Categories: SecurityWorkspace

Big Bad Botnets Combine To Send Billions Of Spam Messages

Two massive botnets have been combined to form what could be one of the biggest spam campaigns ever created.

Waledac malware, which was supposed to be out of action since 2010, as a result of a botnet takedown operation led by Microsoft, has made its way back onto machines via the Virut virus.

In its heyday, Waledac was one of the biggest botnets in existence, capable of sending out significant amounts of spam, until Microsoft gained a court order to seize the domains associated with the malicious network in 2010.

But it reared its ugly head again in 2011 and 2012, and now looks to be having a comeback with the help of Virut.

The Virut botnet consists of 308,000 bots, and has been sending out email spam as well as carrying out other malicious activities.

Botnets joining forces

Symantec discovered Virut downloading an updated version of Waledac, before sending spam email via servers in a list received from the command and control (C&C) infrastructure.

“During our analysis in a controlled environment, we observed a compromised computer sending approximately 2,000 emails per hour,” the security giant said in a blog post.

“Conservatively, if a quarter of the estimated 308,000 computers infected with W32.Virut download W32.Waledac.D, then potentially billions of spam emails can be sent from these computers.”

Symantec produced the below table, showing its estimates for the size of the spam campaign:

“The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer,” Symantec added.

“The volume of spam that can be sent from each bot is quite significant and the combination of multiple compromised computers could potentially lead to billions of spam messages being sent out by W32.Waledac.D per day.”

Meanwhile, Trend Micro has set up a global botnet map, showing locations of C&C servers and victim computers. At the time of publication, it had recorded 618 C&C servers as active in the last two weeks, as well as 483,589 active connections.

Check out the map here.

What do you know about online security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

The Cost of Tech Skills

The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…

9 mins ago

Supreme Court Says Meta Must Face Multibillion-Dollar Fraud Lawsuit

US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed

12 mins ago

Uber Seeks $10m Stake In Pony AI Via IPO

Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…

42 mins ago

Apple Developing ‘LLM Siri’ AI For 2026

iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…

1 hour ago

Hong Kong Research Group Trains AI Model With Huawei Chips

Hong Kong-based AI research institute uses Huawei Ascend 910B chips to train latest model, as…

2 hours ago

Investors Shocked As Temu Parent Misses Estimates

Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…

2 hours ago