Major spam botnets yet to recover after host shut-down

One week after the world’s most significant breakthrough in the fight against spam, spam levels are yet to return to their previous levels, according to security experts from the Marshal8e6 TRACE Team. However, it is likely that spam levels will eventually return to their previous high levels in the future.

On November 11, the volume of spam around the world fell by as much as 70 percent due to the shutdown of a major spam hosting network, McColo.

McColo was shut down by its Internet Service Provider after an investigative journalist made inquiries about the Web hosting company’s illicit activities. McColo was hosting the command and control infrastructure for three of the world’s most prolific spam botnets: Srizbi, Mega-D and Rustock. When McColo was shut down, the spammers were disconnected from the networks of spam-sending bot computers under their control.

Throughout 2008, the TRACE team has published reports showing that just a handful of major spamming botnets are responsible for as much as 90 percent of spam. The TRACE Team has been campaigning within the IT security community for a coordinated effort against the top spamming botnets. Marshal8e6 says that the command and control servers play a critical part in managing the hundreds of thousands of infected bot computers, also referred to as ‘zombies’.

Marshal8e6 says the command and control servers for the Srizbi, Mega-D and Rustock botnets were affected by the McColo shut down. According to Marshal8e6’s statistics, just prior to McColo’s shut down, these three botnets were ranked first, second and fifth respectively as the world’s most prolific sources of spam, together responsible for nearly 70 percent of spam.