The new Mega-D Botnet has overtaken the notorious Storm worm botnet as the largest single source of the world’s spam
according to security vendor Marshal. This botnet currently accounts
for 32 percent of all spam, 11 percent more than the Storm botnet which
peaked at 21 percent in September 2007. It started about 4 months ago
but has been steadily increasing since then.

http://www.chriscanfield.net/Offsite/botnet.jpg

A new botnet spamming male sexual enhancement
pill promotions has overtaken the notorious Storm worm botnet as the
‘largest single source of the world’s spam’, security vendor Marshal
has warned.

Dubbed
Mega-D, the botnet currently accounts for 32 percent of all spam, 11
percent more than the Storm botnet which peaked at 21 percent in
September 2007.

The spam campaign heavily promotes several pharmaceutical products including Herbal King, Express Herbals, and VPXL.

It
is a blended threat, the emails trick users into installing Mega-D,
said Bradley Anstis, vice-president of products at Marshal.

It
is also using news headlines to trick victims into opening the spam, a
technique synonymous with the Storm worm. The recent death of
Australian actor Heath Ledger has also been used as a ploy, he added.

“[Mega-D]
probably started about four months ago and it’s been steadily
increasing since then,” said Anstis. “It is possible that the
individuals behind the Storm botnet are responsible for one or more of
these other botnets."

Security vendor Bitdefender reported it
had detected heavy promotion for the same herbal medicine VPXL in its
January top ten threats list released today. VPXL makes up about 75
percent of all pharma spam, according to Bitdefender.

Marshal believes the Storm’s contribution to worldwide levels of spam has declined to just two per cent.

According
to Marshal, reasons behind the Storm worm’s demise are unclear but
claim Microsoft’s recent security enhancement may have played a part.

"Microsoft
did a good job with Storm with their malicious software removal tool
and [claim] they have been cleaning 200,000 computers per month,"
Anstis said. "We certainly think this has been successful and the
security industry needs to work together and focus on these botnets."

However,
just two weeks ago Marshal said it recorded a renewed campaign to
distribute the Storm malware under the guise of a love letter.

In
the past month, Marshal has observed that more than 70 percent of all
spam in circulation comes from just five botnets, which is a very high
percentage from such a small group, Anstis said.

According to
Marshal, the Pushdo botnet, also known as the Celebrity botnet which
reached similar distribution capabilities to the Storm worm last
November is now responsible for less than six percent of all spam.

Via SC Magazine