Fortinet claims spam levels down after botnet takedowns

Unfortunately for email users, however, whilst the Dutch authorities took the Koobface servers down in mid-November, other servers apparently came on stream later in the month, to take control of the botnets.

Despite this, the report claims that there was a 12% reduction in global spam as a result of the takedown.

"Bredolab was often used to load spam engines, which are typically used to sell fraudulent pharmaceuticals", said Derek Manky, Fortinet's project manager for cybersecurity and threat research.

"The scale of this Bredolab botnet had a huge impact on spam levels, dropping as much as 26 percent one week after it was dismantled", he added.

According to Manky, Fortinet confirmed on November 14, when the primary servers were taken offline, that the intermediary servers failed to proxy content.

This, he explained, effectively crippled the botnet but, Manky says, he and his team saw communication restored five days later on November 19.

"This is likely due to the fact that Koobface contains an FTP harvesting module", he said.

The Fortinet project manager went on to say that operators can use stolen FTP credentials to hijack web servers for intermediary/proxy usage.

By reconfiguring their intermediary servers to new mothership servers, he says, the operators were able to regain control of their botnet.

Also during November, Fortinet's report says that new and old vulnerabilities continued to be exploited, meaning that it is important that IT system users keep all application patches up to date.

Additionally, notes the monthly report, a valid intrusion prevention system (IPS) can help mitigate attacks against both known vulnerabilities and zero-day attacks.

With the use of communication through common protocols, the study says that application control is becoming more important to identify malicious activity on the application level.

What’s Hot on Infosecurity Magazine?