Spammers Working to Regain Lost Ground

Spam levels, which fell sharply when botnet host McColo was taken down in
November, will bounce back to pre-McColo levels by the end of January, according to Google’s Adam Swidler.

Swidler, who handles Google’s (NASDAQ: GOOG) business-to-business e-mail
security offerings, told InternetNews.com that more attacks will be launched to grow botnets and that there will be an increase in Web-based attacks. Businesses have to make sure they focus on security, Sidler warned.

Meanwhile, spammers are using the latest technology to avoid detection and survive parts of their botnets being shut down, Swidler said.

“When McColo was shut down, the industry saw spam levels fall 70 percent,” Swidler said. “We’d never seen anything like that dramatic level of drop in such a short time.”

McColo had hosted a large number of botnet command-and-control centers,
the servers that managed botnets, and, when it was taken down, there was no
way for them to send out spam.

However, spammers began recovering from the blow within weeks. The Google Message Security data center, which only measures business to business e-mail, saw spam levels jump by mid-January to 156 percent of the volume that existed the day after McColo was shut off, Swidler said.

According to Swidler, spammers are working hard to grow their botnets
again.

Spammers will launch attacks to create botnets in two ways, he said. One
is the traditional attack where malware is attached to e-mail and the
spammer tries to get the user to click on it. Such malware will seem to be a
notice from a bank or a delivery message from a courier company,
Swidler said.

The other will be a blended threat, where links are embedded in e-mails.
E-mails used in this attack will look like a credit offering or a get rich
quick scheme or a news item, Swidler said. One of the most notorious such
attacks, purporting to be a CNN News item about the fighting in Gaza, was launched earlier this month.

A bigger Storm brewing

Security experts are speculating that the Downadup worm, which is creating botnets on a huge scale, might be such an attempt.

Some fear Downadup will infect more PCs than the Storm worm, which took over anywhere
from 160,000 to 50 million computers.

Meanwhile, Swidler predicted that Web-based attacks will increase because
Web sites are not as well protected as e-mail. “We’ve seen a lot of
legitimate sites that spammers hacked and stored links to malware on so
visitors who click on those links will infect their PCs,” he said.

Systems administrators need to make sure their Web sites are patched,
Swidler warned. The Downadup worm is spreading rapidly because many people
have failed to patch their systems even though Microsoft issued a patch in
October.

Still, the advantage lies with the bad guys. Since the McColo shutdown,
spammers have begun adopting new technology in their fight to survive, and
this makes it harder to shut them down. “McColo hosted a lot of first
generation command-and-control centers for botnets,” Swidler explained.

“Its shutdown forced spammers to upgrade their infrastructure, and they
new use the latest and greatest botnet technology. This technology is more
resilient, more peer-to-peer and more sophisticated in terms of being able
to recover when parts of the network are taken down.”

News Around the Web