Spam volume rises despite hosting-company closure
Published: 27 Nov 2008 12:08 GMT
Spammers knocked offline two weeks ago when their hosting company, McColo Corp, was shut down are finally coming back online, security researchers said on Wednesday.
McColo, based in San Jose, California, was believed to be responsible for up to 75 percent of all spam, according to Brian Krebs of The Washington Post, who broke the initial story.
Spam volumes, which dropped by about 80 percent when McColo was shut down on 11 November, remained relatively flat until a few days ago when they started climbing up, said Matt Sergeant, senior anti-spam technologist at MessageLabs, now owned by Symantec.
Since Sunday, the spam volume has risen to about 37 percent of what it was before McColo was unplugged, MessageLabs said.
McColo was hosting command and control servers that were being used to send instructions — for example, to send spam or Trojans — to bot software that had been planted on PCs, mostly in the US, according to Sergeant. "With no work orders to process, the machines simply stopped spamming," he said.
Some of the botnets, with names like 'Srizbi', 'Asprox', 'Rustock' and 'Mega-D', are back up, after connecting to different domains, Sergeant said. Some are connecting to ISPs outside the US, which will make it very difficult to shut them down again, he said.
Read this
Tackling the threat from compromised websites
Most web-based malware now comes from genuine sites that have been compromised, but security expert Mary Landesman wonders: are site owners and visitors are addressing the problem?
"The problem now is that it was a lot easier to get a US-based ISP shut down than it will be to get, for example, this Estonian ISP shut down," Sergeant said.
"We've stunted the spammers for a couple of weeks, which is a good thing for the internet," he said. "We've increased their costs and, hopefully, that might put some spammers out of business."
Researchers are collaborating on the matter and providing information to US law-enforcement agencies, said Paul Ferguson, an advanced threat researcher at Trend Micro.
Some of the bots are programmed to connect to a new domain after a certain period of inactivity, he said.
Researchers have been able to get registrars to suspend some domains being used and have filed abuse complaints with certain ISPs that appear to be unwitting hosts, Ferguson added.
Credit: Spam increasing again after shutdown of hosting company from CNET News
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
