Spammers Trying To Regain Control Over Cut Off Spam Bots
from the the-battle-is-on dept
Last week, there was a lot of attention over the shutdown of McColo, a hosting company that was apparently used by a huge number of spammers to control some of the largest zombie botnets out there. While we were initially skeptical of just how big an impact this had (the press and some antispammers have “cried wolf” way too many times in the past on the impact of shutting down certain spam operations), the evidence in the days that followed suggested, indeed, that an awful lot of the world’s spam was controlled via McColo. The Washington Post, which kicked off the shutdown by presenting evidence of McColo’s spam connections to its upstream providers, is now digging deeper into how the whole operation worked.
Burying the lede a bit, the article notes that McColo actually came back online briefly this past weekend, and apparently spammers very quickly worked to transfer data to Russian servers while trying to update various botnets to take commands from those servers, rather than the cut off McColo servers. There’s some speculation that McColo tried to time the reconnect to weekend hours when most working stiffs wouldn’t notice. However, Swedish telco TeliaSonera, who provided the connection (thanks to an old agreement the two firms had) pulled the plug within hours of being notified.
It’s also worth noting that McColo hasn’t made any public statements since this whole situation came about, which certainly raises questions about how much the folks who ran the company knew about how their network was being used. Even though it sounds like spammers may not have been able to regain full control over their botnets, it seems likely that they did regain some control, and spam levels are likely to get back to where they were in rather short order.