Just two weeks after a rogue hosting firm’s closure slashed spam levels by 70 percent, unsolicited e-mails are back on the rise. The world’s biggest spam network appears to have risen from the dead and laughed in the faces of feeble humans attempting to prevent its return.

Internet providers pulled the plug on McColo after investigations showed it hosted not only a series of spam networks used to distribute bogus e-mails but also many of the websites were gullible recipients handed over their credit card details to buy the goods supposedly on offer.

Among the networks which disappeared from the internet that day was Srizbi, which controlled infected computers worldwide and used them to send a majority (some estimates said 75 percent) of the world’s spam.

Staff at security firm FireEye, which helped in the McColo investigation, discovered Srizbi had a built-in resurrection plan. The virus used to add computers to the network had been programmed to create random website addresses which infected machines were told to visit for further instructions if they lost communication (as happened with the McColo closure).

FireEye tried tackling this by buying up every domain name that the network might try to use in this scheme, with the intention of then instructing infected machines to delete the virus.

However, after the bill for buying up domain names topped $4,000, FireEye staff realized it was financially unstable; the structure of Srizbi meant they’d need to buy 450 domains each week to stand a chance of success. It also turned out the virus was so firmly embedded that removing it remotely could render computers useless, which would likely prompt the mother of all lawsuits.

FireEye staff pulled the plug on their efforts on Monday. Some time on Tuesday, anonymous figures in Russia successfully registered the right combination of domain names and regained control of the network. Spam levels began rising on Wednesday and, while different sources dispute the rate of increase, all parties seem certain it will be back to ‘normal’ levels in the near future.

Related:

Entry was posted on Friday, November 28th, 2008 at 2:36 pm under Security, Spam.

Read more entries by John Lister.
Stumble It!