Dubbed Mega-D, the botnet currently accounts for 32 percent of all spam, 11 percent more than the Storm botnet which peaked at 21 percent in September 2007.
The spam campaign heavily promotes several pharmaceutical products including Herbal King, Express Herbals, and VPXL.
It is a blended threat, the emails trick users into installing Mega-D, said Bradley Anstis, vice-president of products at Marshal.
It is also using news headlines to trick victims into opening the spam, a technique familiar with the Storm worm. The recent death of Australian actor Heath Ledger has also been used as a ploy, he added.
“[Mega-D] probably started about four months ago and it’s been steadily increasing since then,” said Anstis. “It is possible that the individuals behind the Storm botnet are responsible for one or more of these other botnets."
Security vendor Bitdefender reported it had detected heavy promotion for the same herbal medicine VPXL in its January top ten threats list released today. VPXL makes up about 75 percent of all pharma spam, according to Bitdefender.
Marshal believes the Storm’s contribution to worldwide levels of spam has declined to just two per cent.
According to Marshal, reasons behind the Storm worm’s demise are unclear but claim Microsoft’s recent security enhancement may have played a part.
"Microsoft did a good job with Storm with their malicious software removal tool and [claim] they have been cleaning 200,000 computers per month," Anstis said. "We certainly think this has been successful and the security industry needs to work together and focus on these botnets."
However, just two weeks ago Marshal said it recorded a renewed campaign to distribute the Storm malware under the guise of a love letter.
In the past month, Marshal has observed that more than 70 percent of all spam in circulation comes from just five botnets, which is a very high percentage from such a small group, Anstis said.
According to Marshal, the Pushdo botnet, also known as the Celebrity botnet which reached similar distribution capabilities to the Storm worm last November is now responsible for less than six percent of all spam.
Mega-D botnet stronger than Storm, promotes male sexual pills
By Negar Salek on Feb 1, 2008 3:55PM