You'll remember how I track spam. Back in October 2008, I observed a precipitous drop. Remember that my numbers lag about 30 days as that's how long Google leaves spam before they delete it. I continued to watch this drop rapidly until it bottomed out in early December 2008. Now it's clearly headed back up.
While you have to look pretty closely at this chart, it represents a drop of almost 50%, 1500 to just over 800.
The story behind this is what's interesting.
Start with Brian Krebs' article from the Washington Post. It seems that the Internet backbone providers got together and took McColo off the air. McColo was a web hosting service that was accused of hosting 75% of spam. That's amazing.
Shortly after Krebs' article went up, FireEye began a series of blog posts about "the rest of the story." The links are here:
But then the story took a twist. The spam had been emanating from a huge botnet known as Srizbi.
It seems that this botnet had a plan to reestablish their command and control center in the event that they lost their host.
The good guys at FireEye even began buying up the domain names generated by the Sirzbi algorithm but to no avail. By late November, Krebs called it a "resurrection." He recapped it in this blog entry.
Andre' M. Di Mino of The Shadowserver Foundation discusses this in his podcast.
No comments:
Post a Comment