Botnets Tighten Their Grip on the Broadband Infrastructure

Spam in mailboxHow much of a drag is spam putting on the global broadband and messaging infrastructure, and where is it coming from? According to Symantec’s newly released 2009 MessageLabs Intelligence Report, spam is a huge burden: In September, the global ratio of spam in email traffic from new and previously unknown bad sources was 86.4 percent. And botnets — autonomous and automated collections of compromised computers — are responsible for 87.9 percent of it. Despite efforts to curtail botnet activity, it looks like the spam problem continues to grow.

More than 150 billion unsolicited email messages are being distributed by compromised computers every day, according to the report. Its findings are in line with data reported at the recent RSA conference on botnets, and warnings from Google and others about them. Indeed, botnets have emerged as the most significant enemies in the war on spam, and efforts to fight them only temporarily slow them down.

Paul Wood, senior intelligence analyst at Symantec’s MessageLabs division, points out that in the past year, several ISPs have been taken offline for hosting botnet activity. For example, after being identified by upstream service providers and security researchers for suspected botnet hosting, San Jose, Calif.-based McColo was taken offline in November of last year. PriceWert’s shutdown is another example.

Wood says that these closures have had some impact on botnets, but not enough. As he writes in the report, “[C]losures now have less of an impact on resulting activity as downtime now only lasts a few hours rather than weeks or months as before.” That’s because, by nature, botnets reach out to expanded points of distribution.

Tracking how ISP closures temporarily slow down botnets, and how new botnets suddenly become dominant, is like reading through a battle scene from “The Lord of the Rings.” As the MessageLabs report notes, “A newer botnet, Maazben, has experienced rapid growth since its infancy in late May mainly sending out casino-related spam while Rustock, one of the oldest and largest botnets, has doubled in size since June and established a predictable spamming pattern.” Grum and Bobax are some of the other unsavory names among botnets. Grum is especially active, responsible for over 23 percent of global spam, according to the report, a fact that illustrates the enormous pattern shift we’re seeing in exactly how spam drags down the communications infrastructure.

If you wonder why you don’t see spam messages as nearly 90 percent of emails in your inbox, however, Matt Sergeant, Symantec’s senior anti-spam technologist, cleared that up in an interview. “Most people don’t really see the numbers that we see, because we’re the ones filtering it out,” he explained. “MessageLabs tracks over 3.7 billion SMTP connections per day,” he added, and its spam numbers are based on all incoming spam, before filtering. He also noted that while it’s important for users to remain vigilant about fighting spam, ISPs vary at how well they do at filtering, and as such it’s worth checking with your ISP to see what kinds of protections are in place.