Undead Mega-D is back in control of the sex spam zombies

By Davey Winder
Tuesday, 09 December 2008 17:34

Security

Look, everyone knew the day was coming, there is no escaping that fact. It doesn't make it any the more disappointing, but it should hardly be filed under surprise of the year: the Mega-D Botnet is back in action.

When the McColo web hosting outfit was taken down last month I wrote how spammers were in a world of hurt, and oh boy they were.

Taking a single web hosting service out of the equation reduced the volume of spam traffic by as much as 70 percent, with a pretty immediate impact on mailboxes the world over.

A week after the takedown, levels were still way below those experienced before the McColo plug was pulled. But that did not mean that spam was dead.

Still, by all accounts, it hosted the command and control infrastructures for three of the most prolific spamming botnets on the face of the planet: Mega-D, Rustock and Srizbi. One security and spam expert, a lead threat analyst with the Marshal TRACE Team called Phil Hay, went as far as calling it "the most significant single event in the fight against spam we have ever seen.”

Trouble is, we all knew even then that it was only a matter of time before those command and control servers were relocated and booted back into action. That day, it would seem, has come and so buyers of spam goods can rejoice.

There is no word as to where the servers are operating, geographically speaking, although China or Russia look most likely going by recent reports.

Phil Hay is now telling me that “Spam from Mega-D has been ramping up over the last few days and reached up to 48 percent of all the spam we captured in our honeypot spam traps.”

Mega-D, of course, was perhaps best known for sending billions of spams which promoted sexual performance enhancing drugs. So expect to see a flood of similar spam messages back in your mailboxes now that the zombie PCs have been re-connected to the Mega-D control centre.

"After McColo was shut down, we observed activity indicating that the individuals behind the Srizbi, Rustock and Mega-D botnets were attempting to set up new command and control servers" Hay says, adding "We saw some activity occurring with the Rustock botnet, but it appears to have gone quiet again. Mega-D is the first of the affected botnets to really bounce back."