Date Added: Jan 2010
Botnets have become one of the most serious threats to the Internet. They are now the key platform for many Internet attacks, such as spam, Distributed Denial-of-Service (DDoS), and the authors call these attacks "The second character of bots". In this paper, they focus on characterizing spamming botnets by leveraging both spam payload and spam nodes traffic properties. Measurement of botnets is an important and challenging work. However, most existing approaches work only on specific botnet Command and Control (C&C) protocols (e.g., IRC) and structures (e.g., centralized). In this paper, they present two measurement frameworks (MFNL and MFAL) that based on the second character of bots to measure the size of the botnet.