McColo just the 'tip of the iceberg'

Companies need to understand the spammer's business model

The McColo spam hosting network shut down by law enforcers last week is unlikely to prove a lasting breakthrough in the fight against malware and unsolicited email, according to security experts.

Ian Amit, director of security research at content security firm Aladdin Knowledge Systems, said that McColo was "just the tip of the iceberg" in terms of spam.

"Shutting these networks down is not the solution; they will just shift operations to another network," he said. "The main thing to realise is that this is a business; as long as the business model is not affected it will keep operating."

Aladdin's latest monthly Attack Intelligence Research Center Threat Report (PDF) concludes that, instead of the vicious circle of "patching and signing", companies need to work harder to understand the methodologies and tools used by attackers in order to provide effective defences.

"There are a lot of moving pieces in the [electronic crime] business and they all need to be understood," said Amit. "Security researchers need to get proactive and go to the root of the problem rather than addressing the symptoms. "

This week, newly-formed security vendor Marshal8e6 also argued that spam levels are likely to return to normal, despite falling by as much as 70 per cent after McColo was shut down.

"The spammers are no doubt already setting up new command and control servers," said Phil Hay, lead threat analyst with Marshal8e6's Trace team.

"The challenge for them is to re-establish connections with the thousands of zombie computers still infected with their bot code. We fully expect that spam will resume in large volumes eventually."