The TRACE team has been tracking spam from major spambots for some months now. You may have noticed a new graph on our spam statistics page which shows spambot activity over time. This graph is an account of spam received from each spambot for each week.
The most outstanding thing about this graph is the total dominance of Srizbi, which at times has represented 50% of all the spam received in Marshal’s spam traps. Note also Srizbi’s rapid rise in February, which coincided with the beginning of an aggressive spam campaign involving celebrity and other social engineering hooks to entice users to click on the link provided. This campaign is still ongoing, as we recently reported here and here .
Another thing that can be seen clearly in the graph is Mega-D’s dip in February, when its control servers were taken offline as we reported here. Is it coincidence that Srizbi rose to prominence at the same time?
Along with Srizbi, the major spam botnets, namely Mega-D (aka Ozdok), Rustock, Pushdo (aka Cutwail, Pandex), Hacktool.Spammer (aka Kracken and Bobax) together account for over 90% of spam. Meanwhile, the infamous, but aging, Storm has slowly slipped in importance to just 1% of spam.
