Wed Dec 3, 2008
"The Srizbi botnet, responsible for about half of all spam, regained its legs on Tuesday, according to a blog post from security firm FireEye." It turns out it is hard work to maintain a spammer network.
As it turned out, "McColo -- which appears to have ceased operating -- provided hosting capabilities for a number of unscrupulous cybergangs, some dedicated to the delivery of spam. After two internet service providers pulled the plug on McColo, the amount of spam fell by as much as 80 percent.
"When McColo went down, their command-and-control centers went away," Sergeant said. "What that means is the bots weren't getting any new work orders. Without new updates, eventually they just teeter out and die down." (Sergeant, Matt; Retrieved HERE)"But it is climbing back after the botnets, such as Rustock, Mega-D and Srizbi, have re-established connectivity to their command-and-control centers, said Matt Sergeant, senior anti-spam technologist at MessageLabs, now owned by Symantec.
"[The backup domain names] are automatically generated by the bots," Sergeant said. "The spammer then knows the algorithm used to generate that name and points that domain name at the new command-and-control center."Further streamlining is needed. It seems the spam networks were down for two weeks. That would make some "spammers" unhappy, as they are losing capital during those shutdowns. But there is a lot of room for spammers worldwide.
"Srizbi has returned from the dead and has begun updating all its bots with a fresh, new binary," said the post. "The worldwide update began just a few hours ago. The new command-and-control servers are located in Estonia, and the domains registered through a registrar in Russia."Reference
Kaplan, Dan; November 26, 2008. Spam climbing back up after botnets return online. HERE
No comments:
Post a Comment