McColo up and down again, C&C servers to Russia

November 17, 2008 Leave a Comment

McColo, the ISP that has been taken down because of their malicious activities, was back online during a brief period thanks to the Swedish ISP TeliaSonara AB that has a router in San Jose. The peering was revoked after complaints to the abuse email address by security from Sophos and security researcher Atif Mushtaq.

During this time Rustock admins did had time to update the Command And Control server with an IP of 208.66.194.22 at McColo to a new host in Russia.

With the takedown of McColo the drop of spam volumes worldwide is still continuing but as we can see the botnet admins are gettings thing up and running again. It is my belief that sooner or later, perhaps sooner, the spam levels will rise again and tradionally the end of the year is very attractive for spammers.

The botnet admins will learn a lesson of this and make their systems more redundant with fall back servers and we could even see systems where the centralized Command And Control server is replaced by a structure more based on P2P. Taking down the command center will become more difficult.

Filed under Spam Tagged with , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers