Via Washington Post -
Spam volumes could rise considerably over the next few days now that one of the world's largest networks of compromised computers used for blasting out junk e-mail was brought back to life tonight.
The "Srizbi" botnet, a collection of more than half a million hacked PCs that were responsible for relaying approximately 40 percent of all spam sent worldwide, was knocked offline two weeks ago due to pressure from the computer security community.
On Nov. 11, the Internet servers used to control the Srizbi botnet were disconnected when a Web hosting firm identified by security experts as a major host of organizations engaged in spam activity was taken offline by its Internet providers.
Turns out, Srizbi's authors had planned ahead for such a situation by building into each bot a fail-safe mechanism in case its master control servers were unavailable: A mathematical algorithm that generates a random but unique Web site domain name to check for new instructions and software updates.
With such a system in place, the malware authors can regain control over the bots merely by registering the Web site names that the infected machines are trying to visit and placing the instructions there.
According to FireEye, a security company in Milpitas, Calif., that has closely tracked the botnet's actvity, a number of those rescue domains were registered Tuesday evening, apparenly directing at least 50,000 of the Srizbi-infected machines to receive new instructions and malicious software updates from servers in Estonia.
FireEye senior security researcher Alex Lanstein said he fully expects spam volumes to recover to their pre-Nov. 11 levels within a couple of days.
"Srizbi was the spam king," Lanstein said. "And now it's back."
Much more to come tomorrow with the very interesting back story about how all this happened. Stay tuned.
No comments:
Post a Comment