Blog Post

Botnets Tighten Their Grip on the Broadband Infrastructure

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Spam in mailboxHow much of a drag is spam putting on the global broadband and messaging infrastructure, and where is it coming from? According to Symantec’s newly released 2009 MessageLabs Intelligence Report, spam is a huge burden: In September, the global ratio of spam in email traffic from new and previously unknown bad sources was 86.4 percent. And botnets — autonomous and automated collections of compromised computers — are responsible for 87.9 percent of it. Despite efforts to curtail botnet activity, it looks like the spam problem continues to grow.

More than 150 billion unsolicited email messages are being distributed by compromised computers every day, according to the report. Its findings are in line with data reported at the recent RSA conference on botnets, and warnings from Google and others about them. Indeed, botnets have emerged as the most significant enemies in the war on spam, and efforts to fight them only temporarily slow them down.

Paul Wood, senior intelligence analyst at Symantec’s MessageLabs division, points out that in the past year, several ISPs have been taken offline for hosting botnet activity. For example, after being identified by upstream service providers and security researchers for suspected botnet hosting, San Jose, Calif.-based McColo was taken offline in November of last year. PriceWert’s shutdown is another example.

Wood says that these closures have had some impact on botnets, but not enough. As he writes in the report, “[C]losures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.” That’s because, by nature, botnets reach out to expanded points of distribution.

Tracking how ISP closures temporarily slow down botnets, and how new botnets suddenly become dominant, is like reading through a battle scene from “The Lord of the Rings.” As the MessageLabs report notes, “A newer botnet, Maazben, has experienced rapid growth since its infancy in late May mainly sending out casino-related spam while Rustock, one of the oldest and largest botnets, has doubled in size since June and established a predictable spamming pattern.” Grum and Bobax are some of the other unsavory names among botnets. Grum is especially active, responsible for over 23 percent of global spam, according to the report, a fact that illustrates the enormous pattern shift we’re seeing in exactly how spam drags down the communications infrastructure.

If you wonder why you don’t see spam messages as nearly 90 percent of emails in your inbox, however, Matt Sergeant, Symantec’s senior anti-spam technologist, cleared that up in an interview. “Most people don’t really see the numbers that we see, because we’re the ones filtering it out,” he explained. “MessageLabs tracks over 3.7 billion SMTP connections per day,” he added, and its spam numbers are based on all incoming spam, before filtering. He also noted that while it’s important for users to remain vigilant about fighting spam, ISPs vary at how well they do at filtering, and as such it’s worth checking with your ISP to see what kinds of protections are in place.

10 Responses to “Botnets Tighten Their Grip on the Broadband Infrastructure”

  1. Botnets pose a serious threat to everyone, that’s for sure. But does anyone really try to solve it? I mean, don’t just measure the number of botnet computers. If Symantec can filter billions of spam every day, collecting the IPs of botnet computers should be easy. Make an effort to notify those victims, so that they can do something about it. That might boost the sale of their security products as well.

    • Sebastian

      It’s true that the security vendors do produce some of the doom-and-gloom reports about spam, but the MessageLabs division has been doing monthly spam metrics for many years, and really does do them monthly–whether there is a new product release or not. Also, the numbers on botnets are in line with similar numbers recently reported from several sources at the RSA conference.