Rustock is back online, spam levels rise again

UPDATE, Nov 27th: One of the new CnC servers, ’sdx3Fs5B.info’ was resolving to 72.233.114.74 at LayeredTech. FireEye sent an abuse notification to LayeredTech when the CnC servers went online and they have pulled out the server.
—————-
Yesterday, Nov 24, 2008, I noticed a sudden spam rise. When checking some samples I found that the ‘Canadian Pharmacy’ spam is [...]

November 25, 2008
Categories: Spam . Tags: , , , , . Author: mxlab . Comments: Leave a Comment

McColo up and down again, C&C servers to Russia

McColo, the ISP that has been taken down because of their malicious activities, was back online during a brief period thanks to the Swedish ISP TeliaSonara AB that has a router in San Jose. The peering was revoked after complaints to the abuse email address by security from Sophos and security researcher Atif Mushtaq.
During this time Rustock admins [...]

November 17, 2008
Categories: Spam . Tags: , , , , , . Author: mxlab . Comments: Leave a Comment

Spam drops after McColo Corp taken offline

SMTP connections that involves spam have dropped 50% at MX Lab since yesterday. At first, we thought we faced a technical problem and all systems where checked to be sure but there where less SMTP conenctions that contained spam. Today we still noticed a very low level of spam volume.
Several news sites report that the [...]

November 13, 2008
Categories: Spam, Various . Tags: , , , , , . Author: mxlab . Comments: Leave a Comment