Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

More Waledac data

More Waledac data

  • Comments 2

Following on from my previous post on Waledac data, I decided to have a look-see on the distribution of the IPs that were sending spam.  Here's the table of the breakdown by date, the average spam percentage of the IPs sending the mail (as measured by our content filters and excluding messages with an empty Mail From <>), and the number of distinct IPs.

image

Going from this table, we can see that the IPs sending spam on behalf of Waledac are not exclusively spammers.  Indeed, for the most part, over that period of time they were sending mostly legitimate mail.  This is a clear shift in botnets because most of the time, a given botnet will send nearly 100% spam.

What about the breakdown by spam percentage?  What do the content filters say?  Below is that table:

image

There are a lot of IPs that send only a very small amount of spam that were associated with the Waledac botnet.  Indeed, some of them sent only a few spams and many of those were bounces.

It's an interesting shift in tactics for the spammer.

Leave a Comment
  • Please add 5 and 5 and type the answer here:
  • Post
Page 1 of 1 (2 items)