14 DAY TRIAL // Cybercriminals often rely on spam botnets to distribute malware or to lure users to their malicious websites. According to McAfee experts, there are several such botnets, some of which have already died, others that have survived the takedowns, but there are also some newcomers to the scene.
In his latest post, McAfee Senior Threat Researcher Francois Paget makes an interesting review of all the spam botnets.
The botnets that have been taken down are Bobax (or Kraken), considered to be one of the first spam botnets; Donbot, first encountered in 2008 and taken down in 2011; Grum, taken down last summer; Fivetoone, which disappeared in March 2012; and Rustock.
The last one from this category, Bagle, is not completely dead, but it’s in poor condition. Experts are currently monitoring the Bagle-CB variant of the threat.
The list of survivor botnets includes Cuwail, considered to be the second most prevalent; Festi, which is the most prevalent; Lethic, a threat that’s now in decline; and Maazben, which dropped from the third position to the fifth over a period of 9 months.
The newcomers are Kelihos, which was disrupted back in 2011, but reappeared at the end of 2012; Waledac, which resurfaced shortly after being taken down in 2010; Slenfbot; and Darkmailer. Darkmailer has been around since 2003, but it started becoming more prevalent only a few weeks ago.
According to McAfee’s latest quarterly report, there weren’t any changes in the new infection rates in Q4 of 2012 compared to the previous quarter. However, considerable growth in the number of infections has been recorded in several countries.
For instance, in Russia by 43% and in China by 41%. On the other hand, in Turkey, the infection rates decreased by 70%, in Germany and India by 50%, in Spain by 45%, in Argentina by 44%, and in Brazil by 41%.