Srizbi is one of the biggest botnets on the Internet, being responsible for 75% of the spam mail sent in the US. Two weeks ago, Srizbi was taken down, after Internet providers McColo were shut down, being suspected of hosting different suspicious activities.

Unfortunately, even with McColo shut down, after two weeks of spam free inboxes, Srizbi comes back with a vengeance. FireEye declared that the regeneration of the botnet was possible due to the fact that it has a mechanism that generates the Command and Control function to which it communicates based on a seed in the binary and a variation of the Julian date of the infected host.

Botnets are used by spammers are hackers for a variety of reasons, from simply sending spam messages to a multitude of email addresses to collecting precious personal information, or credit card information. Hackers, or bot herders, firstly send a Trojan virus to different computers, after which they use them to send spam to different email servers.

The more computers a bot herder controls, the stronger its fame and power is. Viruses can be sent through IRC or even different web pages. Currently the Srizbi botnet is responsible for almost half the spam sent in the entire world. Other strong botnets are Wopla, sending approximately 600 million spam messages per day, Kraken, with 9 billion spam messages per day and Bobax, with a spam capacity of 9 billion per day.

Presently, FireEye is purchasing the domains Srizbi is trying to take over, as it has figured out its algorithm. The sad news is that FireEys can’t keep this up forever, as it can’t afford buying so many web domains.