Largest Source of Spam Taken Down by FireEye
The botnet, that was responsible for roughly a third of the world’s spam mail was recently taken down by the security firm FireEye.
The disappearance of the botnet, known as Ozdok or Mega-D, may well go unnoticed by most users, due to the fact that most of it’s IPs were already blacklisted by most e-mail services. This is, however, a significant achievement in the sense that a small company like FireEye proved capable of dismantling a large operation with lots of funds at their disposal.
This was no meagre task: Ozdok had plenty of protection to prevent that kind of thing from happening, including tons of domain names for control and command channels, as well as hard-coded DNS servers, and the ability to generate new domains at the blink of an eye.
FireEye analyzed the scheme behind Ozdok, and carried out an attack on dozens of it’s control and command channels, which were used to distribute spamming instructions to the bots. The spam immediatelly came to a halt. Close to 300,000 IP adresses reported to the channels under FireEye’s control – a testament to the size of the Ozdok botnet.
It is still unclear, whether Ozdok will successfully get back on their feet, but FireEye said they would work with ISPs to identify the owners of bots, so they can clean their systems. “We are currently unsure how long we can keep up with these future domains. We also looking closely how the bot herders will react to this situation.”
Read more about the operation here.
Recently commented malware