Bad guys learn a lesson about disaster recovery

It didn't take long for spammers to learn their lesson. About seven months after the McColo shutdown took out their command-and-control operations, a similar shutdown last month was anticipated and routed around.

Symantec this week said that Cutwail, "one of the largest and most active botnets," was affected when California-based ISP Pricewert was shut down on June 5 - however, its activity was back up to one-third of its original levels after just a few hours. The antivirus company said that shows that spammers have learned the importance of back-up channels for command and control.

The McColo shutdown in November gave them a wake-up call. Supposedly, spam levels dropped about 50% after upstream ISPs cut off McColo, which hosted the command-and-control servers, and it took botnets such as "Srizbi" months to recover.

It's interesting that spammers are just like anyone else in this regard; it often takes an actual disaster to get people thinking about disaster recovery. Even a shadow network architecture needs a backup.

Symantec says that spam from botnets accounted for 83.2% of all spam in June, and spam accounted for 90.4% of all e-mail traffic, so the backup plans are working just fine.

On a related note, fellow newsletter authors Jim Metzler and Steve Taylor recently discussed the "Darwin Awards for Disaster Recovery," stories of people who didn't exactly think their disaster recovery plans through, or didn't test them before they needed them. These awards might be just the incentive you need to make sure you have your disaster recovery implemented.

Jeff Caruso is site editor at Network World.