"It seems as if this entire scheme of mass infection is simply to facilitate the sending of spam," said LURHQ.
Researchers following the trail further were able to join the spam proxy network for a peek at its traffic. They found spam, lots of spam. "Before too long, we begin to see loads of spam being pumped through our server, from dozens of IP addresses."
The messages that LURHQ spied out peddled everything from porn site and fake Rolex watches to prescription drugs.
"Obviously there is money being made here," LURHQ concluded. "The economics of exploiting end-user systems for the purposes of spam [is] an established business model."
Since Mocbot/Wargbot broke onto the Internet Saturday Aug. 12, the threat has been ranked low by most security vendors and experts. Symantec, for instance, has been monitoring ports 445 and 139 -- the ones used by the exploit -- on its global network of sensors and systems, but has yet to report unusually-high traffic across those ports.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.
