03:46 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

Eleven Analyzes Impact Of Botnet Takedowns On Spam Volumes

Few botnet takedowns had a noticeable impact on spam volumes

Berlin, August 1, 2012 - Two weeks after the takedown of Grum, the world's third largest botnet, the Research Team of eleven, leading German e-mail security provider, presents an interactive timeline at www.eleven.de/botnet-timeline-en.html that investigates the connection between botnet shutdowns and spam volume trends. To this purpose, eleven analyzed the most important botnet takedowns since 2008. The result: the majority of botnet shutdowns had little or no noticeable and at most only a short-term impact on spam volumes; those volumes even increased after the takedown of the Mariposa botnet in December 2009. If the effect is greater than in 2008 when the Internet connections of the spam friendly web hosting company McColo were cut, it generally takes only a few weeks until previous spam levels are again achieved.

The only exception was the world's largest botnet, Rustock, whose control servers were taken out in March 2011. Some of the impact on spam levels could be felt even one year later, both in terms of spam volumes as well as the geographic and topic-related distribution of spamming. According to the eleven Research Team, the lacking influence of the majority of botnet takedowns shows that most botnet operators are able to restore their infrastructures very quickly and the latest generation of botnets is designed to be so robust that takedowns often fail to annihilate overall control infrastructures. The goal of the botnet timeline is to make the links between anti-botnet measures and spam volume trends more transparent and to create greater clarity regarding myths and speculation about the impact of botnet takedowns on spam trends. The timeline is now online and findings about further botnet takedowns and their consequences will be integrated on an ongoing basis.

eleven on Twitter: http://twitter.com/elevensecurity

eleven - E-mail security "Made in Germany" eleven is a leading e-mail security provider based in Germany. Its unique eXpurgate technology offers a spam filter and e-mail categorization service that protects the user reliably against spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, 1&1 and freenet as well as many well-known companies and public institutions, including Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, RTL, SAP, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.