Are Botnet Takedowns The Final Weapon In Spam Fight?

By Brian Prince
March 25, 2011 11:28 AM ET

Page 2 of 2

McAfee has a lot of initiatives in the works to continue to refine its capabilities to detect and stop spam as well as infiltrate botnets and cooperate with the authorities, he said.

“Tool and protocol integration through our GTI (Global Threat Intelligence) initiative is significant and ongoing,” he explained. “Better data mining, data traps and finding the key individuals who have the artistic talent to craft effective rules and hunt spammers are also very important.”

There’s no doubt that takedowns have an impact, even if historically it has been relatively short-lived. Before Operation b107, Rustock was sending billions of spam emails daily, accounting for an average of 28.5 percent of global spam from all botnets in March. That percentage was actually down from the end of 2010, when Rustock was responsible for as much as 47.5 percent of spam.

That being said, spammers will always adapt, Wosotowsky said.

“They have been constantly improving their distributed command and control capabilities over the past few years, moving into instant messaging, comments in blogs, or wiki updates to hold encoded messages to lost bots in order to lead them back to a new home,” he said. “I would also predict that we’ll see more definitive splits of the botnet (Rustock) into functional units. This will ensure when someone blocks the Rustock botnet they will only be tracking down the portion of it that was used for spam or some other obvious purpose, while the more subtle corporate espionage related infections will be safely tucked away.”

While it may seem like innovation is in a holding pattern, there is progress being made in the backend, said Symantec Abuse Desk Analyst Eric Park. “The reality is that top tier anti-spam product probably catches 99-plus percent of spam,” he said. “So it’s about the push to get that last fractional percentage point gain, which becomes more difficult as we get closer to 100 percent.

“Also, the typical end-user’s perception is based on the number of spam messages received, not the percentage filtering rate,” Park added. “For example, if one user received one spam message daily last year and one spam message daily this year, the perception would be that there has been no progress made. However, if spam output increased over that time period, the anti-spam effectiveness percentage would’ve actually increased. So the product may be doing better, but would make no difference to the end-user.”

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows