Four months after ISPs disconnected hosting provider McColo, the global volume of junk e-mail has apparently returned to its previous levels, Google stated in an analysis posted on Tuesday.
Using data collected from its filtering of spam on behalf of 15 million business users, the search giant found that, by the latter half of March, the seven-day average level of junk e-mail climbed to pre-McColo levels. In addition, the first quarter of 2009 had a higher spam growth rate, about 1.2 percent per day, than the average daily rate in 2008. The jump in junk e-mail comes after the November takedown of McColo, which had hosted the command-and-control servers used by spammers to control their botnets.
"It's difficult to ascertain exactly how spammers have rebuilt in the wake of McColo, but data suggests they're adopting new strategies to avoid a McColo-type takedown from occurring again," Amanda Kleha, a member of Google's security and archiving team, wrote on the company's enterprise blog. "Specifically, the recent upward trajectory of spam could indicate that spammers are building botnets that are more robust but send less volume or at least that they haven't enabled their botnets to run at full capacity because they're wary of exposing a new ISP as a target."
In November, two major Internet service providers stopped routing traffic for McColo, a hosting provider based in San Jose, Calif., essentially making all sites hosted by the service inaccessible. The action followed investigations by security researchers that found that McColo had become the preferred home of for many botnets' command and control servers. The sudden drop in spam following the takedown provided further evidence of McColo's connection to junk e-mail.
Spammers have come back quickly from the incident. In January, e-mail security provider MessageLabs — which, like SecurityFocus is owned by Symantec — found that the volume of junk e-mail had surged back to near October levels.
The overall volume of spam and the amount of spam carrying malicious viruses is down compared to 2008, according to Kleha's post.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos