By Bob Brown (follow me on Twitter)
University of Washington researchers have developed a prototype system called Botlab that monitors botnets to gain insight into a major generator of spam.
"Our prototype system integrates information about spam arriving at the University of Washington, outgoing spam generated by captive botnet nodes, and information gleaned from DNS about URLs found within these spam messages," the researchers write in "Studying Spamming Botnets Using Botlab," which is being presented next week in Boston at the 6th USENIX Symposium on Networked Systems Design and Implementation.
The researchers say systems like Botlab are needed because other techniques, such as passive honeynets, are becoming less effective in light of botnets "increasingly propagating via social engineering and web-based drive-by download attacks that honeynets will not observe."
Among the findings: 6 botnets crank out close to four-fifths of spam messages flooding into the university, with one called Srizbi being the worst offender with 35% of the spam. Grum, Kraken and MegaD are among some of the other threatening botnet names. All botnets observed by the researchers distribute spam from multiple campaigns, with those for Canadian healthcare, diamond watches and freedom from debt being among the most prevalent.
The researchers are making Botlab data publicly available in hopes that security researchers can use it to fight spam. The University of Washington researchers themselves have implemented ideas stemming from Botlab into a Thunderbird email client extension.
Botlab monitors spam received by roughly 200,000 University of Washington e-mail addresses, which in total get about 2.5 million e-mails a day, 90%-plus of which is spam. The research has been partially funded by the National Science Foundation.
MORE ON BOTNETS
Making a PBX 'botnet' out of Skype or Google Voice?
Kraken the botnet: The ethics of counter-hacking
The Leader in Network Knowledge
Post new comment