The alpha botnet was found to be Srizbi, with 39% of the overall activity. The botnet took its name from the spamming Trojan behind it. Marshall points out that the malware is extremely stealthy, operating in full kernel mode, enabling it to “hide its network activities and bypass sniffer tools”.

Rather interesting, it seems that Srizbi creators are very interested in constant feedback: it keeps reporting both the good and the bad email addresses, so the spammers can have a clear view at the statistics.

The runner-up in February’s spamming competition was Rustock, with a 20% “market share”. The champion of the past, Mega-D, has fallen on the third spot after a 10 days forced time out. Still, Mega-D managed to account for 11% and it’s still known to have around 35,000 zombie clients. In other words, it’s rather safe to bet on its come back on the top spot.

The other significant active spambots in February are as follows:

– Hacktool.Spammer (Spam-Mailer) – 7%
– Pushdo family (aliases Pandex and Cutwail) – 6%
– Storm – 2%

The sixth place is very embarrassing for Storm. The botnet is known to include 85,000 compromised hosts. By comparison, Mega-D has only more than a third of that number, has been out for more than a week and still manged to get on the podium.

The complete analysis is available here.