The McColo Effect: One Year Later

One year ago today email administrators were astonished to notice the amount of spam hitting their mail servers had plunged precipitously. Email volumes dropped off as much as 60 percent to 70 percent, and the reason wasn’t immediately obvious to anyone except for the folks who knew that McColo, a major spam-hosting ISP had been taken offline. Three of the largest spam-sending botnets at the time–Rustock, Srizbi, and Mega-D–had command and control machines hosted at McColo and were drastically affected. Mega-D’s volume dropped by more than 95 percent and Srizbi volumes dropped by more than 80 percent.

However, only days after McColo was taken offline, it was reconnected for a brief period–about 12 hours–by its uplink provider, giving just enough time for the Rustock botnet owners to recommunicate with their infected machines and point the command and control centers to other service providers. Rustock quickly regained its status as a top spam distributor. The Mega-D botnet owners also bounced back until it was shut down just this past week. Srizbi, which once accounted for more than 50 percent of spam volume, never recovered and is no longer a factor in today’s spam wars.
What has happened since McColo was shut down? Did spam volumes ever recover from the loss of three of the largest spam-sending botnets? Not only did spam (continue reading...)