Spam Botnet Makes Comeback After McColo shutdown

The respite was a brief one; two weeks after webhoster McColo closed down and took three-quarters of spam worldwide with it into oblivion, there are signs that other have started to fill the vacuum left by the rogue hosting firm.

Web security firm FireEye reported that nearly half a million Zombie PC from the Srizbi botnet, which accounts for as much as half of all the spam on the web, tried to contact their virtual headquarters and reach what the BBC calls their command and control servers at McColo.

These infected computers were subsequently able to reconnect to a new C&C server in Estonia, beyond the reach of international legal organisations, by using an internal algorithm that allowed them to connect to these new servers and update their source code.

Cisco-owned IronPort systems which specialises in messaging security said that spam is still down; roughly 73 billion spam emails were tracked on Tuesday 26th, les than half the 153 billion registered on November 11th.

Another email security company, MessageLabs, also warns that another large botnet, Cutwail, is scrambling to fill the void left by Srizbi, as the build-up to Christmas means that spam numbers could reach record levels sooner than we thought.

Related Articles

Spam Is Silenced, but Where Are the Feds?

Spammers Regaining Control Over Srizbi Botnet

Spammers regaining control over Srizbi botnet

Spam Spikes Again Weeks After McColo Shutdown

Monster spam botnet briefly resurrected from the dead

Criminals regain control after security firm stops preemptively registering routing domains

Massive botnet returns from the dead, starts spamming

Spam on rise after brief reprieve