MessageLabs Intelligence Tracks New Botnet
- Friday, January 15, 2010, 12:13
- Threat Research
On 31 December 2009 MessageLabs Intelligence began tracking a new botnet, named 'Lethic'. At that time, it accounted for 2.5 percent of all spam. On 1 January 2010 it rose to just under 4 percent of all spam and carried on at roughly around that level for another six days. On 8 January, it peaked at 5.25 percent of all spam (which is around 5.25 billion spam globally per day), then over the next 2 days its traffic dropped off to nothing and has yet to return.
The last spam MessageLabs Intelligence tracked from Lethic was received on the 9 January. This drop off is due to community action by Neustar and several ISPs and seems to have effectively 'killed' Lethic.
The spam Lethic has been sending is roughly an even mix of Pharma (all linking to Canadian pharmacy websites as usual) and replica watches. The pharma websites linked to are all hosted in Beijing, the replica watch sites are all hosted in Seoul.
A sample of pharma spam
Which links to:
And a sample of replica spam
Which links to:
One interesting thing we noticed is that Bagle, another botnet, was sending exactly the same spam as Lethic over that same (continue reading...)