October 14, 2008A Botnet By Any Other Name...
Some malware researchers have been popping champagne corks the last day or two over signs that the Storm botnet appears to have stopped recruiting new PCs for its army. Recruitment activity seems to have been completely dormant for the past month. In the meantime, Microsoft reports having cleaned up over 270,000 Storm-infected PCs through its own malicious software removal tool in the past year.
While I laud the work of these researchers and follow their activities avidly, the audience I try to reach—the average email user—hasn't a clue about botnet names or what distinguishes one botnet from another. That Storm is down but Srizbi is up doesn't mean squat to the recipients of spam generated by either's army. My spam levels haven't subsided to any significant degree—in fact, there has been an increase here in the past few weeks.
Other botnets have imitated the social engineering tricks "pioneered" by Storm, so a typical email user can't tell which botnet is responsible for the latest phony e-card malware lure (as I've been seeing the last couple of days here). Nor does it really matter.
As long as email users continue to fall for whatever tricks are foisted upon them—whether it be to have their PC turned into a botnet soldier, or to buy crap or visit web sites promoted by botnet-using spammers—the spam will continue. If the world has re-learned nothing in the past few weeks, it is the economy (stupid). The overt and covert economies of spamdom, which include building botnet armies to send spam, still have enough money flowing through them to keep the spam senders, address harvesters, and private information-stealing crooks in business. Only when a critical mass of everyday email users stops acting on spam in ways that fuel spammers will the levels start to go down. Unfortunately, due to the extremely low cost of flooding the internet "tubes," the critical mass of which I speak, is an extraordinarily high percentage of email users. Helping achieve that critical mass is what I work toward, and is the toughest challenge I've battled against in my life. It's way too early to sip the bubbly.Posted on October 14, 2008 at 11:05 AM