Windows boxes allow the concept of a “botnet” to exist. Without closed source code then computing would have transparency and be deprived of an army of zombie computers bringing nations to the ground.

Tis the season, after all: The holidays are the busiest time of the year for spammers, and criminals are hustling to reconnect with potentially millions of virus-infected PCs that they once used to send spam – which accounts for 90 percent of the worlds e-mail.

Spam fighters scored big last week with the takedown of McColo Corp., a U.S.-based company apparently catering to bulk e-mailers. But the battle against McColo also highlights the difficulty in squashing spam-sending operations. Slapping one down means it just pops up somewhere else.

“It is always a cat-and-mouse game, and we fully expect there will be a countermove,” said Doug Bowers, senior director of anti-abuse engineering for Symantec Corp.

Companies like McColo can be difficult for law enforcement to take down. Authorities have to prove company officials knew crimes were being committed through their servers. Web hosting companies often argue that they dont monitor how customers use their services.

In this case, security researchers amassed evidence of wrongdoing on their own and confronted McColos Internet providers to get the Web hosting service taken down.

McColo, which claims a Delaware mailing address and a data center in Silicon Valley, has been on security researchers radars for more than a year. Many spam filters blocked messages coming through McColos service.

The FBI declined to comment. However, it appears that spam senders used McColos service to send commands to large numbers of PCs they had hijacked.

Having that conduit is critical. Spammers use networks of compromised computers – known as “botnets,” or networks of robot or zombie PCs – to amass enough computing power to send millions of messages a day. The owners of those machines typically dont know their computers are secretly being used for this purpose. But criminals need a way to communicate with these computers and a Web hosting company willing to look the other way.

McColo representatives didnt return calls for comment from The Associated Press. McColos Web site was no longer working.

A big problem in tracing the Web hosting companies responsible for enabling botnets is that the traffic from infected computers goes through different Internet providers, so the trail goes cold fast.

The case against McColo, first reported by The Washington Post, was built by security researchers over time and detailed in a recent analysis by HostExploit, a group that tracks Internet threats.

Worldwide spam volume was about 153 billion e-mail messages on Nov. 11, the day McColos Internet providers yanked its service. In two days, that dropped to 64 billion messages, according to IronPort, a security firm owned by Cisco Systems Inc.

It hasnt taken long for things to pick up again.

Security firm Sophos PLC reported Sunday that McColo was back online again after scoring service from a Swedish Internet provider. The service was withdrawn after the Internet provider heard from security researchers.

IronPort said Monday that spam volume was climbing, and had reached an estimated 71 billion messages.

Just a few years ago, when spammers lost access to a botnet of infected PCs – because their Internet connection was severed – the operation could be decapitated. Now its like cutting off an arm. The criminals can find another Internet provider, and theyve changed their tactics to get things running again quickly.

Source: txhar