Spam drop could boost Trojan attacks

The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned.

McColo take down proves ISPs have the power to stamp out spam

ISPs disagree on the global percentage drop caused by the shuttering of California-based McColo last Tuesday, with estimates given by those contacted by Techworld ranging from 50% to 80%, but even the lower figure is still an unprecedented fall in such a short space of time. It appears that even those who were aware of its use as a hosting port had not guessed that a single ISP could be behind such a huge chunk of the world's spam.

"Our servers haven't been so relaxed for months," said Richard Cox, CIO of respected spam-fighting organisation, Spamhaus, ruefully. "This proves how important it is for the law to get at this sort of criminality."

Related Content

Nevertheless, Cox doubted that the improvement would last long, and could actually lead to a rise in Trojan attacks as spammers using McColo to host botnet control infrastructure, attempted to reconstitute their networks elsewhere in the coming weeks.

Paul Wood of MessageLabs said his company had also seen spam dipping sharply, which had hit specific troublesome botnets hard.

"We documented a massive drop in spam volume to levels, eight times less than typical volumes for a period of 12 hours, immediately following the takedown before spam levels began to rise again," he said.

"Further analysis of our metrics would suggest there has been an 80% drop from Mega-D and 60% from Srizbi; Rustock is down by 50% and Asprox down by 80%. Overall botnet traffic has reduced by approximately 30% in the 24 hours following the takedown."

In fact, McColo was the third ISP of significance to the criminal world to face disruption in a matter of weeks, he said, referring in particular to the de-peering of Intercage by ISPs in September.

How the botnet controllers reacted in the coming weeks would depend on how easily they could regain control of compromised, 'zombie' PCs. If that proved hard, it was possible that new PCs would need to be hit with Trojans in order to start new botnets from scratch.

"It depends on the botnet in question and whether the bad IPs at McColo can be re-activeated by another rogue ISP sooner or later," he said.

Recent News:
· Google comes in fourth on top 10 list of spam enablers
· The CAN-SPAM Act as a warning
· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.