What percentage of network traffic comes from botnets?

I was recently asked what percentage of our network traffic can be attributed to botnets and if 60% was a reasonable figure.  This is not something that I have personally investigated (ie, I don't have the numbers to support my theories).

According to a lot of articles that I have read (and knowing from experience), spam has undergone a transformation in the past year.  Professional spammers with netblocks used to account for a big chunk of spam, that has now shifted into networks of zombies.  The question is how much has that shifted?

I'd say at least 50% of network traffic is mail coming from botnets.  I think a case could be made that it is as high as 60%.  What do the rest of you think?

Update: This was in one of the links in Enemieslist's Links Roundup on Jan 23:

Sophos noted that up to 90 percent of all spam is now relayed from zombie computers hijacked by Trojan horses, worms and viruses and under the control of hackers.

So there you go, that's one source.

Comments (4)

  1. Matt Sergeant says:

    Botnet spam represents somewhere between 80 and 90% of spam. However it’s difficult to say what it is on a network traffic level. The average spam size is still fairly small in comparison to the average email we see (business email mostly) so it pushes the figure down quite a bit. I haven’t really done the maths but I would suspect it’s around 20% of traffic now (image spam levelled the playing field a bit).

    The problem is that the network traffic is totally irrelevant when it comes to handling email. For a mail server the DATA section is the easy part. The problems are dealing with multiple connections, and with spam scanning every single one.

    Ask an ISP about how much they spend on handling the abuse levels of email vs how much they spend handling the abuse levels of the web. I would put money on email being significantly higher. Yet most stats will show bandwidth usage by email is less than 1% of that used by the web.

  2. Chris Love says:

    I think you may be in the ball park. I have my own servers and host about 200+ sites on really one W2K3 box and have another server for e-mail (~500 accounts). I think e-mail accounts for about 75% of my traffic and I think between 80-90% of the e-mail traffic is SPAM.

  3. More About the Backscatter Problem Connecting the Warezov domain dots Note to MySpace Users: Get Better Passwords Do Away With HTML Based E-mailWith instructions! Great Strides in Phishing New E-Commerce Identity Tag Makes Online Debut What percentage

  4. Nikki says:

    "Zombie activity accounts for 85% of the spam circulating the Internet"

    According to Commtouch Zombie Botnet report


    the rate of spam depends on yout network anywhere between 45% -97% (breakdown in report, page 3)

Skip to main content