This drop in spam was mainly due to the impact that the shutdown had on controllers of six major botnets, including...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
one of the world's largest, Srizbi. Experts put the size of this botnet at around 500,000 machines and estimated that is supposedly capable of sending around 60 billion spam messages a day -- more than half of the global total. Interestingly, one reason for the initial spam decrease was that a number of emails were discarded because they were sent to non-existent addresses dropped to a fraction of its usual level. This could mean that levels of other spam email were still relatively high.
Sadly, spam levels have slowly crept back up. By January, MessageLabs Inc. reported spam volumes at about 80% of pre-McColo takedown levels; Symantec Corp.'s April 2009 spam report said that volumes were, in fact, back to pre-takedown levels. Google has also reported similar findings based on the millions of inboxes it manages. This fall and rise of spam after a takedown demonstrates a common pattern; when another ISP, Intercage, for example, was taken down, it created only a brief decline in spam activity as botnet controllers simply found new "unscrupulous" providers.
However, following the McColo shut down, it does appear that controllers are adopting new strategies to avoid a similar hit on their operations. One tactic is to not run their botnets at full capacity, which avoids exposing a new ISP as a target. Some are even using peer-to-peer technology to send instructions between computers rather than having a single command-and-control computer communicate with all of their bots.
Obviously, the takedown of McColo was a good thing, even though the reduction in spam was only temporary. It took spammers only four months to get their botnets back up and running. Worryingly, there's now a rise in the amount of spam with malware attached. McColo was a small victory, but the war is still very much ongoing. With 85% of all email traffic thought to be spam, we certainly need more victories.
Dig Deeper on Email and Messaging Threats (spam, phishing, instant messaging)
Related Q&A from Michael Cobb
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how ...continue reading
Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the ...continue reading
An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.