Analyzing the behavior of top spam botnets

Botnets became the preferred platform for launching attacks and committing fraud on enterprise networks and the Internet itself. Characterizing existing Botnets will help to coordinate and develop new technologies to face this serious security threat. Several approaches can be taken to study this phenomenon: analyze its source code, which can be a hard task mainly due to license restrictions; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, capturing the originated traffic and characterizing it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between different Botnets that can be explored to build efficient detection methodologies.