View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
August 25, 2009

MessageLabs shows source of social network site DoS attacks

Botnet fuelled spam attacks mounted against blogger

By CBR Staff Writer

Researchers at MessageLabs have revealed that the distributed denial of service (DDoS) attacks made on several big name social networking sites in the past few weeks were linked to a spam run against an anti-Russian blogger, with a botnet also being used in parallel to carry out the attack.

“Although it is presumed that this spam run contributed to the DDoS attacks on these social networking websites, it is unlikely that this run alone could have caused all the reported disruption,” the messaging security specialist has reported in its latest intelligence briefing.

MessageLabs Intelligence has suggested that a botnet was also used to conduct the DDoS attack in parallel, with compromised computers under the botnet’s control commanded to, in an automated way, open the page of the targeted social networking website.

The company’s analysis has also revealed that activity levels for one of the largest botnets fell away drastically following the shutdown of an ISP in Latvia. 

Activity of the Cutwail botnet which is said to responsible for approximately 15 to 20% of all spam today, and is one of the largest botnets globally, fell by as much as 90%, it reports. 

The Latvian ISP Real Host was disconnected on 1 August after it was alleged to be linked to command-and-control servers for infected botnet computers. 

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Following the disconnection, MessageLabs found global spam volumes immediately fell by as much as 38%. 

Normal service was quickly resumed however, and the respite in activity levels lasted only 48 hours. 

MessageLabs notes that this was not the first time an ISP blamed for malicious activity has been disconnected. In the last 12-months at least three US-based ISPs have suffered a similar fate, most notably, Atrivo (aka InterCage), McColo and Pricewert (3FN). Pricewert was taken offline by the US Federal Trade Commission.

Spam remains fairly steady, down from 89% at 88% overall for August, due to the activity levels of other major botnets such as Rustock, Mega-D and Donbot. 

In the UK levels are running slightly higher at 91% from levels of 93% in the month earlier.

The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 296 emails. One in 341 emails comprised some form of phishing attack.

In August, the most spammed industry sector with a spam rate of 93% was the engineering sector, the researchers have revealed.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.