News

Srizbi Grows Into World's Largest Botnet

Srizbi is taking the Internet by storm, and taking Storm by storm as well.

By John E. Dunn, TechWorld.com

May 13, 2008

The prodigious Srizbi botnet has continued to grow and now accounts for up to 50 percent of the spam being filtered by one security company.

If the latest figures from security company Marshal can be taken at face value -- their engines scan much the same traffic as do others in the industry -- then Srizbi is now the biggest single menace on the Internet, dwarfing even the feared and mysterious Storm.

Having compromised 300,000 PCs around the world, it was now sending out an estimated 60 billion spam emails per day on "watches, pens, male enlargement pills", a torrent that consumed huge amounts of processing power to keep in check.

"Srizbi is the single greatest spam threat we have ever seen. At its peak, the highly publicized Storm botnet only accounted for 20 percent of spam. Srizbi now produces more spam than all the other botnets combined." said Marshal's Bradley Anstis.

In March of this year, Marshall's Threat Research and Content Engineering team (TRACE) reported the botnet as a growing problem among a small family of super-botnets, a sign that a few highly-successful bots were starting to monopolize traffic.

If it's growing, what is it about this botnet that has made it so successful? Srizbi appears to spread by as part of the spam messages it sends, meaning that its lifecycle extends to reproducing itself and not just distributing email. This is not a unique feature, but it could be that it is either evading detection at this stage or tricking people using more sophisticated social engineering.

What makes Srizbi slightly baffling is that botnet controllers like bots to stay out of the headlines. At the point they become as large as Srizbi has become, the chances of them being detected and countered increases. It's possible that Srizbi has been more successful that its creators expected.

If there's hope, it's in the fate of the infamous Storm, which appeared in early 2007, and became the malware phenomenon of that year. Marshall's figures suggest it now accounts for less than 1 percent of spam traffic, which suggests that Sribzi will one day go the same way. However, by the time that this happens, it is also possible that a new super-botnet will have taken its place.

"Microsoft recently announced its success combating the Storm botnet with their Malicious Software Removal Tool (MSRT). The challenge now is for the security industry to collectively turn its sights on Srizbi and the other major botnets. We look forward to seeing Microsoft target Srizbi with MSRT in the near future," said Marshal's Anstis.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Taking the Botnet Threat Seriously

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development