Spam levels remain down following McColo shutdown

Share this article:

Though worldwide spam levels are still diminished in the wake of the McColo web hosting-company shutdown, it may only be a matter of time before they come roaring back.

According to security experts from the Marshal8e6 TRACE Team, the volume of spam around the world fell by as much as 70 percent after two internet service providers pulled the plug on McColo. McColo was hosting the command-and-control infrastructure for three of the world's most prolific spam botnets: Srizbi, Mega-D and Rustock. When McColo was shut down, spam-sending bot computers could not phone home.

"This is the most significant single event in the fight against spam we have ever seen," said Phil Hay, lead threat analyst with the TRACE Team. "Unfortunately we do not expect this situation to last."

One sanguine consequence of the McColo shutdown is that the United States is no longer the primary source of the world's spam, according to managed security services provider Network Box, which claims that China now produces more spam than any other country in the world.

Simon Heron, internet security analyst at Network Box, said: “We've also seen a significant drop in emails containing viruses and phishing attacks. This indicates that McColo's servers were also used to distribute malicious emails containing viruses, and not just the usual junk marketing mail.”

Although the amount of spam has not returned to normal levels in the wake of the McColo takedown, cybercriminals likely will be better prepared going forward.

 

"It is a cliche, but the fight against spam is a game of cat-and-mouse," Hay said. "Over the longer term, the spammers will learn from this incident and will probably evolve their botnet control systems. They may adopt a more resilient peer-to-peer or layered model where control servers are harder to access and spread among many hosts.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.