Spammers knocked offline two weeks ago when their hosting company, McColo, was shut down are finally coming back online, security researchers said this week.

spam volumes

(Credit: MessageLabs)

California-based McColo was believed to be responsible for up to 75 per cent of all spam, according to The Washington Post.

Spam volumes, which dropped about 80 per cent when McColo was shut down on November 11, remained relatively flat since then until a few days ago when they started climbing up, said Matt Sergeant, senior anti-spam technologist at MessageLabs, now owned by Symantec.

Since Sunday, the spam volume has risen to about 37 per cent of what they were before McColo was unplugged, MessageLabs said.

McColo was hosting command and control servers that were being used to send instructions — like send spam or Trojans — to bot software that had been planted on PCs, mostly in the US, according to Sergeant. "With no work orders to process, the machines simply stopped spamming," he said.

Some of the botnets, with names like "Srizbi," "Asprox," "Rustock," and "Mega-D," are back up after connecting to different domains, Sergeant said. Some are connecting to ISPs outside the US, which will make it very difficult to shut them down again, he said.

"The problem now is that it was a lot easier to get a US-based ISP shut down than it will be to get, for example, this Estonian ISP shut down," Sergeant said.

"We've stunted the spammers for a couple of weeks, which is a good thing for the internet," he said. "We've increased their costs and, hopefully, that might put some spammers out of business."

Researchers are collaborating on the matter and providing information to US law enforcement agencies, said Paul Ferguson, an advanced threat researcher at Trend Micro. Some of the bots are programmed to connect to a new domain after a certain amount of time of inactivity, he said.

Researchers have been able to get some registrars to suspend some domains being used and have filed abuse complaints with some ISPs that appear to be unwitting hosts, Ferguson added.

Related links

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Aussies to pay more for Win 7

    If you are looking to make some money in these troubled times, perhaps importing copies of Windows 7 could be for you. Read more »

    -- posted by Staff

  • Staff Firefox: Greens want it, 3.5rc2 not up to par

    This week's roundup looks at the situation surrounding a campaign to change Outlook HTML renderer, a Greens MP wants to install Firefox but is restricted and all the photos from the iPhone 3GS launch. Read more »

    -- posted by Staff

  • Chris Duckett Microsoft misses the Outlook point

    Ask designers which mail program is the bane of their existence, and you'll find that Outlook tops the list. The reason why the most popular email reader is also the most painful is simple: it uses Word to render HTML emails. Read more »

    -- posted by Chris Duckett

What's on?