Windows/XP SP2 Hosts Large Part of SpamThru Botnet


A lot of the spam you find in your mailbox, in particular of the enlargment pill and pump & dump variety originates from a zombie botnet that is created by a trojan known as SpamThru.

Because the SpamThru controller keeps statistics on what version of Windows each infected client is running, down to the service pack level, one can analyze this data to find out what sort of systems are vulnerable to infection.

Joe Stewart of SecureWorks has just published a report with SpamThru statistics, showing that 47.23 % of infected hosts are running Windows/XP SP2. In fact Windows/XP SP2 is dominating the makeup of this particular botnet.

This indicates that contary to claims by many industry analysts, Windows/XP SP2 is still very open to this type of attacks.


I suppose the reason for this is that almost everyone using Windows XP are logged in as an administrator. It doesn't matter how well patched Windows XP are or whether they are using SP2 or SP1. What this statistics show us is that most computers are running Windows XP SP2 and not that Windows XP is very open to attacks. But using Windows with restricted access is not always easy so I suppose we can still blame Windows XP and Microsoft for this situation.