Although the Waledec botnet remains relatively small -- Stewart put it at just 10,000 machines -- it's growing at "an alarming rate," according to MessageLabs In a report on botnets the e-mail security company released Monday (download PDF), MessageLabs speculated that the botnet owners are "focusing on growing and developing this new botnet, rather than sending spam through it at this stage."
Masiello said that messages designed to plant Waledec were running at a volume of about 4,000-5,000 per hour, down from approximately 12,000 an hour last Friday, and had been holding steady for the last 48 hours. "I'd agree with MessageLabs," said Masiello on Tuesday. "It does look like they are in the process of building up the botnet." MX Logic has not seen any evidence that the Waledec botnet is, in turn, sending spam of its own.
Several botnets that were heavily disrupted by the takedown of McColo, a California-based hosting company, are in the same condition, Masiello added. After suffering losses when McColo -- which had hosted command-and-control servers for several botnets, particular one dubbed "Srizbi" and other called "Rustock" -- was yanked off the Internet, they have spent the last several months adding new PCs to their collection.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.