Building the "Mother of all Bot Networks"?

Share Article

Melior, Inc. Spam and Worm Monitors report today drastically increased daily counts of hostile executable attachments (trojans, worms, viruses) to Spam (UCE) messages. This report indicates the highest level of intrusion attempts by way of Spam observed so far, up 40 times from a consistent average since November 21st, to peak levels within the last two days, on Saturday December 5th and Sunday, December 6th, in Europe and Asia. Compromise in the US is expected to rise further with the beginning of the business day on Monday in the United States.

Delivered by Spam and by auto-replication through Penetration Testing (PenTest), trojans, worms, and viruses are the initial step to compromise large numbers of desktops in corporate and government networks, as well as home computers on broadband connections. Once compromised, these PC systems are operated as "bot networks", and used to deliver Spam (unsolicited commercial e-mails - UCE), along with more compromise tools, and to launch distributed Denial-of-Service (dDoS) attacks.

In turn, Denial-of-Service attacks are then used by organized crime groups and potentially terrorist cells for extortion attempts and other agendas; the "bot" networks play a powerful tool as an effective weapon in these attack events.

The number of average daily compromises of PC systems to be included in such "bot" networks was recently reported to have increased from 2,000 to 30,000 a day (in studies by Verisign and Symantec). A "bot" network of 100,000 systems was recently shut down by law enforcement agencies.

Due to the nature of our business, to develop effective tools to defend against dDoS attacks, Melior operates monitoring services to observe and catalog attempts of compromise, Penetration Testing scans, and keeps track of Denial-of-Service attacks. A particular focus is given to the payload of Spam e-mails to aid Research & Development of another Melior CyberWarfare product against the Denial-of-Service conditions created by Spam.

Within the last two days, the monitors reported quarantines of a drastically higher number of hostile executables embedded in Spam messages. From a typical, consistent average of under 50 such hostile attachments in one of these monitors, the number started to slowly increase on November 21st to about 5 times the normal average, and as of Saturday climbed to 12 times the average. As of Sunday, December 6th, the number of hostile executable attachments has reached the unprecedented level of 42.6 times the normal average, and keeps climbing.

So far, the originating source IP addresses are located in Asia and Europe. Melior expects this number to increase further, as the business day in the United States starts on Monday morning.

The observation lends to conclude this pattern is an indication of renewed efforts to compromise larger numbers of PC systems in an effort to build a very large "bot" network; hence the term of the "mother of all bot nets".

Melior advises to verify this information at other Internet monitoring sites, and to take appropriate precautions.

About Melior

Melior Inc. ('melior' is Latin and means 'better') is a privately held US company headquartered in Dallas, Texas, with offices in Dortmund, Germany and New Delhi, India. Melior provides solutions against distributed Denial-of-Service (dDoS) attacks, which also protect against Penetration Testing for vulnerability exploitation.

Melior, Inc. contributes actively in anti-Crime and anti-Terrorism efforts with goverment agencies in the United States and in Europe.

Barbican, Barbican RNP, iSecure, Perfectionists At Work are registered trademarks of Melior, Inc.

For more information and reseller contacts, please visit Melior's CyberWarfare Defense web site at

Contact Information:

Mr. Matt Gair

Chief Operating Officer and Co-Founder

Melior, Inc.

US Headquarters

Columbus A. Langley Building

1501 Beaumont Street

Dallas, Texas 75215


Tel: +1 (214) 421-5975 and 1-888-4MELIOR

Fax: +1 (214) 421-5951 and 1-888-TOFAXUS

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Matt Gair
Visit website