Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Google Says Spammers Rallying from McColo Shutdown



 By: Brian Prince
2009-03-31
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Statistics from Google show that the volume of spam has reached the same level as prior to the shutdown of notorious Web hosting company McColo in November 2008. Symantec's MessageLabs and other security vendors have noted the spam recovery as well.

Spammers are officially back in full force five months after the shutdown of Web hosting company McColo.

According to Google, spammers have fully recovered from the death of the notorious Web hosting firm. By the second half of this March, the seven-day spam volume was the same as before McColo shutdown. Symantec's MessageLabs said spammers actually got their groove back in February, and noted in its quarterly intelligence report that one in every 1.32 e-mails is spam.

Either way, it seems botnet operators may have wised up since November and changed tactics.

Resource Library:

"It's difficult to ascertain exactly how spammers have rebuilt in the wake of McColo, but data suggests they're adopting new strategies to avoid a McColo-type takedown from occurring again," blogged Amanda Kleha of the Google security and archiving team. "Specifically, the recent upward trajectory of spam could indicate that spammers are building botnets that are more robust but send less volumeor at least that they haven't enabled their botnets to run at full capacity because they're wary of exposing a new ISP as a target."

According to Google, overall spam volume jumped an average of 1.2 percent per day during the first quarter of 2009, and increasingly spammers are adding geolocation capabilities into the mix. Waledac has been no small part of this, as the botnet blasted out e-mails earlier in March that falsely claimed the recipient's city or area was victimized by a terrorist attack. In that case, the e-mails provided a link to a fake Reuters news site with malware. The attack customized the location by determining the geolocation of the IP address of the victim's machine.

"Location-based spam is the latest technique being used by 'bad guys' to increase the likelihood that an unsuspecting victim will not only read their message, but will actually click one of the links in the message," explained Tal Golan, president and CTO of e-mail security company Sendio. "This new methodology is the next salvo in the spam arms race, but is really just an extension of the 'social engineering' threat vector that has become so popular and effective in the last three years."

Officials at Webroot said while true location targeting is difficult to do well, it has shown itself to be an effective method of attack.

"What we are dealing with here is a blended threat combining the use of Web and e-mail to carry out a sophisticated attack," said Gerhard Eschelbeck, CTO of Webroot Software. "The concept of customizing relevance is quite familiar from the 'spear phishing' attacks from recent years, and has proven an effective method to increase success rates of attacks."





