http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212101163 By Kelly Jackson Higgins DarkReading Nov 20, 2008 It has been a week since a half-million bot-infected machines were suddenly freed from their "master" botnet servers after ISPs pulled the plug on the illicit McColo hosting service. So now what happens to those orphaned bot machines? Researchers have spotted these errant bots over the past week attempting to phone home to their former command and control (C&C) servers. While the industry continues to celebrate a nearly 70 percent nosedive (albeit temporary) in spam volume without McColo to host the world's biggest spamming botnets anymore, these orphaned bots are still at risk -- and possibly still spewing spam, security experts say. "They are probably already infected with multiple things. You hardly ever find just one bot on these computers," says Joe Stewart, director of malware research for SecureWorks. "You may find three or four different spam bots on the same machine. And who knows what else -- password stealers and other rogue ware." Many of these bots -- which were members of the world's most prolific spam botnets, Srizbi, Mega-D, and Rustock "--are likely still spamming away for other botnets, or even possibly other servers on the big three that weren't hosted on McColo, security experts say. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 21 2008 - 00:21:30 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 21 2008 - 00:31:57 PST