Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Spam report: volumes rising again

By Elinor Mills, CNET News.com
November 27, 2008
URL: http://www.zdnet.com.au/news/security/soa/Spam-report-volumes-rising-again/0,130061744,339293525,00.htm


Spammers knocked offline two weeks ago when their hosting company, McColo, was shut down are finally coming back online, security researchers said this week.

spam volumes

(Credit: MessageLabs)

California-based McColo was believed to be responsible for up to 75 per cent of all spam, according to The Washington Post.

Spam volumes, which dropped about 80 per cent when McColo was shut down on November 11, remained relatively flat since then until a few days ago when they started climbing up, said Matt Sergeant, senior anti-spam technologist at MessageLabs, now owned by Symantec.

Since Sunday, the spam volume has risen to about 37 per cent of what they were before McColo was unplugged, MessageLabs said.

McColo was hosting command and control servers that were being used to send instructions — like send spam or Trojans — to bot software that had been planted on PCs, mostly in the US, according to Sergeant. "With no work orders to process, the machines simply stopped spamming," he said.

Some of the botnets, with names like "Srizbi," "Asprox," "Rustock," and "Mega-D," are back up after connecting to different domains, Sergeant said. Some are connecting to ISPs outside the US, which will make it very difficult to shut them down again, he said.

"The problem now is that it was a lot easier to get a US-based ISP shut down than it will be to get, for example, this Estonian ISP shut down," Sergeant said.

"We've stunted the spammers for a couple of weeks, which is a good thing for the internet," he said. "We've increased their costs and, hopefully, that might put some spammers out of business."

Researchers are collaborating on the matter and providing information to US law enforcement agencies, said Paul Ferguson, an advanced threat researcher at Trend Micro. Some of the bots are programmed to connect to a new domain after a certain amount of time of inactivity, he said.

Researchers have been able to get some registrars to suspend some domains being used and have filed abuse complaints with some ISPs that appear to be unwitting hosts, Ferguson added.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.