An international team of academics researching global spam has managed to cripple a botnet as a by-product of its research.
The team, made up of professors and PhD students at the University of California, Santa Barbara and Germany's Ruhr-University Bochum, was conducting a joint research project analysing spam distribution.
Part of this was running several honeypots (open machines online designed to catch malware) and looking for patterns in the data.
By matching some of the malware discovered against the free databases maintained by Anubis the team was able to identify the 30 command and control servers used by the PushDo botnet, which is responsible for large volumes of spam.
"Pushdo has a long history of badness, and some analysis reports date back to as far as 2007," said assistant professor Thorsten Holz.
"This piece of malware acts as a dropper, and downloads additional components which can then carry out different tasks, like for example the Cutwail component which sends out spam mails."
After making sure of its evidence the group went to the hosting companies and informed them of the situation. In all, 20 of the 30 servers identified were shut down and security researchers at M86 said that the botnet has been crippled.
"This co-ordinated takedown has had an immediate impact on Pushdo's spam output," said Phil Hay, lead security researcher at M86.
"Pushdo has been responsible for wave after wave of malicious spam campaigns in recent months. Still, we must sound a note of caution. Previous experience has taught us that these botnet take downs are short lived."
Holz told V3.co.uk that the hosting companies were helpful in taking down the servers, but agreed that the botnet might not be out of commission for long.
"Spammers are making a lot of money," he said. "It's very likely that the controllers will work to re-establish themselves and will move their infrastructure elsewhere."
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away