MINDS @ UW-Madison

Understanding the World's Worst Spamming Botnet

Show simple item record


Files Size Format View
TR1660.pdf 169.1Kb application/pdf View/Open
Key Value Language
dc.contributor.author Mori, Tatsuya en_US
dc.contributor.author Esquivel, Holly en_US
dc.contributor.author Akella, Aditya en_US
dc.contributor.author Shimoda, Akihiro en_US
dc.contributor.author Goto, Shigeki en_US
dc.date.accessioned 2012-03-15T17:24:26Z
dc.date.available 2012-03-15T17:24:26Z
dc.date.created 2009 en_US
dc.date.issued 2009 en_US
dc.identifier.citation TR1660 en_US
dc.identifier.uri http://digital.library.wisc.edu/1793/60684
dc.description.abstract On November 11, 2008, the primary web hosting company, McColo, for the command and control servers of Srizbi botnet was shutdown by its upstream ISPs. Subsequent reports claimed that the volume of spam dropped significantly everywhere on that very same day. In this work, we aim to understand the world?s worst spamming botnet, Srizbi, and to study the effectiveness of targeting the botnet?s command and control servers, i.e., McColo shutdown, from the viewpoint of Internet edge sites. We conduct an extensive measurement study that consists of e-mail delivery logs and packet traces collected at four vantage points. The total measurement period spans from July 2007 to April 2009, which includes the day of McColo shutdown. We employ passive TCP fingerprinting on the collected packet traces to identify Srizbi bots and spam messages sent from them. The main contributions of this work are summarized as follows. We first estimate the global scale of Srizbi botnet in a probabilistic way. Next, we quantify the volume of spam sent from Srizbi and the effectiveness of the McColo shutdown from an edge site perspective. Finally, we reveal several findings that are useful in understanding the growth and evolution of spamming botnets. We detail the rise and steady growth of Srizbi botnet, as well as, the version transition of Srizbi after the McColo shutdown. en_US
dc.description.provenance Create and Issued dates reconciled by Wendt Commons staff on 2014-11-24(NJA). en_US
dc.description.provenance Made available in DSpace on 2012-03-15T17:24:26Z (GMT). No. of bitstreams: 1 TR1660.pdf: 169145 bytes, checksum: 77556e00743de7b5d0f5f24bb20aac23 (MD5) en
dc.format.mimetype application/pdf en_US
dc.publisher University of Wisconsin-Madison Department of Computer Sciences en_US
dc.title Understanding the World's Worst Spamming Botnet en_US
dc.type Technical Report en_US

Part of

Show simple item record