Srizbi Botnet Is Largely Responsible for Recent Sharp Increase In Spam
- By Grey McKenzie
- Published 06/25/2008
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog & one of the nation's leading cyber security experts, Grey McKenzie is also the Founder of SpyCop Security Software.
His clients include members of the Department of Homeland Security, FBI, CIA, State & Local Law Enforcement.
He is regularly consulted by industry leaders regarding cyber security issues.
To schedule a procedural, technical and non-technical network security audit of your company call 902-467-0200
ATLANTA, GA--(Marketwire - June 25, 2008) - The volume of malicious spam in circulation has more than tripled in one week, according to new research from Marshal's TRACE team. This sharp increase can be largely attributed to the Srizbi botnet, which is currently responsible for 46 percent of all spam sent. Malicious spam jumped from 3 percent of total spam traffic at the start of June to 9.9 percent the following week.
'Malicious spam' is spam that isn't designed to sell a product or service, but is intended specifically to infect recipients' computers with malware. It typically involves a social engineering ploy to lure recipients into thinking it is harmless or related to something of interest, such as free pornography or an invitation to view a greeting card from a friend. It usually includes a URL link to a website hosting malware. Often the malware is falsely presented as a video or game that the recipient is tricked into activating.
"The Srizbi botnet is behind much of this increase in malicious spam," said Phil Hay, lead threat analyst with Marshal's TRACE team. "Srizbi's criminal controllers are currently on a major expansion drive. The more computers infected by Srizbi bots the more money they can make."
The most common campaign Srizbi is using at present is a 'stupid' theme that tries to hook users by including the first part of their email address in the subject line along with the suggestion that they look stupid in a video. Users are often quick to investigate the potentially embarrassing footage before they consider the true malicious nature of the message.
Another recent campaign from Srizbi is based on the social networking phenomenon of connecting to old acquaintances online. It targets the Classmate.com service by using its name in malicious spam with subject lines such as "You have one new message. Classmates" and "Friends waiting for you Tomorrow! Classmates." Once the recipient clicks on the link, they are taken to a fake page that resembles the actual Classmates.com website where they are directed to run a supposed Flash video player. When users click on the link, they are prompted to download an executable file that infects their computer.
"This kind of social engineering tactic is nothing new," said Hay. "What is significant is the rapid increase in the volume. It once again demonstrates the incredible power and dominance that the major spamming botnets have over email traffic. Very few legitimate businesses could triple their email capacity at the push of a button. But this is the advantage that the illegal control of thousands of computers gives the spammers."
"We see Srizbi as one of the biggest threats to Internet users today," said Hay. "We are trying to work with other security researchers to raise the profile of Srizbi and the threat it represents. In contrast, the Storm botnet receives more research and media attention, yet its impact is now bordering on insignificant. When Storm became a high-profile target, Microsoft had great success in removing it from thousands of infected PCs with their Malicious Software Removal Tool. Now, Srizbi needs to become a similar priority for security researchers."
"In the meantime, users should be wary of emails that make personal offers such as online friend connections or include inflammatory personalised subjects such as 'you look stupid in this video,' particularly if they don't recognise the sender," he said.
Marshal's charts and statistics depicting botnet activity over time can be found on the TRACE Center: http://www.marshal.com/trace/spam_statistics.asp.
About the Marshal TRACE Team
TRACE (Threat Research and Content Engineering) is a group of Marshal security analysts who constantly monitor and respond to Internet security threats through the TRACE website at www.marshal.com/trace. TRACE services are provided as part of standard product maintenance that includes updates to Marshal's unique, proprietary anti-spam technology, SpamCensor. TRACE analyzes spam, phishing and Internet security trends and provides frequent automated updates to Marshal customers. It also provides "Zero Day" security protection against new email and virus exploits the day they emerge.
