Botnet World and the 10 Most wanted Spam Botnets…

Posted: July 25, 2010 in Software, Uncategorized

Spam continues to flood most of our inboxes despite the numerous filters used to check them. One of the big reason for this is the growth in malicious botnets. So as many of us know Botnets are command-and-control systems used by cyber criminals to send spam into our email boxes. Bots are one of the most sophisticated and popular types of cybercrime today. They allow hackers to take control of many computers at a time, and turn them into “zombie” computers, which operate as part of a powerful “botnet” to spread viruses, generate spam, and commit other types of online crime and fraud. This example illustrates how a botnet is created and used to send email spam.

Botnet Illustration

Botnet Illustration

1) A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application—the bot.

2) The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server).

3) A spammer purchases the services of the botnet from the operator.

4) The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.

Recently a M86 Security recently released ‘Top Ten Most Wanted’ spam-spewing Botnets list. Let’s take a look at this week blog post..


Rustock’s malware employs a kernel-mode rootkit, inserts random text into spam and is capable of TLS encryption. Concentrates solely on pharmaceutical spam.


This long-running botnet has had its ups and downs, owing to the attention it attracts from researchers. Concentrates mostly on pharmaceutical spam.


This spambot employs a kernel mode rootkit and is often installed alongside Pushdo on the same host.


This is a multi-faceted botnet with many different types of campaigns. A major distributor of malware downloaders and blended threat e-mails, but also sends pharma, replica, diploma and other types of spam.


This too uses a kernel-level rootkit. Grum employs a range of spamming templates that change often, served up by multiple Web servers. Mostly pharma spam.


The malware acts as a proxy by relaying SMTP from a remote server to its destination. This too is largely pharma and replica spam.


Another old timer, this botnet employs sophisticated methods to locate its command servers.


Bagle gets its name from an earlier mass-mailing worm. This Bagle variants act as proxies for data, and especially spam


Maazben uses a proxy-based spam engine. In certain cases it may also use a template-based spam engine if the bot runs behind a network router. The botnet specialises in Casino spam.


Donbot is named after the string “don” found in the malware body. This too is largely pharma spam. “Other” spambots account for 10.7% of all spam.

    Protect Against Bots:

To safeguard against malicious bots, here is my advice:

— Install top-rated security software (such as Avast or Norton 360).
— Configure your software’s settings to update automatically.
— Increase the security settings on your browser.
— Limit your user rights when online.
— Never click on attachments unless you can verify the source.
— Ensure that your system is patched with the most current Microsoft Windows Update.
— Set your computer’s security settings to update automatically, to
ensure you always have the most current system patches.

  1. […] This post was mentioned on Twitter by securitypro2009 and Regilberto Girão, Ravi Kanth L. Ravi Kanth L said: Botnet World & the 10 Most wanted Spam Botnets - […]

  2. Localearch says:

    Spam kills Internet for sure..

  3. Euthad says:

    It helped me a lot!

  4. Marie Chelle says:

    Thank you very much my friend, you are very kind in sharing this useful information with? others…. The details were such a blessing, thanks.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s