The shutdown of California-based McColo Corp., a company that hosted a staggering variety of cybercriminal activity, on Nov. 11 by as much as 75% in the first few days after its upstream Internet providers pulled the plug. The shutdown slashed spam volumes because some of the planet's biggest spam-sending botnets were hosted by McColo, according to security researchers who had long urged the company's disconnection from the Web.
While spam initially slid off a digital cliff, two weeks later it's unclear whether spammers have resumed their usual practices.
A researcher with , a messaging security company owned by , today said that spam is still down, if not out. According to IronPort, Tuesday's spam volume was approximately 72.7 billion messages, less than half of the 153 billion on Nov. 11, but up from the 64.1 billion of Nov. 13, two days after McColo went off the air.
"We're seeing small spikes in spam volumes relative to the post-McColo shutdown volumes," said Nick Edwards, a senior product manager at IronPort, in an e-mail Tuesday explaining the uptick. "We believe the spammers are trying other botnets -- those whose command-and-control infrastructure and front-end applications were not hosted by McColo."
They're not having much luck, Edwards added. "Spam volumes are still down significantly," he said. "While there was a temporary increase in spam volume [last] Friday and Saturday, spam volumes have not approached levels prior to the McColo shut down. The spammers are having a difficult time finding a botnet for lease that they can use effectively."