This drop in spam was mainly due to the impact that the shutdown had on controllers of six major botnets, including...
one of the world's largest, Srizbi. Experts put the size of this botnet at around 500,000 machines and estimated that is supposedly capable of sending around 60 billion spam messages a day -- more than half of the global total. Interestingly, one reason for the initial spam decrease was that a number of emails were discarded because they were sent to non-existent addresses dropped to a fraction of its usual level. This could mean that levels of other spam email were still relatively high.
Sadly, spam levels have slowly crept back up. By January, MessageLabs Inc. reported spam volumes at about 80% of pre-McColo takedown levels; Symantec Corp.'s April 2009 spam report said that volumes were, in fact, back to pre-takedown levels. Google has also reported similar findings based on the millions of inboxes it manages. This fall and rise of spam after a takedown demonstrates a common pattern; when another ISP, Intercage, for example, was taken down, it created only a brief decline in spam activity as botnet controllers simply found new "unscrupulous" providers.
However, following the McColo shut down, it does appear that controllers are adopting new strategies to avoid a similar hit on their operations. One tactic is to not run their botnets at full capacity, which avoids exposing a new ISP as a target. Some are even using peer-to-peer technology to send instructions between computers rather than having a single command-and-control computer communicate with all of their bots.
Obviously, the takedown of McColo was a good thing, even though the reduction in spam was only temporary. It took spammers only four months to get their botnets back up and running. Worryingly, there's now a rise in the amount of spam with malware attached. McColo was a small victory, but the war is still very much ongoing. With 85% of all email traffic thought to be spam, we certainly need more victories.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb ... Continue Reading
An increase of IoT botnets has been seen since the Mirai malware source code was leaked. Learn how the new variants pose to be a serious threat to ... Continue Reading
Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.