14 DAY TRIAL // It has been discovered that two of the botnets that are responsible for the largest number of spam attacks, Srizbi and Rustock, share the same principle when it comes to malware spreading. They both use Trojan.Exchanger, a type of malware that comes with unsolicited email. Each time users decide to check what's behind certain intriguing advertisements or unbelievable breaking news headlines, their machines get infected. Unknowingly, users get into a botnet that uses their computers to send tens, hundreds or even thousands of spam messages to other email accounts.
"The rise in malicious spam and the rise of Rustock are directly linked. Rustock has grown through malicious spam. Its success in infecting more computers through malicious spam has bred further success. It has been able to send even more spam in a kind of ever-increasing cycle." explains Phil Hay, lead threat analyst for Marshal's TRACE Team for MarketWatch. The other botnet also exploits people's naivety and grows at increasing speed.
Due to the resemblances between the two botnets, some claim that the spam networks are, in fact, being managed by the same man or criminal ring. "Some malware researchers have described Srizbi and Rustock as rival botnets, our data indicates that this apparent rivalry is a sibling rivalry at best. Srizbi and Rustock seem to be supported (controlled) by the same parent (bot herder)." comments a FireEye researcher on the official blog of the company.
Other specialists don't agree with the theory and rather believe that a major spammer is using both botnets to be harder to identify. "Maybe their bots are getting blacklisted faster when they're sending out URLs with fake video files because they're easy to spot, so their spam doesn't get through. So they send malware from this botnet, and spam from this one, to keep out of the blacklists longer." Joe Stewart, director of security research for SecureWorks said for DarkReading.