Posted on behalf of Dan Bleaken, Malware Data Analyst MessageLabs Intelligence has been tracking a new botnet, ‘Festi’ since the beginning of August.
Gradually, Festi has steadily increased its output of spam from virtually insignificant volumes up to 3-6% of daily spam. In terms of spam volumes, 3-6% is estimated at a massive 1.5-3 billion spams per day globally. This increase in output has been achieved both by gradually increasing the amount of spam sent from each Festi bot, and by recruiting new bots to the botnet.
At the moment it is spewing out 2 variants of spam.
The first variant, is ‘male enhancement‘ type mails containing .cn domains, leading to a Canadian Pharmacy Website
Typical subjects such as: Paradise in your bed Very-very Magic Stick Strong stick Magic stick Hard stick tonight All night long
Website:
The other variant is geared more towards the Christmas product spamming season, it’s watch spam containing links to .com domains:
Typical subjects such as: casablanca leather band classic automatic submariner limited coca cola edition classic quartz omega de ville co axial chronograph Hermes Watches
In terms of Festi’s global ranking among the botnets, Festi has become one of the spamming heavyweights. Currently, Festi is fifth after the giant ‘Big-4’ botnets: Cutwail, Bagle, Grum and Rustock (which among them account for more than 80% of global spam). I wonder how Festi’s relative dominace will develop over the coming weeks...