The article presents a new method to resist botnets, sending out spam. This is a method to automatically separate and block those networks in real time.
Kaspersky Lab, a leading developer of secure content management solutions, has released a new analytical article “Coordinated distributions method for tracking botnets sending out spam”. The author is Andrey Bakhmutov.
The article presents a new method to resist botnets, sending out spam. This is a method to automatically separate and block those networks in real time. The method uses a statistical approach exploiting the fact that computers in a botnet have to have some similarities in their behavior. By monitoring e-mail traffic from numerous sources over a period of time it is possible to notice that message streams from some of the sources share common characteristics which mark them out from the rest of the computers sending e-mail messages. Depending on the way the streams are compared, the number of messages in each stream and the number of sources isolated, it can be stated with greater or lesser probability that these sources make up a network of “zombie” computers – a botnet.
The full version of the article is available on Viruslist.com.
