Spam Warning: Presumed Dead Botnet Makes Massive Comeback
Article by George Norman
On 27 Nov 2008
The fight against spam messages saw a turn for the best early November when McColo, a web host provider from Silicon Valley was shutdown. Perhaps the term best is not suited, sensational would be better if you keep in mind that overall, spam levels went down a staggering 80%. The Srizbi botnet, which before the McColo takedown was responsible for the greater part of spam messages flowing online, is now being brought back from the dead.

Matt Sergeant from MessageLabs, company that specializes in providing integrated messaging and web security services, comments: “In the last 24 hours Srizbi has managed to regain control of some of the botnet PCs which were inactive after the McColo shutdown. This has yet to result in a significant increase in spam volumes, however given this progression we expect to see spam volumes back to 'normal' levels in around a week's time.”


What exactly does MessageLabs senior anti-spam technologist Mat Sergeant mean by “normal levels”? I remember that back in July, a security report issued by MX Logic stated that the Srizbi botnet is responsible for 50% of all spam traffic. That is half of all the spam messages circulating all over the world, encompassing subjects like “genuric Viagra” or the grimmer “McCain dies”. More recent reports state the Srizbi is responsible for about 40% of all spam traffic, which is less than July’s percentage, but it is still considerably high.

Just to put things in perspective, it has been reported that about 500,000 infected machines from the Srizbi botnet, following the McColo takedown, automatically “rebooted”, which is to say that after a period of two weeks when spam levels were at an all-time low, these bot machines attempted to contact their McColo command and control servers. But since these were offline, they eventually connected to alternate servers in Estonia.

For a brief period of time (about three days) security experts managed to register several hundred web domains in an attempt to prevent the bad guys from regaining control of the Srizbi botnet. But since registering so many domains is a hefty enterprise, it was decided that keeping it up is not a financially viable solution. Once the decision to stop registering domains was taken, the guys behind Srizbi registered five domains, redirected the bots’ request to new command and control servers based in Estonia, updated the malware, and once again started to, drum rolls please, send out spam.

“We've stunted the spammers for a couple of weeks, which is a good thing for the Internet. We've increased their costs and, hopefully, that might put some spammers out of business,” added Sergeant.

Tags: Srizbi, messageLabs, Spam, McColo
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Spam Warning: Presumed Dead Botnet Makes Massive Comeback
HTML Linking Code