Spam levels remain down following McColo shutdown

Though worldwide spam levels are still diminished in the wake of the McColo web hosting-company shutdown, it may only be a matter of time before they come roaring back.

According to security experts from the Marshal8e6 TRACE Team, the volume of spam around the world fell by as much as 70 percent after two internet service providers pulled the plug on McColo. McColo was hosting the command-and-control infrastructure for three of the world's most prolific spam botnets: Srizbi, Mega-D and Rustock. When McColo was shut down, spam-sending bot computers could not phone home.

"This is the most significant single event in the fight against spam we have ever seen," said Phil Hay, lead threat analyst with the TRACE Team. "Unfortunately we do not expect this situation to last."

One sanguine consequence of the McColo shutdown is that the United States is no longer the primary source of the world's spam, according to managed security services provider Network Box, which claims that China now produces more spam than any other country in the world.

Simon Heron, internet security analyst at Network Box, said: “We've also seen a significant drop in emails containing viruses and phishing attacks. This indicates that McColo's servers were also used to distribute malicious emails containing viruses, and not just the usual junk marketing mail.”

Although the amount of spam has not returned to normal levels in the wake of the McColo takedown, cybercriminals likely will be better prepared going forward.

"It is a cliche, but the fight against spam is a game of cat-and-mouse," Hay said. "Over the longer term, the spammers will learn from this incident and will probably evolve their botnet control systems. They may adopt a more resilient peer-to-peer or layered model where control servers are harder to access and spread among many hosts.”