By Kelly Jackson Higgins
Nov 20, 2008
It has been a week since a half-million bot-infected machines were
suddenly freed from their "master" botnet servers after ISPs pulled the
plug on the illicit McColo hosting service. So now what happens to those
orphaned bot machines?
Researchers have spotted these errant bots over the past week attempting
to phone home to their former command and control (C&C) servers. While
the industry continues to celebrate a nearly 70 percent nosedive (albeit
temporary) in spam volume without McColo to host the world's biggest
spamming botnets anymore, these orphaned bots are still at risk -- and
possibly still spewing spam, security experts say.
"They are probably already infected with multiple things. You hardly
ever find just one bot on these computers," says Joe Stewart, director
of malware research for SecureWorks. "You may find three or four
different spam bots on the same machine. And who knows what else --
password stealers and other rogue ware."
Many of these bots -- which were members of the world's most prolific
spam botnets, Srizbi, Mega-D, and Rustock "--are likely still spamming
away for other botnets, or even possibly other servers on the big three
that weren't hosted on McColo, security experts say.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!