  Reader Comments: Google: Spammers Rally Back From McColo Shutdown
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r8vDZӮvI-5e[KUEB!);/ؗgLtВoeKy!H|GggD\ݴ 9w͹M55|zkѻ`HRkgޅ,36 @FoRYP Ġxnwݶ&N`P'~> \?g3U;Y|QѺ>QQy$pm< Q}c QLٮq8]b'*#O^3j6RY(0B.Ąu#7J;qz'-8NfQ%p'F:rm3Ck>LNZ]@Z3ˆ辥{$)5= \o4"1lp2I9$7 \hyfOl+qtRA'ס,jO`U[۾xw玹Ofrt KJozcnć>LjZ L}:n/EӝF3l˸):4 @S+VWR\m(Ɓxxg9{ؖ3P^pg?_gJU4Ei/(֝h n+V0ݣ^w2 Owu@ΰ{A~A7"DT*jZ*D@aBjLa5 u P%oPK(iv$f1{P$XIcF/XTUi v;cҹt.tN$oIJ1<ZMӀH ZvBo-E%uw''+r=>sو&lXaV|YkU[_nG_CMn[CEC0JCR ?#1p;|io]~<<$ץ#Y>!_w nr@ i/]"{,Y`M`ImdƱ(|ǺrNg9AsE'Ff-Mn "dh|][P3Z$ߚ23}PrM&Sk~$GM\5Ŧ]`)edFS{4/^PP샖_΢1jNTwEQc'axL^,ʹgg^R]E6\aU<<|uwܬ-U$jմީ/~<ҲKwI|eO~*WIFnZ`3qM}sQU+YE*FX8ʍ85m!SGñA &s;,w< 0 D>O;3jZYs;Ni|NQ}ѦMޡ:BݘZH/0i| V8;t#uӹ=U45,h 0#GA 6]LR}t 9q PhR0|s7Ln-0(5I#=ˋƠ` VGPC!nH }P(V|`{ nȲc@|j JG;r%FaA.O)))?]Pv9DB B!B0 H P 쎄J9mW*LOD:Rt{B#̝CRM4aGe-n^ d3#Cdd0U Q򍜘e{8la -z'$:G 5$!.*<3zn4 Iߵo)y@6Êi֜ᔂ"dujB7g ƩeLI|EpL2jԽæXguϳ-j{TN`cܐ^h;Ͱ&QUN?>{BO,\naDHդ:ϧHڶES}77Bs݈C/2$\^&VAB1 6d:l';oWfn2>=Mj=""ǰP7oZp(^HIcНj!D)z٧l.s-D֒eۏbumb$l*=Ҵ.Z)!d[}aa6E]QYRKPD@BR) ҊiY^`(! "x ӡEFچzCCSk :m oUK4G&,mk VhVKtXf&`ܰ &P 7S~8!k^G'Vv<]|:'}=r=C]CC}tGCdݏ1ɉV*a0[6؋T,a79y V&H~2;2.eX \k#OaYwH'=\VaQSF=4FX\eHЮ#ST*i3B#М w 'L-n0-UTKVG=ibgHo y58.5@q5 '& R9AG lɂt!MU,np{Y0XAG5"hꑎ!(;+E6(=c vV; jS~i3H%~Kˣ ,Gφ 2>̌&k}YTZ^RK{=n`7,mcD H!S#2!z p[kh0hv*1՟m$R*CĮ01^*==@7_)-c Mӣˣe;4 +bIۛў'or"9A36V"=_g`sQl x@̬k!@:f۴s:i&21065"Z` |e>c'Ww}QFpA H}7sO>]Ǥ|m,-n1yc%[Qx` f|lh z_7)~(zC>+m uAB>a\TS*.?6CU\+Ԋ?YXᐋqI#"ZAX_dL5AKl!/`.P(S/F 4[*X6-DД4ϰ;Rb h kGQh1F}q'̕KImGϱkK{u U)7NKZ^$t` ۳"0%I2L=ym5umf`<#ϟݜw;sC >Li7IղAkJZ8~G+a>&rn&: {G ɲ\' ׫UVj8H3Ay' vBq]6p),}3>&(=~f?Н :w>aAN 0+οH i/R}R9 jXꞷwh-6:%5ށ4 `i4~{@CL?jnWOqtauNQ嵀^9 s}{!d};]x{ёҽN z's5BDH}䄬W!z:fS k3d8)(xdjc\8$ D8 m̀@ c]w8`B4c-MgSA0?eVxy~nUkq ~ ナ:`AQ1@+JFwg{kD& bT0_RFI$Q#=-#WYqwDg&0_/([ⷚoWȘID_q-5'=?U[k'w?!9g>48|yQ$K 21xc|.A-6ԹJ'S4SJd"8Q%;)~ڰ{, /G=:dSNM(ia-uyjdJ9#S"\ a?6L P,OҴy=#lQ1 i(K"ih$lbTȆRoNپ6<5ަm晿BƗHȣ ,-I+4$/CiA0 GHR#EpqfP>Xki)i[YUH+?vƇ!6OY=!tQ^}rZTrq]ȩh$}ݛ9V8:FHS p'#9ʼSsa, GW .k CvcNأ&k{?ȄKԍ)A/sBk9GR r0xf&4NlEWy'(" xYESrm]O}4]vY H-Э>͠y{`o&|)s'I֚u haJofm5Şa6 ݣovR:}_ivݷ;޽s¾"CWqk:i)@Nl"$$EUՊZFr,WU3$]eNFftZt@2M3}9JfyӼ4iɜAxl7B_7nC\pb]AsqU~(TR-.aO"J骇v9#]MU,^RRMJ>^%k՛" h6vo"Ba"fsME[ovc" PO:=Ȧ=zg[q&M?v:'IMlT iF_pK$x|ǽ!5W% O[.ɼnvšԅ$= 0:O6γR/W$P/^tzmr4)ϕ&<">tWÒoS{ea|tI dݦ~83IR*+3 .PCz5%%ךccaEBSݗc8)-IUTQJ~1L>@J"p$@gxSSryJ o6]qzRy>]CoK۹eXnW~HtFo%S*]ao6| =Jxc9Zڊ,꒪I)Y^I IBҙuC0L4 G@^7݈ű--fء,"%Qp zi*i| ^삒9}',h1On@" _btш7ekӚ[KȤ)T^L GLajiI;WBrV#y:40L01UF? $k 66Ԫ/Ny..y aS%DL Sƾl"/F+7cc HEKqNH_Cr۞UmSR8)\OR).mh`r $JDKaF#|lTG*l4()f%Hp팳98Ź(p_'gggg3nT*J>D|7{YͷFɊ-qljNZ*Q~ըF3<>ڗƋrtßgO^Єה~x̃?lo?X-`y.ynԫ/2`=08}y̭GvKˈ̎^OpyyLEV?p_޳XbCRPz:硋F3㯀YjPZW4 }e"H^;tGcÒK[A:c gxJ׮3y0"c#8OԊ C𾞩lij=u6(Ŷ ,[O!E/pjhÎF0[Tx}7\v`ve&& -vWX{w^J_0v#ꑵr _Ͷb@9p3L1; 2  Uj, CBσg-P 7GEk7^os\3ۥOΨZtq# #fb\{iHm3VտS/21F$u'/xȟ;ƴ7Hfjܴ/N ڬZo[C#:8wr: YŴ_+ h-/ĭU 9R $ ±+lxӫ_UK94 \O?Z Kj ‘ L}}4;m3ȋt jxmrM qM;6;7oǼ=Hvjsmb 㵙H=mVx{7iSM`W۰:ư:/P5|`YmZ8Og-]J6b5qlLS^Opzlï~BYf-e։5V(1Rs1g5 +x(V('I7z $|: /\.ޮb"vSpn]|@Q댗H}[d@Ukbw2@ Wq')Zbp6]}r Ecb_ aIDwg7narO|e7w- L3.N-£EfcO{ eoqTZWIY3+sO02ė= I77}^GcKiL/O#o'8. 2â= #{4+3T4k`'꤯L7v6FIL]KQXc ƩJ~~'`<u'<~'$jqdW:t&8-?(p [.oC[I'Hr @D<[‘wDxQnT#=_݅xyl?]L$G~_(R+eqEod᫩EPئ>8!$9tѰL68߉"gV(؛L~#;Ê%c"1ǖC0ۏUKzt׳c#.JA7N0s{EMF^[5XrlD1.WDnJ2\kV*^D~j $Z$un-u{ sđ뛋uNh0ZVpWlfm>ڊRo4Jv (FLMAr;c{±@`̈b6b~mXPW0j#d#jϊ5] 1Xt1YjUh5Mfikxo2ndeH#]YUc `xJ!Vu3taCȃ;Gym!nJgg?ݠRi0|4pn&SI=Rd0wMGE–2.=к|U?|9[CG)W9$#X\+ x݋chTprȂd5"&t8? W>nr[+^C. t ;7XRictkXaϙFLN9xS_t/`#zK?,P֏X G3wاX,/}zT8d"KS@E,D "}fA=bAa~L­!R)Qw30^nnc~ .X`,2E<ezwY<>we~t6&Y!5KfltQQ({b:Mt?R[7'eIXE^~|NR] $Bq0ӜhQZ6!oX62 =6#`;7C grһ"mrrUr]YOIa[+M|폺Uw{ǟzO˫Š:|i5AS(?)-sa~/r".`.r#z _z92>.˜~r猿7ȡ??}}̡OP))g|rw y@9{ _ wCi]'I9z9|־ą۩aNy:̡JE5ৼrXB]7s?xvY^]YZ;Yo)P.Y#IcDgev0ACѺ`*O WYf-KbaP]?|Lhj'܌3&X;Gi7\]φЙϚ%¦>ga3f^*B8DCw_a%ɡ1zI=vڢ{&9|t5pÅ͹~g²Nush4IjYj ~ZV-|#\!aڌp=b]&$&_4vX4*D`I9CTx|Feiګ,91C=b;h8[閾P=^?AO'^7M^ŗ1 {7/RMu?/ {_A #Hf@2b'`{z98-^^=`)6VI2hؐC ؒ9N-#GN>@&L™#wJY&5$W"-7_)ĪG9oѨs7ˡB?ʆ-&oš&H&z& :3!Mť{6o/T| "e*G) r, `O`XC-['lyjb)mԿ+ HrrXl;${ F(V 1>rQx~p[tt ޹ ޕPh " n#qVLZAۀY yvܸxX3ƴkTw4=XmĤjG[wzhLS,h_cErh9GU ZCQ8ۈ8s2&6 _!ŋC@㓧ʞq}|ۨ=]wrn#kvԙ[NQœj@@zƶ/~lX3&?eWITǓ]''4WB)V@U}# 1*ϑ97Ռ]#|FҚWMPL\,"$7ϒ|v KD"nty9=|^[zQؗG@1agGQ5R^ K7 /X)umȧ|oW|B,Kl`B`t0)p*sC@_ܹeUhJm[9Ud2-1kc'p'!mXVulם8Cȍcf_H6}ZOzc2~ d|$_Oxƪ~SQxr=Gз57b8[| xÿˍtf_$%\"d®xlg`SwDl .7(*O]F xWa!*e;6K)(Xp^'Al9Sw>E}2\Pxkyf#%3+~`[t%(5x2[vGLWe؋(| _b[0~Y+mKbA<\n2?>%i3|@ }( of4J`y%K@4rG5-E6<:=܈x~;ݾ k3HUx.X=lۉQ#nȹ-`jkEmYtẉA}!M*`Ng/>!2T!6xN`EQwş7}UűU(ZN긓 RztEg_0m\}!l6{n&_1!?[e6URA$7}M1ec*륍.yQ'b"mR? ۔̑r&s.c MWc\)֦O*L +&|&R2ֱeRZ`l/Zv?I)