Security researchers who warned the shutdown of McColo Corp. would only lower spam levels for a couple of weeks were correct, as one of the largest botnets on the internet, Srizbi, has been resurrected.
After two ISPs stopped offering service to McColo about two weeks ago, global spam mail dropped 70 percent due to the shutdown.
Since last Sunday, spam volume sent rose around 37 percent of the original amount before McColo was pulled offline on November 11.
Srizbi, Asprox, Mega-D, Rustock, and other spam botnets are fully operational again, and in several cases using ISPs located outside of the United States. Any time a botnet is hosted on an ISP not within the United States, it becomes even more difficult to shut down, security experts say.
At least 450,000 infected computers were found connecting to the Srizbi botnet over the past week or so.
In case of termination, Srizbi bots are designed to create a unique web site address that will allow it to look for updates. Botnet masters simply need to register the web domains each hijacked computer is trying to visit, and then they're back in business. Security company FireEye said at least 50,000 Srizbi machines have found new homes, and are now receiving new instructions from Estonian-based servers.
A botnet called Cutwail, which wasn't hosted by McColo, also has reportedly increased its efforts to spam Internet users after the McColo shutdown.
Security analysts expect prior spam levels will be reached at some point in the immediate future. Botnet masters were left temporarily crippled after the demise of McColo, but new hosts and bandwidth should be found soon.