ISP shutdown sends spammers scrambling

ISP shutdown sends spammers scrambling

Tags:   3FN.net  Cutwail Botnet  Federal Trade Commision  FTC  SPAM

By Robert Westervelt | Jun 9, 2009

Some spammers are scrambling to find a new ISP to host their botnet command-and-control servers and resume spam campaigns as a result of the Federal Trade Commission's action to take 3FN.net offline.

The court action disrupted some spam bots and caused a dip in global spam levels, according to security vendors that track global spam volume. But security experts warn that any disruption will be temporary as cybercriminals find new ISPs to do business.

Investigators have linked 3FN.net to at least 17 botnet command-and-control servers that are used by spammers to send out millions of spam messages in bulk. The Cutwail botnet was linked to at least one command-and-control server hosted by 3FN.net. Cutwail picked up a lot of Srizbi botnet customers when it was disrupted by the shuttering of San Jose-based Web hosting service provider McColo late last year. At its peak in May, Cutwail represented 35% of all spam globally. Shortly after the shutdown last week it was reduced to 8% of all spam globally, according to Symantec's MessageLabs.

Other vendors are reporting the same dip. Marshal8e6's TRACElabs reported today that it observed a 15% drop in their spam volume index. But security experts say the shutdown will only be a temporary setback for cybercriminals, who will move Cutwail and other spambots to new ISPs and resume operations.

"What happens is you take out one of the big boys and somebody will take over those customers and start spamming for them," said Matt Sergeant, senior antispam technologist for MessageLabs. "[Cutwail] dropped briefly after 3FN was taken down and some of the connectivity around the botnet was taken out, but since then it has really managed to find a way to recover and started spamming again."

For about eight hours following the shutdown of 3FN.net, Cutwail fell silent, but since then it has regained its footing and is currently operating at about 50%, Sergeant said.

"There's some issue that they're trying to resolve, but Cutwail is certainly not quite dead yet," Sergeant said.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

Glad to hear that they take

Submitted by 1249376090 on 4 August 2009 - 5:11pm.

Glad to hear that they take action. Spammers are tiring. Bloggers like me also wish that we can do better to keep them out.
free ads |part time jobs |sleep number bed

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Merging SIM and IAM systems
DNSSEC predictions optimistic
WhiteHat Security reveals top 10 Web hacking techniques
Social networking sites are phishing traps
RSA conference tackles social networking

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS