Risk
8/1/2012
03:46 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Eleven Analyzes Impact Of Botnet Takedowns On Spam Volumes

Few botnet takedowns had a noticeable impact on spam volumes

Berlin, August 1, 2012 - Two weeks after the takedown of Grum, the world's third largest botnet, the Research Team of eleven, leading German e-mail security provider, presents an interactive timeline at www.eleven.de/botnet-timeline-en.html that investigates the connection between botnet shutdowns and spam volume trends. To this purpose, eleven analyzed the most important botnet takedowns since 2008. The result: the majority of botnet shutdowns had little or no noticeable and at most only a short-term impact on spam volumes; those volumes even increased after the takedown of the Mariposa botnet in December 2009. If the effect is greater than in 2008 when the Internet connections of the spam friendly web hosting company McColo were cut, it generally takes only a few weeks until previous spam levels are again achieved.

The only exception was the world's largest botnet, Rustock, whose control servers were taken out in March 2011. Some of the impact on spam levels could be felt even one year later, both in terms of spam volumes as well as the geographic and topic-related distribution of spamming. According to the eleven Research Team, the lacking influence of the majority of botnet takedowns shows that most botnet operators are able to restore their infrastructures very quickly and the latest generation of botnets is designed to be so robust that takedowns often fail to annihilate overall control infrastructures. The goal of the botnet timeline is to make the links between anti-botnet measures and spam volume trends more transparent and to create greater clarity regarding myths and speculation about the impact of botnet takedowns on spam trends. The timeline is now online and findings about further botnet takedowns and their consequences will be integrated on an ongoing basis.

eleven on Twitter: http://twitter.com/elevensecurity

eleven - E-mail security "Made in Germany" eleven is a leading e-mail security provider based in Germany. Its unique eXpurgate technology offers a spam filter and e-mail categorization service that protects the user reliably against spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, 1&1 and freenet as well as many well-known companies and public institutions, including Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, RTL, SAP, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web