Spammers knocked offline two weeks ago when their hosting company, McColo, was shut down are finally coming back online, security researchers said this week.
(Credit: MessageLabs)
California-based McColo was believed to be responsible for up to 75 per cent of all spam, according to The Washington Post.
Spam volumes, which dropped about 80 per cent when McColo was shut down on November 11, remained relatively flat since then until a few days ago when they started climbing up, said Matt Sergeant, senior anti-spam technologist at MessageLabs, now owned by Symantec.
Since Sunday, the spam volume has risen to about 37 per cent of what they were before McColo was unplugged, MessageLabs said.
McColo was hosting command and control servers that were being used to send instructions — like send spam or Trojans — to bot software that had been planted on PCs, mostly in the US, according to Sergeant. "With no work orders to process, the machines simply stopped spamming," he said.
Some of the botnets, with names like "Srizbi," "Asprox," "Rustock," and "Mega-D," are back up after connecting to different domains, Sergeant said. Some are connecting to ISPs outside the US, which will make it very difficult to shut them down again, he said.
"The problem now is that it was a lot easier to get a US-based ISP shut down than it will be to get, for example, this Estonian ISP shut down," Sergeant said.
"We've stunted the spammers for a couple of weeks, which is a good thing for the internet," he said. "We've increased their costs and, hopefully, that might put some spammers out of business."
Researchers are collaborating on the matter and providing information to US law enforcement agencies, said Paul Ferguson, an advanced threat researcher at Trend Micro. Some of the bots are programmed to connect to a new domain after a certain amount of time of inactivity, he said.
Researchers have been able to get some registrars to suspend some domains being used and have filed abuse complaints with some ISPs that appear to be unwitting hosts, Ferguson added.
I've said it in various anti-spam blogs for 7+ years, but I'll say it again. There are only two effective ways to permanently STOP spamming.
One way is to have an international agreement (ie between countries) that internet traffic will be blocked from countries/states/ISPs (as the independent international monitoring committee decides is warranted in any given instance) if spam continues to come from servers in those countries/states/ISPs after warnings. So if spam traffic is tracked to an Estonian server, Estonia might be given 5-days notice with the ISP/server details and told that all traffic from Estonia to other countries (or even just to OECD countries) will be blocked in five days time if the spam is not stopped. As that is tantamount to halting all foreign trade (and news), you just watch how quickly a small country/state will move to effect a stoppage of the spam. The ISP would receive a directive from the Head of State that on national security/terrorism grounds, they HAVE to terminate the connection to the offending servers. If even a tiny country was digitally-isolated for a few days, it would send such a strong message to all countries to ensure that they had the legal framework to intervene as necessary, to ensure it did not happen to them.
The second way is to have public-key encryption of keys which are 'purchased' from UNESCO for US$0.01 (a cent), which allow ONE email to be sent with that key. Clearly one would pre-purchase US$100 of keys in a batch (by nominating a PayPal account or any other suitable payment option). That US$100 would allow 10,000 emails to be sent by a company, using the keys sequentially. Email servers would check validity of keys and bar emails that did not contain keys. The one-cent cost would be so small as to never cause one to not send a valid email, yet the cost would be prohibitive to send out a million spam emails hoping a tiny proportion bought your fake V-agra product. The challenge would be to ensure that the proceeds went to bona fide mix of charities that had no ideological bias. And if there was still too much spam, then after a few years, the price may have to rise faster than CPI, to say three-cents! At some price-point, the spammers would stop long before genuine users of email. It looks like there is a cost to this approach, but it is a negative cost, as the amount transferred from the wealthy countries to the poorest is actually less than the productivity losses in the wealthier countries, as people spend 10mins per day dealing with the spam in their in-tray.
Either system would work, and every lesser mechanism is like nailing jelly to the wall!