David Kirkpatrick

July 16, 2010

Spambot “most wanted” list

Filed under: Business, et.al., Technology — Tags: , , , , , , — David Kirkpatrick @ 2:16 pm

You know what to do

From the link:

1. Rustock (generating 43% of all spam)

The current king of spam, its malware employs a kernel-mode rootkit, inserts random text into spam and is capable of TLS encryption. Concentrates solely on pharmaceutical spam.

2. Mega-D (10.2%)

A long-running botnet that has had its ups and downs, owing to the attention it attracts from researchers. Concentrates mostly on pharmaceutical spam.

3. Festi (8%)

A newer spambot that employs a kernel mode rootkit and is often installed alongside Pushdo on the same host.

4. Pushdo (6.3%)

A multi-faceted botnet or botnets, with many different types of campaigns. A major distributor of malware downloaders and blended threat e-mails, but also sends pharma, replica, diploma and other types of spam.

5. Grum (6.3%)

Also employs a kernel-level rootkit. A wide range of spamming templates changes often, served up by multiple Web servers. Mostly pharma spam.

6. Lethic (4.5%)

The malware acts as a proxy by relaying SMTP from a remote server to its destination. Mostly pharma and replica spam.

7. Bobax (4.3%)

Another long-running botnet that employs sophisticated methods to locate its command servers. Mostly pharma spam.

8. Bagle (3.5%)

The name derives from an earlier mass-mailing worm. Nowadays, Bagle variants act as proxies for data, and especially spam.

9. Maazben (2.0%)

By default, uses a proxy-based spam engine. However, it may also use a template-based spam engine if the bot runs behind a network router. Focuses on Casino spam.

10. Donbot (1.3%)

Donbot is named after the string “don” found in the malware body. Mainly pharma spam.

1 Comment »

  1. Pretty element of content. I just stumbled upon your web site and in accession capital to claim that I acquire in fact enjoyed account your blog posts. Any way I will be subscribing in your feeds or even I achievement you access persistently quickly.

    Comment by naija Gist — November 1, 2012 @ 8:02 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: