McColo up and down again, C&C servers to Russia

November 17, 2008 by mxlab Leave a Comment

McColo, the ISP that has been taken down because of their malicious activities, was back online during a brief period thanks to the Swedish ISP TeliaSonara AB that has a router in San Jose. The peering was revoked after complaints to the abuse email address by security from Sophos and security researcher Atif Mushtaq.

During this time Rustock admins did had time to update the Command And Control server with an IP of 208.66.194.22 at McColo to a new host in Russia.

With the takedown of McColo the drop of spam volumes worldwide is still continuing but as we can see the botnet admins are gettings thing up and running again. It is my belief that sooner or later, perhaps sooner, the spam levels will rise again and tradionally the end of the year is very attractive for spammers.

The botnet admins will learn a lesson of this and make their systems more redundant with fall back servers and we could even see systems where the centralized Command And Control server is replaced by a structure more based on P2P. Taking down the command center will become more difficult.

Filed under Spam Tagged with , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>