Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action.
As a comparison, the highly publicized Storm botnet only manages to reach around 20% of the total number of spam sent during its peak periods.
[7] The earliest reports on Srizbi trojan outbreaks were around June 2007, with small differences in detection dates across antivirus software vendors.
The trojan has been credited with being extremely efficient at this task, which explains why Srizbi is capable of sending such high volumes of spam without having a huge numerical advantage in the number of infected computers.
The trojan itself is fully executed in kernel mode and has been noted to employ rootkit technologies to prevent any form of detection.
This procedure has been proven to allow the trojan to bypass both firewall and sniffer protection provided locally on the system.
Unlike the usual messages about counterfeit watches, stocks, or penis enlargement, the mail contained promotional information about United States presidential candidate Ron Paul.
A spokesman told the press: "If it is true, it could be done by a well-intentioned yet misguided supporter or someone with bad intentions trying to embarrass the campaign.
[25] Through the capture of one of the control servers involved,[26] investigators learned that the spam message had been sent to up to 160 million email addresses by as few as 3,000 bot computers.
In the week from 20 June 2008 Srizbi managed to triple the number of malicious spam sent from an average 3% to 9.9%, largely due to its own effort.
[27] This particular spam wave was an aggressive attempt to increase the size of the Srizbi botnet by sending emails to users which warned them that they had been videotaped naked.
This was accomplished through a mechanism in the trojan horse that queried an algorithmically generated set of domain names, one of which was registered by the individuals controlling the botnet.
The United States computer security firm FireEye, Inc. kept the system out of the controllers' hands for a period of two weeks by preemptively registering the generated domain names but was not in a position to sustain this effort.