Symantec deconstructs a zombie

The Ferris daily post pointed me to the Symantec site to see more zombie deconstruction. Take a look at Armado Hidalgo’s post

TAB: So, what is the purpose of all this renewed activity, you ask? The primary goal is to create a botnet that sends tons and tons of penny stock spam (but because the botnet can be controlled by its owners, we may see changes in functionality). During our tests we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped. We are speculating that the task of sending the junk email is then passed on to another member of the botnet. My colleagues in the antispam team are seeing greater activity, too. Of course, users of Symantec’s Brightmail are also protected from this latest spam run.

Think of it like CSI:Your Computer, or CSI:Hopefully not Your Computer. The more these doctors inspect the viruses and the infected patients, the faster we catch these threats and get to deconstruct the next bad bug.