Spam botnet rebuilds itself after being shut down
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Co-ordinated malware network found automatically generating new web addresses from which to operate after its host servers were removed from the Internet
In a demonstration of the mind-boggling sophistication of the technology behind malware and spam distribution, a spam botnet this week resurrected itself after the hosting provider whose servers it used was kicked off the Internet.
The Srizbi botnet uses around 100,000 PCs infected with a specific virus to send out millions of spam emails. It was shut down two weeks ago when a web hosting provider named McColo Corp., suspected of tolerating malicious sites, was cut off by its Internet service providers.
But according to security firm FireEye, the botnet reacted to being cut off by automatically generating new websites from which to co-ordinate the infected PCs. FireEye says that it found the algorithm that Srizbi was using to generate the web addresses, and for a while managed predict their domain names and register them before the bot net got round to it.
Eventually, however, this became too expensive and the bot-net began to direct the infected PCs to send out spam again.
Ironically, the sites now co-ordinating the botnet have been traced to a hosting provider located in
Further reading
Superhacker Gary McKinnon on corporate security’s weak spots
As he faces imminent extradition to the US for hacking into top-secret US military systems, Gary McKinnon tells Information Age about how his experiences highlight the security shortcomings of corporate IT
Book review
Schneier on Security
Crime watcher Bruce Schneier provides a refreshing take on the occasionally over-hyped dangers of the IT security industry
Find more stories in the Security & Continuity Briefing Room
