Tag Archives: M86

Harvesting Data on the Xarvester Botmaster

August 6, 2012

In February, I published the results of an investigation into the identity of the man behind the once-infamous Srizbi spam botnet. Today’s post looks at the individual(s) likely involved in running the now-defunct Xarvester botnet, a spam machine that experts say appeared shortly after Srizbi went offline and shared remarkably similar traits.

Srizbi was also known in the underground as “Reactor Mailer,” and customers could register to spam from the crime machine by logging into accounts at reactormailer.com. That domain was registered to a mserver@mail.ru, an address that my reporting indicates was used by a Philipp Pogosov; more commonly known by his nickname SPM, Pogosov was a top moneymaker for SpamIt, a rogue online pharmacy affiliate program that was responsible for a huge percentage of junk email over the past half-decade.

Taking Stock of Rustock

January 5, 2011

Global spam volumes have fallen precipitously in the past two months, thanks to a cessation of junk e-mail from Rustock — until recently the world’s most active spam botnet. But experts say those behind Rustock haven’t gone away, but have merely shifted the botnet’s resources toward other money-making activities, such as installing spyware and adware.