It didn’t take long (2 weeks) after the McColo host company was shut down for the world’s biggest spammers to get back online and start updating all their bots, a recent report by FireEye revealed. This means that all the time we’ve enjoyed with less spam is over now that the Srizbi botnet – responsible for almost half of the world’s spam – went back online. SecureWorks estimated at the time that McColo – Srizbi’s web host – was responsible for 75 percent of the spam sent daily in the United States.
FireEye explained that this was possible due to a mechanism that dynamically generates the Command and Control function to which it communicates based on a seed in the binary and a variation of the Julian date of the infected host.
FireEye attempted to block Srizbi from registering domains by figuring out what domains in specific Srizbi was looking for and registering them before the spammers did. Unfortunately, that proved to be efficient for just a short period of time, when the security firm realized that their work was increasingly expensive, since each domain that they registered cost money.
“As soon as we stopped registering domain names, the Botnet owner swooped in and began registering domains, as he was able to predict which would be in use today,” FireEye’s Atif Mushtaq and Alex Lanstein reported, adding that all the domains pointed to servers in Estonia, except one which had the IP registered out of the Cayman Islands and was hosted in Germany.
Source: eFluxMedia
Similar issue here – stocks spam is on a rampant rise in India, courtesy of a number of upcoming stock advisor companies that want quick clientele. Goodness, the way things are, it looks like the owner has absolutely no control over the spam being sent – but there is no way to know! Your advice on the subject would prove pretty useful. Please review my lens at http://www.squidoo.com/fight-spam-vimalstocks if you’ve the time.