SpamThru Statistics

In an earlier analysis, we revealed a botnet created by a trojan sometimes called SpamThru. By working with the anti spam group SpamHaus and the ISP, we were able to receive access to files from the SpamThru control server. We have analyzed the files, and in this report we will look at some of the statistics and interesting finds.

SpamThru operates in a limited peer-to-peer capacity, but all bots report to a central control server. The bots are segmented into different server ports, determined by which variant of the trojan is installed. The bots are further segmented into peer groups of no more than 512 bots, keeping the overhead involved in exchanging information about other peers to a minimum. SecureWorks - The Information Security Experts

Linked by shanmuga Thursday, 16th November 2006 12:05AM