The late-2006 appearance of durable botnets was a tipping point in the back-and-forth battle against spammers, an industry analyst said Friday, who predicted that spam will continue to gain ground on defenses.
Assembled by a Trojan called SpamThru, the new botnets are tougher to bring down, says Paul Wood, senior analyst with MessageLabs, a message security and filtering service. "The advent of Trojans like SpamThru makes it possible for each bot in the net to learn about the location of other bots. When a bot goes down or the command and control channel is compromised, the other bots know about it."
In SpamThru's techniques, if a control server is shut down, the spammer can easily update the rest of the bots with the location of a new server as long as he controls at least one bot in the net. And if a specific bot is shut down, its spam load can be quickly shifted to another, as-yet-undiscovered, bot.
"Until now, it's not been possible to regain control of a [compromised] botnet," says Wood. "This makes botnets much more resilient."
And that, says Wood, is bad news for companies and consumers plagued by a tidal wave of spam since September and October. "In the last few months, certainly from September-October, spam has become much more aggressive."