Spam back on the rise

 

Gallery

Posted on 26 Nov 2008 at 17:20

Spam levels are back up again, although not quite to full force, as botnet owners recover after the takedown of hosting company McColo.

In the days following the takedown, spam levels dropped massively - to just a fifth of what they were before. But according to security services provider MessageLabs, two major botnets - 'Asprox' and 'Rustock' - are back with a vengeance after having found new command and control.

Now, spam levels have begun to recover, and are back to 40 per cent of what they previously were.

"One major botnet that we haven't seen sending out large volumes of spam is a botnet called Srizbi," explained Paul Wood, senior analyst at MessageLabs. "That was responsible - until the takedown of McColo - for up to 50 per cent of all spam volumes."

"Even though the other botnets that we've been tracking have increased in activity in order to fill the gap that's been left - they're unable to fill that gap completely, but we are seeing an increase."

The company hasn't yet seen large volumes of spam coming in from Srizbi, but warned that it is still potentially there, and the potential still exists to generate spam once spammers have been able to re-establish their connection.

Wood warned that it would be relatively straightforward for spammers to recover the Srizbi botnet. He said that all that is needed is for spammers to know what domain names need to be registered so that then they can point those domain names at their command and control servers and re-establish contact.

He also said that the reason McColo was taken down, was due to the action of the community; researchers who were providing the information. While acknowledging that there have been a number of advances made by law enforcement agencies - such as the arrest in January 2008 of a well-known spammer called Alan Ralsky - more resolute action could have been taken if authorities had gotten involved with McColo.

"If law enforcement had been involved, then they would have gone in and examined the servers forensically and gain more evidence - that didn't happen unfortunately," he said.

The Rt Hon Alun Michael MP, chair of the EURIM e-crime group, conceded that the UK's law enforcement agencies has not been adequate.

"When I ask if I can have a report from the police about what's been done about it, I get no response - and if I can't get a report from them as a member of Parliament, then who can?" he said.

"We're not geared up to deal with it. But, realistically, do you want the limited number of people dealing with internet crime to spend their time on spam? And the answer is no we don't, because we want them to be dealing with things like major fraud. So therefore, it has to be part of a partnership approach to dealing with nuisance and disorderly activity in a different way to how we deal with more serious e-crime."