Parasitic botnet spams 60 billion a day

The Srizbi botnet has stormed over its competition to become the Internet's biggest spammer.

Researchers claim the botnet is responsible for 50 percent of all spam, and is the biggest of its kind in history.

It's 300,000 zombie computers are being worked hard. The much larger Storm Worm required about 500,000 nodes - with some figures even suggesting anywhere between 1 million to 50 million -- to deliver 30 percent of global spam.

Joe Stewart, director at U.S. consultancy Secure Works, said the Srizbi Trojan is the biggest botnet in history and the most powerful. He said Srizbi, aka "Cbeplay" and "Exchanger," can blast out 60 billion messages a day.

Storm is now in a tea cup after its spam output was cut down to a mere 2 percent, due to widespread media coverage which kicked off a race by security vendors to squash the threat.

Trojan.Srizbi is one of the first full-kernel pieces of malware, according to Symantec. It hides itself as a rootkit and operates completely within the kernel, without any interaction in user mode.

The Trojan is rumored to contain code capable of uninstalling competing rootkits.

Marshall vice president of products, Bradley Anstis, said the Srizbi botnet has grown quickly to overtake the rival Mega-D botnet since the start of the year.

"Srizbi is the single greatest spam threat we have ever seen. Srizbi now produces more spam than all the other botnets combined," Anstis said.

"As Mega-D went offline, Srizbi stepped in to fill the gap and hasn't looked back since."

Mega-D rose quickly to prominence earlier this year after security researchers reported the Viagra-spamming botnet had topped Storm's peak spam output by 30 percent.

"It is probable the [Mega-D] spammers got spooked and decided to lay low for a while, security researchers were close to discovering their control servers when the plug was pulled," Anstis said.

"Typically the spammers like the 'low and slow' approach; building their botnet up over time and trying to stay under the radar to avoid detection. It is an intriguing chain of events that."

The Rustock botnet has taken the second spot as the most notorious spammer, Mega-D third, followed by Hacktool.Spammer, Pushdo and Storm. Marshall estimates about 15 percent of spam is from other sources.

Srizbi has been documented selling watches, pens and of course Viagra.

Computerworld Australia is an InfoWorld affiliate.