RealTime IT News

Spammers Working to Regain Lost Ground

Spam levels, which fell sharply when botnet host McColo was taken down in November, will bounce back to pre-McColo levels by the end of January, according to Google's Adam Swidler.

Swidler, who handles Google's (NASDAQ: GOOG) business-to-business e-mail security offerings, told InternetNews.com that more attacks will be launched to grow botnets and that there will be an increase in Web-based attacks. Businesses have to make sure they focus on security, Sidler warned.

Meanwhile, spammers are using the latest technology to avoid detection and survive parts of their botnets being shut down, Swidler said.

"When McColo was shut down, the industry saw spam levels fall 70 percent," Swidler said. "We'd never seen anything like that dramatic level of drop in such a short time."

McColo had hosted a large number of botnet command-and-control centers, the servers that managed botnets, and, when it was taken down, there was no way for them to send out spam.

However, spammers began recovering from the blow within weeks. The Google Message Security data center, which only measures business to business e-mail, saw spam levels jump by mid-January to 156 percent of the volume that existed the day after McColo was shut off, Swidler said.

According to Swidler, spammers are working hard to grow their botnets again.

Spammers will launch attacks to create botnets in two ways, he said. One is the traditional attack where malware is attached to e-mail and the spammer tries to get the user to click on it. Such malware will seem to be a notice from a bank or a delivery message from a courier company, Swidler said.

The other will be a blended threat, where links are embedded in e-mails. E-mails used in this attack will look like a credit offering or a get rich quick scheme or a news item, Swidler said. One of the most notorious such attacks, purporting to be a CNN News item about the fighting in Gaza, was launched earlier this month.

A bigger Storm brewing

Security experts are speculating that the Downadup worm, which is creating botnets on a huge scale, might be such an attempt.

Some fear Downadup will infect more PCs than the Storm worm, which took over anywhere from 160,000 to 50 million computers.

Meanwhile, Swidler predicted that Web-based attacks will increase because Web sites are not as well protected as e-mail. "We've seen a lot of legitimate sites that spammers hacked and stored links to malware on so visitors who click on those links will infect their PCs," he said.

Systems administrators need to make sure their Web sites are patched, Swidler warned. The Downadup worm is spreading rapidly because many people have failed to patch their systems even though Microsoft issued a patch in October.

Still, the advantage lies with the bad guys. Since the McColo shutdown, spammers have begun adopting new technology in their fight to survive, and this makes it harder to shut them down. "McColo hosted a lot of first generation command-and-control centers for botnets," Swidler explained.

"Its shutdown forced spammers to upgrade their infrastructure, and they new use the latest and greatest botnet technology. This technology is more resilient, more peer-to-peer and more sophisticated in terms of being able to recover when parts of the network are taken down."