Announcement

Collapse
No announcement yet.

Spam

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Spam

    This is somewhat old new:

    The depeering of an Internet service provider has resulted in a drop in Internet-wide spam of as much as 75 percent, security firms said Wednesday.

    On Tuesday, two major Internet service providers stopped routing traffic for McColo, a hosting provider based in San Jose, Calif., essentially making all sites hosted by the service inaccessible. The action followed investigations by security researchers that found that McColo had become the preferred home of for many botnets' command and control servers, according to an article in the Washington Post.

    "It was like night and day," said Matt Sergeant, anti-spam technologist with MessageLabs. "The second that they went offline the drop started."

    MessageLabs, McAfee, Symantec, and Arbor Networks -- as well as other security firms -- noted the drop, though the companies differed on the magnitude, with estimates varying between 60 percent and 75 percent.

    The depeering of McColo follows significant efforts by Washington Post reporter Brian Krebs to track down Internet service providers that hosted malicious and criminals servers while ignoring their owners' actions. In September, Atrivo, an Internet service provider based in California, went offline after its sole remaining upstream provider ceased to route its traffic. A drop in spam was also witnessed by observers after the disconnection of Atrivo.

    Online criminals jumped from Atrivo to McColo, according to an analysis published by SecureWorks in October. MessageLabs' Sergeant believes, this time, spam will again ramp up as online criminals find a new place to roost.

    "I don't believe this will have a lasting effect on spam volumes," Sergeant said. "The people responsible for this are making a lot of money. They are now going to work to get back to a position where they are making a lot of money again."
    I just checked, and the spam is still way down:


    So, if it was so easy, why did nobody ever do it before? It is not like it was in a gray zone; this was criminals who had hijacked millions of computers, broken all kinds of laws, and caused billions in damages.

    I am utterly baffled as to why there isn't some kind of minimal government enforcement in this area, why it had to be a private researched who convinced a private company to take action.
    http://www.hardware-wiki.com - A wiki about computers, with focus on Linux support.
    Tags: None
  • #2
    MessageLabs' Sergeant believes, this time, spam will again ramp up as online criminals find a new place to roost.

    "I don't believe this will have a lasting effect on spam volumes," Sergeant said. "The people responsible for this are making a lot of money. They are now going to work to get back to a position where they are making a lot of money again."


    They're making a lot of money, and so are you.

    For a minute there, i could almost hear the gnashing of teeth of all those security providers at this piece of news, but it seems they've found a way to look at the bright side. Relief all around..

    Somebody should really investigate and try to establish links between major security providers and grand-scale malicious web activity, be it spam, spyware bots or what have you.

    Comment

    • #3
      Note the recent increase in spam in the graph above

      How much are companies willing to spend to get workers back to the office? – Computerworld
      http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121678


      November 26, 2008 (Computerworld) A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals.

      The "Srizbi" botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia.

      Srizbi was knocked out more than two weeks ago when McColo Corp., a hosting company that had been accused of harboring a wide range of criminal activities, was yanked off the Internet by its upstream service providers. With McColo down, PCs infected with Srizbi and other bot Trojan horses were unable to communicate with their command servers, which had been hosted by McColo. As a result, spam levels dropped precipitously.

      But as other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet.

      According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains.

      The domain names, said Gong, were generated on a three-day cycle, and for a while, FireEye was able to keep up -- and effectively block Srizbi's handlers from regaining control.

      "We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

      Once FireEye stopped preempting Srizbi's makers, the latter swooped in and registered the five domains in the next cycle. Those domains, in turn, pointed Srizbi bots to the new command-and-control servers, which then immediately updated the infected machines to a new version of the malware.

      "Once each bot was updated, the next command was to send spam," said Gong, who noted that the first campaign used a template targeting Russian speakers.

      The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web.

      In the meantime, FireEye is working with several other companies -- including VeriSign Inc., Microsoft Corp. and Network Solutions Inc., a domain registrar -- on ways to reach the more than 100,000 users whose PCs FireEye has identified as infected with Srizbi.

      Discussions about how to best handle any future McColo-Srizbi situation are also ongoing, Gong said. "We're trying to find a solution, and talking about ideas of how they can help fund efforts for some period of time to [preemptively] register domains," he said.
      http://www.hardware-wiki.com - A wiki about computers, with focus on Linux support.

      Comment

      • #4
        The hell it's down. I think everyone somehow directed their spam mail to me.
        Life is not measured by the number of breaths you take, but by the moments that take your breath away.
        "Hating America is something best left to Mobius. He is an expert Yank hater.
        He also hates Texans and Australians, he does diversify." ~ Braindead

        Comment

        • #5
          Does this include/exclude LordShiva?

          When he returns, I assure you he will help skew the heck out of those results

          Also:

          * Vomit Smiley

          * Froggiehead (fer Herresson)

          *Bukkake Smile fer those who enjoy a great celebratory party!!!!!! (me and AC fer two)

          * Happy Putin Smiley

          * WGRA/KMA Smiley (WhoGivesARatsAZZ/K!$$MyAZZ Smiley)

          GT
          Hi, I'm RAH and I'm a Benaholic.-rah

          Comment

          Previous template Next
          Working...
          X