Forum latest

Botnet traffic bounds back 90% within 48 hours of ISP shutdown
Security
Written by Daniel   
Wednesday, 26 August 2009 11:16

An Internet service provider was shut down in the hopes that it would quell the traffic of one of the most active botnets, Cutwail. While it was initially effective, Cutwail rebounded almost fully only a few days later.

By Casey Johnston | Last updated August 25, 2009 7:03 PM CT

A common way of combating spam traffic is to shut down the service provider through which the traffic is being processed. With a new variety of botnets, though, this method is becoming increasingly ineffective. The August report from Message Labs indicates that the shutdown of a Latvian ISP, while initially effective, ultimately did little to quell the malicious activity of one botnet, whose traffic recovered in a matter of days.



Cutwail is one of the largest botnets running amuck on the Internet, and is estimated to be behind 15-20 percent of all spam, including malicious websites, phishing websites, and fake antivirus products. Message Labs noted that Cutwail was conducting a large portion of its dubious business through Real Host, an ISP based in Riga, Latvia. Real Host was allegedly involved with "command-and-control" servers allowing large-scale botnet infection.  [ARS Technica...]    [Comments....]
 
Don't Click Here Don't Click Here Either