Welcome to MSDN Blogs Sign in | Join | Help

Terry Zink's Anti-spam Blog

Protecting your mail from the scum of the internet
What percentage of network traffic comes from botnets?

I was recently asked what percentage of our network traffic can be attributed to botnets and if 60% was a reasonable figure.  This is not something that I have personally investigated (ie, I don't have the numbers to support my theories).

According to a lot of articles that I have read (and knowing from experience), spam has undergone a transformation in the past year.  Professional spammers with netblocks used to account for a big chunk of spam, that has now shifted into networks of zombies.  The question is how much has that shifted?

I'd say at least 50% of network traffic is mail coming from botnets.  I think a case could be made that it is as high as 60%.  What do the rest of you think?

Update: This was in one of the links in Enemieslist's Links Roundup on Jan 23:

Sophos noted that up to 90 percent of all spam is now relayed from zombie computers hijacked by Trojan horses, worms and viruses and under the control of hackers.

So there you go, that's one source.

Posted: Wednesday, January 17, 2007 5:55 PM by tzink
Filed under:

Comments

Matt Sergeant said:

Botnet spam represents somewhere between 80 and 90% of spam. However it's difficult to say what it is on a network traffic level. The average spam size is still fairly small in comparison to the average email we see (business email mostly) so it pushes the figure down quite a bit. I haven't really done the maths but I would suspect it's around 20% of traffic now (image spam levelled the playing field a bit).

The problem is that the network traffic is totally irrelevant when it comes to handling email. For a mail server the DATA section is the easy part. The problems are dealing with multiple connections, and with spam scanning every single one.

Ask an ISP about how much they spend on handling the abuse levels of email vs how much they spend handling the abuse levels of the web. I would put money on email being significantly higher. Yet most stats will show bandwidth usage by email is less than 1% of that used by the web.

# January 17, 2007 11:58 PM

Chris Love said:

I think you may be in the ball park. I have my own servers and host about 200+ sites on really one W2K3 box and have another server for e-mail (~500 accounts). I think e-mail accounts for about 75% of my traffic and I think between 80-90% of the e-mail traffic is SPAM.

# January 18, 2007 3:10 PM

enemieslist.com: Spam News said:

More About the Backscatter Problem Connecting the Warezov domain dots Note to MySpace Users: Get Better Passwords Do Away With HTML Based E-mailWith instructions! Great Strides in Phishing New E-Commerce Identity Tag Makes Online Debut What percentage

# January 18, 2007 8:12 PM

Nikki said:

"Zombie activity accounts for 85% of the spam circulating the Internet"

According to Commtouch Zombie Botnet report

http://www.commtouch.com/downloads/Commtouch_2006_Spam_Trends_Year_of_the_Zombies.pdf

the rate of spam depends on yout network anywhere between 45% -97% (breakdown in report, page 3)

# February 5, 2007 8:29 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker