Slashdot Mirror

← Back to Stories (view on slashdot.org)

McColo Briefly Returns, Hands Off Botnet Control

Posted by kdawson on from the should-have-used-a-stake-through-the-heart dept.

A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world's spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. "The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to ... Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last."

3 of 242 comments (clear)

  1. Uncongested Relief! by IgnacioB · · Score: 5, Informative

    I gotta say the past week without so much SPAM has been like having a 10 year head cold where I've become more and more congested...and just lived with it. To suddenly have the congestion stop for just a week....I almost forgot what life is SUPPOSED to be like without a clogged sinus of an Inbox. Damn spammers! I wish I could have one pointed out and slap them up side the head....and then let the other million of people get to slap them. Then after that slapfest.....find a person that bought something from a spammer and slap them. If there were ever a time for authorities to get involved...it would be now! Raid that ISP and you know they'd catch some guilty folks...some of which could flip.

  2. Re:Let's turn TeliaSonera into a smoking crater ne by moderatorrater · · Score: 4, Informative

    I don't see why. 15MB/sec for 12 hours is rougly 650 gigs - a lot, but a single external hard drive could have pulled it off. At most they shaved a week off their time to get the botnets back up and running at full capacity.

  3. Re:Let's turn TeliaSonera into a smoking crater ne by aproposofwhat · · Score: 5, Informative

    Apparently TeliaSonera shut down the link as soon as they realised what was happening - the contract was through a proxy company.

    See the Register article for more details.

    So we can't really blame TeliaSonera.

    Why the spamming bastards didn't just courier a hard drive to Russia instead is a mystery, though.

    --
    One swallow does not a fellatrix make