This drop in spam was mainly due to the impact that the shutdown had on controllers of six major botnets, including...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
one of the world's largest, Srizbi. Experts put the size of this botnet at around 500,000 machines and estimated that is supposedly capable of sending around 60 billion spam messages a day -- more than half of the global total. Interestingly, one reason for the initial spam decrease was that a number of emails were discarded because they were sent to non-existent addresses dropped to a fraction of its usual level. This could mean that levels of other spam email were still relatively high.
Sadly, spam levels have slowly crept back up. By January, MessageLabs Inc. reported spam volumes at about 80% of pre-McColo takedown levels; Symantec Corp.'s April 2009 spam report said that volumes were, in fact, back to pre-takedown levels. Google has also reported similar findings based on the millions of inboxes it manages. This fall and rise of spam after a takedown demonstrates a common pattern; when another ISP, Intercage, for example, was taken down, it created only a brief decline in spam activity as botnet controllers simply found new "unscrupulous" providers.
However, following the McColo shut down, it does appear that controllers are adopting new strategies to avoid a similar hit on their operations. One tactic is to not run their botnets at full capacity, which avoids exposing a new ISP as a target. Some are even using peer-to-peer technology to send instructions between computers rather than having a single command-and-control computer communicate with all of their bots.
Obviously, the takedown of McColo was a good thing, even though the reduction in spam was only temporary. It took spammers only four months to get their botnets back up and running. Worryingly, there's now a rise in the amount of spam with malware attached. McColo was a small victory, but the war is still very much ongoing. With 85% of all email traffic thought to be spam, we certainly need more victories.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect ...continue reading
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability ...continue reading
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.