Botnets show signs of life

It was perhaps inevitable.  After some two weeks in the wilderness, most of the spam botnets that were affected by the shutdown of McColo two weeks ago have begun to show signs of life.

Yesterday we saw both Mega-D and Rustock begin to spam again. Mega-D had a brief spurt but has since stopped. On the other hand, Rustock returned in force yesterday and is spamming in relatively large volumes, mainly with links to Canadian Pharmacy websites. Gheg, a smaller botnet that was also using McColo to host its control servers, is also spamming again. 

We have also seen a small volume of spam trickling in from Srizbi over the last several days, which may have originated from bots that used a control server not hosted by McColo. Despite reports elsewhere to the contrary, we have yet to see Srizbi spam in a significant way. Recent evidence suggests that the operators of Srizbi may have relocated their servers and regained control. If so, we may yet see increased spam volumes from this beast in the near future.

Spam volumes, as you can see in our Daily Spam Volume Index below, are still way below what they were before McColo was taken offline.  However over the last two days the volume has increased noticeably, which is almost single-handedly due to the return of Rustock.