Show simple item record

dc.contributor.authorMori, Tatsuyaen_US
dc.contributor.authorEsquivel, Hollyen_US
dc.contributor.authorAkella, Adityaen_US
dc.contributor.authorShimoda, Akihiroen_US
dc.contributor.authorGoto, Shigekien_US
dc.description.abstractOn November 11, 2008, the primary web hosting company, McColo, for the command and control servers of Srizbi botnet was shutdown by its upstream ISPs. Subsequent reports claimed that the volume of spam dropped significantly everywhere on that very same day. In this work, we aim to understand the world?s worst spamming botnet, Srizbi, and to study the effectiveness of targeting the botnet?s command and control servers, i.e., McColo shutdown, from the viewpoint of Internet edge sites. We conduct an extensive measurement study that consists of e-mail delivery logs and packet traces collected at four vantage points. The total measurement period spans from July 2007 to April 2009, which includes the day of McColo shutdown. We employ passive TCP fingerprinting on the collected packet traces to identify Srizbi bots and spam messages sent from them. The main contributions of this work are summarized as follows. We first estimate the global scale of Srizbi botnet in a probabilistic way. Next, we quantify the volume of spam sent from Srizbi and the effectiveness of the McColo shutdown from an edge site perspective. Finally, we reveal several findings that are useful in understanding the growth and evolution of spamming botnets. We detail the rise and steady growth of Srizbi botnet, as well as, the version transition of Srizbi after the McColo shutdown.en_US
dc.publisherUniversity of Wisconsin-Madison Department of Computer Sciencesen_US
dc.titleUnderstanding the World's Worst Spamming Botneten_US
dc.typeTechnical Reporten_US

Files in this item


This item appears in the following Collection(s)

  • CS Technical Reports
    Technical Reports Archive for the Department of Computer Sciences at the University of Wisconsin-Madison

Show simple item record