In its heyday, the Srizbi botnet was arguably the largest botnet in the world. At one point in charge of an army of infected computers numbering some 450,000, the botnet was at the top of the food chain when it came to spam capacity. But following the shutdown of the McColo in November 2008, Srizbi was crippled, paving the way for other botnets to rise in its place.
Courtesy of Cisco Systems, eWEEK is taking a look at the rise and fall of Srizbi, and what the botnet’s controllers may now be doing to evade security vendors.
of
Birth of a Botnet The first reports of the botnet surfaced in 2007. Srizbi spread through a Trojan deployed by various malware toolkits, most notably MPack. The botnet would spam out messages containing malicious links that would lead to the malware kit. MPack was also known to spread via compromised Websites.
The Reactor MailerPictured here is called Reactor Mailer, a Python-based program used to coordinate the spam blasted out by individual bots. Access to the program was sold by Elphisoft as a software-as-a-service offering. The program has reportedly existed since 2004.
Botnet Blasting Spam According to Cisco, at its height, Srizbi could send out more than 100 billion spam messages a day. One of the most well-known spam campaigns tied to Srizbi is the so-called "Ron Paul Incident," where the botnet blasted out e-mails promoting a run for president by the Texas congressman.
The Fall of Srizbi After a combination of investigative reporting by the Washington Post and the efforts of the security community, notorious Web hosting firm McColo is shut down. Spam plummets. Srizbi, as the diagram shows, starts to make a small comeback, but is stopped dead in its tracks courtesy of an update to Microsoft's Malicious Software Removal Tool (MSRT).
There's Dead, and Then There's Dead Even though the botnet is on its deathbed, the minds behind it are reportedly still hard at work trying to infect new victims. According to Cisco, the minds behind it are now in control of the Xarvester botnet, which controls about 100,000 hosts. Though considered two separate botnets, they share common nodes, and the Reactor Mailer front end is common to both.
Windows Azure is a public cloud platform for building, hosting and scaling applications. Try Windows Azure free for 90 days and get 20GB outbound and unlimited inbound data transfer.
IT Security & Network Security News & Reviews News & Reviews 
Cloud Data Backup Now Makes Sense for SMBs: 10 Reasons Why 
HP, Lenovo, Asus Laptops, Desktops Offer Consumer Style for Busin[..]
Microsoft`s F#: 10 Reasons Why It`s a Hot Programming Language fo[..]
Data Center Efficiency: 10 Tips to Boost Productivity, Reduce Pow[..]
iPhone Apps to Kick Off the 2012 Summer Season 
Email Security: 10 Steps for Dealing With Dangerous Messages
See All Slideshows
In its heyday, the Srizbi botnet was arguably the largest botnet in the world. At one point in charge of an army of infected computers numbering some 450,000, the botnet was at the top of the food chain when it came to spam capacity. But following the shutdown of the McColo in November 2008, Srizbi was crippled, paving the way for other botnets to rise in its place.
Courtesy of Cisco Systems, eWEEK is taking a look at the rise and fall of Srizbi, and what the botnet’s controllers may now be doing to evade security vendors.