Srizbi and the similar top Botnets are currently mainly used to send spam. It is very infrequent that we see these Bots doing anything *but* spamming. It's happening now, we have recently seen Srizbi going beyond just regular spam and getting involved into information stealing.

It appears that not even David Spade can protect Capital One customers from phishing attacks. A Srizbi sample in our lab today spat out some interesting spam.

FireEye recently dove into the world of spam email Botnets to further strengthen our belief that Botnets like Srizbi, Pushdo, and Rustock, although having completely different C&C architectures, are operated by same group.

This go around, we looked at the servers that control these Botnets and spam created from live Bots in our lab. As part of this investigation, we analyzed multiple malware samples of these Botnets in our both virtual and real lab environments to extract the relevant C&C locations. When we compared the C&C IPs being used by these three Botnets, we were surprised to see that all three were using servers in the same colocation facility, and that this facility was fairly well known (by a quick Google search) to have been used for malicious activities in the past.

Some malware researchers have described Srizbi and Rustock as rival botnets, our data indicates that this
apparent rivalry is a sibling rivalry at best. Srizbi and Rustock seem to be supported (controlled) by the
same parent (bot herder).