Wednesday :: Nov 26, 2008

Spambots rise again

by Mary

Earlier this month an astonishing thing happened. Taking offline an internet hosting company in the Bay Area resulted in the reduction of 65% of the world's spam. Unfortunately, the respite was only temporary as a couple of the monster botnets have found new hosts and are once again taking orders from their criminal masters.

The "Srizbi" botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia.

...Although some message security companies said yesterday that spam volumes had climbed back from post-McColo troughs, Gong was hesitant to finger Srizbi's return as the reason. "Srizbi may have contributed," he said, "but Rustock is also back."

Rustock, another botnet whose command-and-control servers were hosted by McColo, was partially restored when a Swedish Internet provider briefly stepped in 11 days ago to reconnect McColo to the Web. Even though McColo's connection was quickly severed by TeliaSonera after it received complaints, Rustock's controllers had enough time to instruct some of the bots to look to a Russian-hosted server for commands.

Looks like the spam catchers are going to have work harder to free us from the bane of spam.

Mary :: 8:42 PM :: Comments (0) :: Digg It!