Correlation Analysis between Spamming Botnets and Malware Infected Hosts

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of bots or zombie PCs which have been infected by a specific malware, and they try to propagate themselves into other victim systems through the Internet. In order to mitigate heavy damage of botnet based cyber attacks, it is needed to better understand the basic infrastructure of botnets as well as the underlying malwares of them. In this paper, we carried out correlation analysis between 10 spamming botnets identified by analyzing 3 weeks of spam emails in our previous work and malware infected hosts that observed at our darknets and honey pots. By comparing members (i.e., bots) of 10 spamming botnets with source hosts of dark net and honey pot traffic, we found that 7.2% ~ 37.5% of spamming botnets has been infected by four different malwares at least.