Spambots edge back online post-McColo
It was just too good to last: Researchers report that spam levels that dropped in the wake of a high-profile takedown are edging back up -- and that a particularly pernicious botnet made it back online Wednesday night.
When two upstream providers chose to pull the plug on McColo earlier this month, the net at large enjoyed an unusual and slightly eerie quiet, as spam levels dropped by as much as 65%. At the time, anti-malware researchers suggested that we enjoy the peace while it lasted...
...because these guys keep coming back, like a cold sore or a creepy uncle at holiday dinners. Since the takedown, spam has been slowly seeping back into the ecosystem, but on Monday, the rates jolted sharply upward.
Matt Sergeant, senior anti-spam technologist at MessageLabs, has the unenviable job of watching the waters rise. He suggests that the botnet owners have, two weeks later, hooked up with new service providers.
"The Asprox and Rustock botnets are back with a vengeance after having
found new command and control," Sergeant noted on Tuesday, saying that Mega-D and Warezov were clearly in action as well. "Cutwail never went away, and it seems its owners have used the opportunity to increase output."
But the megillah, the godzilla, the inbox-killer had yet to re-emerge -- Srizbi, the botnet Sergeant characterizes as responsible for a full 50% of all spam. Alas, Tuesday night saw its return, Sergeant reports.
"In the last 24 hours Srizbi has managed to regain control of some of the botnet PCs which were inactive after the McColo shutdown," he told BetaNews on Wednesday afternoon. "This has yet to result in a significant increase in spam volumes, however given this progression we expect to see spam volumes back to 'normal' levels in around a week's time."
While we were relaxing, he says, it's likely that the botnet owners were scrambling to retain new providers, while the shady firms that rent such things were forced to languish and contemplate lost profits.