Szirbi botnet causes spam to triple in a week

Share this article:

Malicious spam has tripled in volume in a week, most of it caused by the Srizbi botnet, according to research by the Marshal TRACE team. 

When June began, three percent of total spam was malware, but by the following week, that amount jumped to 9.9 percent. Malcious spam usually contains a URL linking to a malware-serving website.

Since February, Srizbi has been responsible for nearly half of all spam, overtaking the previous record holder — the Storm botnet.

Glen Myers, an engineer with Marshal, attributed the increase to one of two things:

“Either it is a mistake and the bad guys are cranking out more malicious spam than they meant to,” Myers told SCMagazineUS.com on Wednesday, “or this is a push to take over more of the market. The more machines they have, the more money they can make."

Srizbi is a pernicious botnet, not just due to its size, but also because it implements an extremely fast mail-sending engine, Matt Sergeant, senior anti-spam technologist at messaging security vendor MessageLabs, told SCMagazineUS.com.

“Those who have worked in IT for some time will remember when Microsoft moved the graphics engine for Windows into the kernel in NT4 in order to improve performance,” he said. “That's what the botnet authors have done with Srizbi in order to be able to send mail faster -- moved the engine into the Windows kernel. This allows it to send more mail per hour than a regular botnet.”

Most of the recent malicious spam is capitalizing on two popular ways of social networking. One is to spoof the Classmates.com site by sending messages saying there is an update on friend information. The other is to send a video link with a message stating, “Here's a link of you doing something stupid.”

Myers said efforts to bring down Srizbi will be challenging.

“The botnet is very good at keeping out of sight,” he said. “It changes frequently, making it more difficult to detect with malware scanners.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.