From: InfoSec News (alertsinfosecnews.org)
Date: Tue Dec 09 2008 - 02:19:19 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/2008/12/08/mega_d_returns/

By John Leyden
The Register
8th December 2008

One of the three botnets cut off by the shutdown of rogue ISP McColo is
back in business. The Mega-D botnet is back on its feet and throwing off
huge volumes of spam, net security firm Marshal8e6 reports.

The botnet - best known for spamvertising adverts for penis pills - has
been linked back to a network of compromised zombie PCs through a new
command and control infrastructure. Analysis of where these systems are
located is ongoing and neither Marshal8e6 or its competitors are
prepared to point the finger of blame just yet. What's not in any doubt
is that junk mail from compromised systems is on the rise.

"Spam from Mega-D has been ramping up over the last few days and reached
up to 48 per cent of all the spam we captured in our honeypot spam
traps," according to Phil Hay, lead threat analyst for the Marshal8e6
TRACElabs.

The shutdown of McColo last month was accompanied by a huge drop in the
global levels of junk mail, with spam levels dropping to a third of
their normal levels. Spam volumes are beginning to return to normal,
according to security watchers. "Spam volumes are still only about 40
per cent of where they were in September this year but they have doubled
since the last week of November, so the spammers seem to be clawing
their way back,” said Hay.

[...]

_______________________________________________
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]