If you thought you noticed a sharp drop in spam recently, you weren’t mistaken. When hosting service McColo was shut down, some big spam botnets found themselves without a home. But it’s set to creep back up again as the Srizbi botnet has found a new home.
The Washington Post, whose investigation helped take down McColo, says part of the Trojan that’s infected the slave computers in the Srizbi botnet includes a formula that will generate a random but unique URL in the event of a network shutdown, so they can check for updates.
And now that’s beginning to happen, according to security company FireEye. In a blog post the company wrote:
“Srizbi has returned from the dead and has begun updating all its Bots with a fresh, new binary. The worldwide update began just a few hours ago. The new Command and Control servers are located in Estonia, and the domains registered through a registrar in Russia.…In the coming days, many journalists and researchers will ask themselves: "How is it possible that the largest Botnet in the world was allowed to update itself, when a security firm had near complete control over it?" This is an interesting angle that we’ll be exploring once all the technical facts are out on the table.”
Editors' Recommendations
- Hyte made me fall in love with my gaming PC all over again
- A new wave of powerful laptops rises to challenge the MacBook Pro
- AMD makes older PCs more upgradeable once again
- Missed it last time? Dell’s $599 XPS 13 deal is back again
- Broadband internet just got redefined — again