Festi botnet cranks up spam volumes

Anti-spam organisation Spamhaus has warned of a "huge increase" in spam activity from the three-year-old Festi botnet in the past two months..

Since the end of June, Spamhaus said Festi had ramped up to account for nearly a third of the million IP addresses that were infected with some sort of spam sending bot.

The sheer volume of Festi spam "even overwhelmed spam detection processes at some security organisations", Spamhaus researcher Thomas Morrison wrote.

Festi appears to have been around since 2009 and is spread as a "Trojan Horse" executable that infects older variants of Windows up to Vista. It contains spam messages that it emails to pre-determined addreses.

The increased number of Festi spam comes after a security researchers FireEye in cooperation with other organisations closed the Grum botnet in July this year.

At its height, Grum, which has been in existence since 2007 and possibly earlier, comprised 120,000 "zombies" sending out spam every day.

Spamhaus said Grum now comprised 150 to 500 active spam bots a day but because its command and control servers had been shut down, the botnet could be considered as dead.

The firm said spam from Festi had replaced the volumes of junk mail generated by Grum and was now rivalling spam from Cutwail, the world's largest botnet.

Cutwail started up around 2007 and is thought to comprise 1.5 to 2 million individual computers capable of sending out 74 billion spam messages day.

Cutwail computers were used in a massive distributed denial of service attack in 2010 against some 300 sites that included the CIA, FBI and Twitter.