Categories: SecurityWorkspace

Big Bad Botnets Combine To Send Billions Of Spam Messages

Two massive botnets have been combined to form what could be one of the biggest spam campaigns ever created.

Waledac malware, which was supposed to be out of action since 2010, as a result of a botnet takedown operation led by Microsoft, has made its way back onto machines via the Virut virus.

In its heyday, Waledac was one of the biggest botnets in existence, capable of sending out significant amounts of spam, until Microsoft gained a court order to seize the domains associated with the malicious network in 2010.

But it reared its ugly head again in 2011 and 2012, and now looks to be having a comeback with the help of Virut.

The Virut botnet consists of 308,000 bots, and has been sending out email spam as well as carrying out other malicious activities.

Botnets joining forces

Symantec discovered Virut downloading an updated version of Waledac, before sending spam email via servers in a list received from the command and control (C&C) infrastructure.

“During our analysis in a controlled environment, we observed a compromised computer sending approximately 2,000 emails per hour,” the security giant said in a blog post.

“Conservatively, if a quarter of the estimated 308,000 computers infected with W32.Virut download W32.Waledac.D, then potentially billions of spam emails can be sent from these computers.”

Symantec produced the below table, showing its estimates for the size of the spam campaign:

“The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer,” Symantec added.

“The volume of spam that can be sent from each bot is quite significant and the combination of multiple compromised computers could potentially lead to billions of spam messages being sent out by W32.Waledac.D per day.”

Meanwhile, Trend Micro has set up a global botnet map, showing locations of C&C servers and victim computers. At the time of publication, it had recorded 618 C&C servers as active in the last two weeks, as well as 483,589 active connections.

Check out the map here.

What do you know about online security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

23 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

24 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago