| Presentation | 2009-07-17 Understanding the large-scale spamming botnet Tatsuya MORI, Holly ESQUIVEL, Aditya AKELLA, Akihiro SHIMODA, Shigeki GOTO, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | On November 11, 2008, the primary web hosting company, McColo, for the command and control servers of Srizbi botnet was shutdown by its upstream ISPs. Subsequent reports claimed that the volume of spam dropped significantly everywhere on that very same day. In this work, we aim to understand the world's worst spamming botnet, Srizbi, and to study the effectiveness of targeting the botnet's command and control servers, i.e., McColo shutdown, from the viewpoint of Internet edge sites. We conduct an extensive measurement study that consists of e-mail delivery logs and packet traces collected at three vantage points. The total measurement period spans from July 2007 to April 2009, which includes the day of McColo shutdown. We employ passive TCP fingerprinting on the collected packet traces to identify Srizbi bots and spam messages sent from them. The main contributions of this work are summarized as follows. We first estimate the global scale of Srizbi botnet in a probabilistic way. Next, we quantify the volume of spam sent from Srizbi and the effectiveness of the McColo shutdown from an edge site perspective. Finally, we reveal several findings that are useful in understanding the growth and evolution of spamming botnets. We detail the rise and steady growth of Srizbi botnet, as well as, the version transition of Srizbi after the McColo shutdown. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | spam / botnet / Srizbi / measurement |
| Paper # | IA2009-31 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2009/7/10(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Understanding the large-scale spamming botnet |
| Sub Title (in English) | |
| Keyword(1) | spam |
| Keyword(2) | botnet |
| Keyword(3) | Srizbi |
| Keyword(4) | measurement |
| 1st Author's Name | Tatsuya MORI |
| 1st Author's Affiliation | NTT Service Integration Laboratories() |
| 2nd Author's Name | Holly ESQUIVEL |
| 2nd Author's Affiliation | University of Wisconsin-Madison |
| 3rd Author's Name | Aditya AKELLA |
| 3rd Author's Affiliation | University of Wisconsin-Madison |
| 4th Author's Name | Akihiro SHIMODA |
| 4th Author's Affiliation | School of Science and Engineering, Waseda University |
| 5th Author's Name | Shigeki GOTO |
| 5th Author's Affiliation | School of Science and Engineering, Waseda University |
| Date | 2009-07-17 |
| Paper # | IA2009-31 |
| Volume (vol) | vol.109 |
| Number (no) | 137 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |