A notorious botnet, responsible for almost a third of the world's spam emails, has been destroyed by a security firm.
Most computer users may not notice the destruction of the botnet Ozdok due to the fact that most of it's IPs have already been blacklisted by most email services. Ozdok, dubbed Mega-D, was the leader of the spambot pack, spewing 32% of the world's spam, according to reliable spamtraps.
Just recently the security firm FireEye, was able to put an end to this spam menacing botnet eliminating, at least for some time, the spread of a large number of spam messsages over the Internet. FireEye should however be praised for their efforts as the small company proved capable of dismantling what was found to be a large operation with lots of cash at their disposal.
How Did Ozdok Meet its Demise?
Ozdok boasted plenty of protection to prevent its demise, including a huge list of domain names for control and command channels, as well as hard-coded DNS servers, and the ability to generate new domains instantly. FireEye proved to be one step ahead, carefully analyzing the scheme behind Ozdok, and carried out an attack on dozens of its control and command channels, which were used to distribute spamming instructions to the bots. The spam immediately came to a halt, with a whopping 300,000 IP addresses reported to the channels under FireEye's control.
It is still unclear, whether Ozdok will successfully get back on its feet, but FireEye says they will work with ISPs to identify the owners of bots. FireEye is currently unsure how long they can keep up with future domains, but are looking closely at how the bot herders will react to this situation.
Atif Mushtaq from the FireEye Intelligence lab commented on a recent blog that it looks like everything went right according to plan in retaining this beast for the next couple of days. Atif spoke to Phil Hay from Marshal TRACE in order to find latest SPAM trends against Ozdok.
Phil says the last spam message they saw from Ozdok (today) was some 7 hours ago. He also says they are very relieved to see the amount of cooperation offered by most of the ISPs and registrars against their abuse notifications.
It clearly shows that it's difficult but not impossible to take down some of the nastiest botnets of the world. The best thing about the demise of such a massive botnet is many of us will reap the benefits of less spam in our in-boxes.