Feeds

Spam net snared a quarter million bots, says conqueror

Putting the mega in Mega-D

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Herders behind the Mega-D botnet may have corralled nearly a quarter million infected machines into their spam-churning enterprise before it was recently crippled by white hat hackers.

The botnet, which was once responsible for an estimated third of the world's spam output, was knocked out of commission last week by employees of security firm FireEye. After unplugging the Mega-D master control channels, the researchers set up a benign "sinkhole" channel for the bots to report to and waited to see what would happen.

Over five days, 487,340 unique IP addresses reported to the ad-hoc server. Using findings derived from last year's take-down of the separate Srizbi botnet, FireEye estimates that the figure translates to 248,590 unique machines. Unlike Mega-D, Srizbi included an accounting mechanism that identified each infected machine. They then analyzed the number of IP addresses and noted that after five days, it was about double the number of individual Srizbi victims.

"Any botnet size estimate should be taken with a grain of salt as they are notoriously hard to calculate and there is a lot of conflicting data out there," FireEye's Todd Rosenberry cautions.

Based on the IP addresses, the researchers also estimated that Brazil is most infected country, accounting for 11.5 percent of the victims, followed closely by India and Viet Nam. In all, 214 countries were represented.

FireEye said that it is continuing to monitor Mega-D but plans to turn over maintenance of the sinkhole to Shadowserver. The volunteer crew has an established infrastructure and relationships with ISPs and various Computer Emergency Response Teams, or CERTS, around the world. ®

Remote control for virtualized desktops

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.