Starline Web Services, based in Estonia's capital Tallinn, had hosted four domain names identified as the , according to researchers from computer security firm FireEye.
Hundreds of thousands of PCs around the world infected with , a difficult-to-remove rootkit that is used for sending spam, were programmed to seek new instructions from servers in those domains.
Srizbi is considered one of the more powerful botnets, with at least 450,000 PCs infected. It is estimated that half of the world's spam originated from computers infected with Srizbi. Spam remains a profitable business for cybercriminals.
But spammers lost control of Srizbi when the ISP that previously hosted its command-and-control servers was cut off from the Internet. McColo, whose servers are based in San Jose, California, was cut off by its upstream providers earlier this month after being exposed by computer security experts and the Washington Post.
That left spammers unable to control Srizbi-infected computers. But Srizbi's code contained a fallback mechanism where spammers could reconnect with the stranded machines if such a scenario occurred.