, Marshal vice president of products. “This might signal a new strategy by some of the spam crews to try and draw less attention to themselves through high-profile email campaigns.”

Meanwhile, the Storm botnet, which has used an arsenal of dissemination tactics, had been distributing 20 percent of all global spam last September, according to Marshal.

Likewise, the Pushdo trojan was responsible for 20 percent of all spam last December, but it now distributes only six percent of global junk mail.

Anstis said that Storm may be a victim of its own high profile.

“Microsoft has been targeting Storm with its Malicious Software Removal Tool since September of last year. They claim that they have cleaned around 200,000 computers per week of the Storm bot since then,” he said in a news release. “If that is accurate, it must be a key reason for the decline of Storm.”

The Storm botnet, first seen in January, 2007, claiming to have fresh news about European wind storms, has posed as Valentine's Day greetings and redirected recipients to fake medical sites.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.