The Honeymoon is Over
Apparently you just can't keep a good botnet down.
As expected, the honeymoon that we have been on since the November 11th shutdown of McColo is over. As we discussed in our previous post about the volume declines after the McColo shutdown, the Rustock botnet was able to update some of its infected machines during an approximately 12 hour period that McColo was brought back online by TeliaSonera, a Swedish ISP. Rustock has come back and come back strong over the past few days mostly sending out Canadian Pharmacy spam (one of our all time favorites).
Above are traffic graphs for the three major botnets that were affected as a result of the McColo shutdown. The big dropoffs for Srizbi and Mega-D are both on November 12 (the day after McColo was taken offline). Traffic from both the Srizbi and Mega-D botnets have been virtually non-existent since the 12th.
The Rustock spike started on November 20, about 5 days after McColo was temporarily brought back online.
Just to keep us all on our toes, we've even seen some signs of life from the Storm botnet that most of us had written off for dead. Although it is felt that some of this traffic was coming from poorly configured Barracuda devices, we're still keeping an eye out in the event that there is potential of this botnet coming back.
Despite the resurrection of the Rustock botnet, overall mail volumes are still down about 30-35% from where they were prior to November 11. Today, Fireeye is reporting that the Srizbi botnet is back under the control of its original owners and that new command and control servers have been registered in Russia. So, it stands to reason that Srizbi will not be dormant for much longer before we start to see spam volumes increasing again. The last two weeks has been a nice holiday before the holiday, but it looks like we are very quickly getting back to business as usual....and that's just the way I like it!
Comments
Re: The Honeymoon is Over
I get at least 250 spam emails from Canadian Pharmacy EVERY DAY addressed fom myself to myself. 1 spam message once in a while is palatable but this is just a joke. What is the point in them sending hundreds of messages to the same person every day? Do they think I'm going to suddenly order from them after receiving over 5000 spam email messages in the past month? This is damaging my business. It takes me at least 30 minutes a day to sift through their crap. Its got to the point where I am ready to take whatever action is required to stop these bastards. THE LAST MESSAGE SUBJECT " Attack your baby, she wants "
No doubt I'll get another one in a minute with a subject line such as "bing up a dragon in your pants" - I had 10 with that subject line yesterday. So what do we do guys and Girls? I have money but legal action is pointless since the main man is aparently on the run. What do we do? Chinese registrars and hosts don't give a damn so sites can't be taken down. Any ideas please let me know. One thing I was thinking is that the credit card companies seem to continue to process orders for this criminal outfit. They might as well be accessories, would legal against the card companies be viable? It would certainly stop this nonsense. Ideas please. If you do write to me please put SPAM in the subject line of your email because once again 95% of the emails I receive on a daily basis are from Canadian Pharmacy and I am missing legitimate messages as a result.
president@businessventure.com
Thanks All
No doubt I'll get another one in a minute with a subject line such as "bing up a dragon in your pants" - I had 10 with that subject line yesterday. So what do we do guys and Girls? I have money but legal action is pointless since the main man is aparently on the run. What do we do? Chinese registrars and hosts don't give a damn so sites can't be taken down. Any ideas please let me know. One thing I was thinking is that the credit card companies seem to continue to process orders for this criminal outfit. They might as well be accessories, would legal against the card companies be viable? It would certainly stop this nonsense. Ideas please. If you do write to me please put SPAM in the subject line of your email because once again 95% of the emails I receive on a daily basis are from Canadian Pharmacy and I am missing legitimate messages as a result.
president@businessventure.com
Thanks All
Posted by MARK on December 2, 2008 at 6:34 AM
Commenting has been disabled for this entry.
