MessageLabs finds botnets fast becoming a moving target

Efforts to stem the rise of spam by closing down ISPs found to be hosting botnet activity are failing, latest research has revealed.

“Last year the shutdown of spam host McColo had a huge impact and it was several months before the levels of spam came back,” Paul Wood of MessageLabs told us. “But when similar steps were taken this month to stop the Cutwail botnet, spam levels recovered almost immediately.”

The technology behind spam has become very well developed and well defined, and is now increasingly being designed to protect spam traffic from disruption, Wood said.

Trojans have some very sophisticated root kits, spammers will work to distribute their command and control channels, and locate many of the bots for larger botnets in unrestricted geographies, he explained. They have become a moving target for ISPs and legislators, alike.

At the beginning of June the US Federal Trade Commission had ordered a shut-down of San Jose Web-hosting firm Pricewert, after it was found to be the source of the Cutwail botnet. The ISP was accused of operating a botnet with command and control servers aimed at disseminating malware and conducting phishing attacks.

“Cutwail’s recovery to one-third of its original levels, after only a few hours, highlights the progress spammers have made since the McColo shutdown in November. Closing down an ISP is having only minimal impact ” Woods said.

Spam from botnets accounted for over 80% of all spam in June, the email service provider has suggested

MessageLabs estimates that in June the global ratio of spam in email traffic from new and previously unknown bad sources was 90% which equates to one in every 1.1 emails, reflecting no change since May. Spam levels for Q2 2009 averaged 88% compared with 74% for Q1 2009. 

Also in June, MessageLabs identified one in every 78 IM-based hyperlinks point to malicious websites. At the current rate, one in 80 IM users may expect to receive a malicious instant message each month, the company said.

One in 280 emails comprised some form of phishing attack, almost no change since May.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up