Shutdown of hoster disarms 500,000 bots

The shutdown of hosting company McColo last week crippled more than 500,000 bots which are no longer able to receive commands from criminals, according to a security researcher.

Although the infected PCs are still operational, the previously-planted malware that tells them what to do cannot receive instructions because of the shutdown of McColo.

"Half a million bots are either offline or not communicating" with their command-and-control servers, estimated Joe Stewart , director of malware research at SecureWorks.

The California firm was disconnected from the Internet by its upstream service providers at the urging of researchers who believed the company's servers hosted a staggering amount of cybercriminal activity, including the command-and-control servers of some of the planet's biggest botnets. Those collections of infected PCs were responsible for as much as 75 percent of the spam sent worldwide; when McColo went dark, spam volumes dropped by more than 40% in a matter of hours.

The McColo takedown resulted in a record number of bots being severed from their hacker controllers by any single event, Stewart said. He compared it to last September, when Microsoft 's anti-malware utility, the Malicious Software Removal Tool (MSRT), purged nearly 300,000 infected PCs of the infamous Storm Trojan.

"That had a good impact, but it didn't stop the flow of spam globally," Stewart said of the MSRT takedown. "It didn't make a difference to other botnets that were still spamming away."

Knocking McColo offline, on the other hand, disrupted at least two major botnets - "Rustock" and "Srizbi" - said Stewart, and caused spam to plummet around the globe.

Stewart, a leading authority on botnets, estimated the strength of the top 11 botnets last April. Srizbi, at 315,000 bots, was No. 1 in his census, while Rustock, at 150,000, was in the No. 3 spot.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: