Threat Research & Content Engineering (TRACE) is a group of security analysts who continuously monitor and prevent online security threats. According to their security researchers, approximately 85 percent of all spam email messages are being generated by only 6 botnets which include Mega-D.

The Srizbi botnet is currently responsible for generating 39 percent of the spam in February, taking over from the previously dominant Mega-D botnet which was taken down by the operators for 10 days in January. The second-place botnet is Rustock which generates approximately 21 percent of the spam, followed by Mega-D at 9 percent. The top six offenders include Hacktool.spammer with 8 percent, Pushdo with 6 and Storm that generates 2 percent.

A sales engineer for Marshal, Glen Meyers, confirmed “We can’t tell who owns these botnets, but Mega-D, the number one source in January, went quiet for 10 days in February, and the others ramped up, advertising some of the same products.” Most of the spam email messages created by the Rustock, Srizbi and Mega-D botnets promote male enhancement drugs like Viagra and herbal remedies. Therefore, there is a possibility that the same people are responsible for these botnets.

Meyers provides another possibility: “The advertiser is told by the botnet operator that he’s shutting down and looks for an alternate source. We can’t know that from looking at the spam.” He also confirms that although they can determine that the spambots are coming from a new source, they are unsure whether they are being controlled by the same advertisers or the same spammers. Regardless, “it appears the botnet operators are actually competing with each other” according to Meyers.

The Storm botnet is comprised of approximately 85,000 zombie computers and was the main generator of spam last year. However, it is currently responsible for only 2 percent of all spam. Meyers believes the Mega-D operators shut down their botnet due to fear of the publicity it generated: “It’s been around for more than a year, and when we announced in January that it was the number one botnet, it spooked them and they took things offline.”

Mega-D re-emerged in late February, generating 21 percent of all spam. At its peak which occurred in January, it was responsible for one-third of all the spam. Srizbi quickly overtook the botnet, using celebrities in its spam campaigns to lure unsuspecting users. The researchers at Sophos, a security vendor, have noted the re-emergence of the Pushdo botnet that was common with spammers in late 2007.

According to Richard Wang, the manager of Sophos’ US labs, variants of Pushdo were created on a weekly basis during the summer of 2007. However, the botnet’s activity level subsided during the first few months of 2008. According to Wang, “we haven’t seen much activity from Pushdo for a few weeks.” However, his security team recently noted a very large amount of spam being generated from a new variant of Pushdo.

The creators of Pushdo codes change them frequently in order to defeat the perimeter defenses used by many organizations. Instead of writing itself to disk, the spam generally delivers a payload that is encrypted and will infect the memory of the computer. Wang confirmed that it’s difficult to determine whether Pushdo is being generated by a group or a single individual.

Protectwebform carried out its own research in the field of form-spam. During many months we analyzed spam messages, which were entered in forms, provided by our company. As a result of analysis of these messages and sender IP-addresses you can see TOP 14 Spam-Topics and TOP 20 Countries-spam-distributors. And then follow top keywords for 5 top Spam-Topics.

Regarding countries-spam-distributors, the leading position is taken by USA, having 38 % of overall amount of spam-messages. Next, with a big lag, comes China with 5.3%, Ukraine with 4.7% and Russia with 3.8%. From European countries only Spain – 3.2%, Germany - 2.8% and Italy – 1.7% got into the TOP.

As for the most popular spam-message topics, the first place is occupied by “Drugs and Medications” which covers 24.7% of all spam-phrases. Silver medalist is “Finance” with 16.6%. These are the ultimate leaders. Other popular topics are “Phones & Ringtones” – 6.8%, “Adult” – 5.6% and “Gambling” – 4.2%.

Spam-messages distribution into topics was implemented in the following way. Using http://dir.yahoo.com/ we classified spam-phrases, distributing them into directories, and then we grouped derived directory names, thus determining general topics.

Drugs & Medications

viagra, cialis, phentermine, xanax, ultram, fioricet, merida, hydrocodone, ambien, levitra

Finance

payday loan, debt consolidation loan, payday loan online, home equity loan, personal loan, home improvement loan, countrywide home loan, bad credit car loan, auto insurance, payday loans

Gambling

online casino, foxwoods casino, play poker, free casino, best online casino, casino bonus, free online casino game, free online casino, casino royale, casino poker

Phones & Ringtones

verizon wireless ringtones, motorolla ringtones, free ringtones, free cingular ringtones, download free ringtones, verizon ringtones, nextel ringtones, caller ringtones, nokia ringtones, sprint ringtones

Adult

porn dvd, xxx dvd, adult dvd, russian young hardcore gymnastic, free porn, anal sex, free teen porn, anna kournikova nude, sex hypno girls xxx, blowjob