A massive reduction in Spam has been witnessed since an alleged Californian based ISP was closed down last week. Industry bodies have long been raising awareness of the volume of Spam which appears to come from the San Jose based business, McColo Corp., but it is only now that the providers of Internet Connectivity to McColo have acted.
However, before celebrating too quickly, this is the lull before the storm as businesses globally could be taken by surprise when SPAM volumes return to previous levels in the run up to Christmas and the spamming operations relocate. MxToolBox also warns that with such a key player in the SPAM market removed, the SPAMMERS will be quick to find new methods and new technologies - as well as resorting to traditional methods of using the unsuspecting Enterprise networks to host their Botnets and distribute their messages.
With McColo allegedly being the master hosting centre for the biggest botnet offenders, Mega-D, Srizbi, Pushdo, Rustock and Warezov, the hunt is on to find new hosts. Roughly there are 7 million computers infected with either Srizbi or Rustock sending spam over an average one-month period.
Apart from being a massive centre for botnet hosting, the servers at McColo have recently been the subject of investigation by private security researcher, Jart Armin, who documented the activity at McColo in a report published today which claims that McColo is currently hosting at least 40 different child pornography Web sites or sites that collect payment for the illicit content -- and that traffic analysis showed that one of the sites garnered between 15,000 and 25,000 visitors each day.
How can small businesses ensure that they are protecting their information and infrastructure from spam or other malicious attacks?
1) Allocate an adequate amount of resources ($) to proactively protect information- As a rule of thumb, small businesses should expect to spend approximately $200 per month, per user for information security. The amount spent on security should rise every year in proportion with the amount spent on new IT hardware (PCs, Laptops, Servers etc.) and software.
2) Continuous Administrator education on threats- Protect against threats at the network and hardware levels, but avoidance information should always be passed down to the user base. Users are notoriously undereducated on how to avoid security breaches...especially phising scams and other social engineering scams designed to deliver web based malware.
3) This is related to 2 above...lock down your perimeter(s)- Email Filtering, IM Filtering, Web Filtering, Wireless Network Encryption and Mobile Messaging Protection should all be robust and employed at all entry points.
4) Be ready- Remember, it is far cheaper and far easier to have a proactive info security policy than it is to recover from a breach.
5) Back up critical data offsite. Most authors do not present data backup as a security issue...but it is (in fact, it is more than a security issue, but it definitely intersects with security). If there is a breach (or natural disaster for that matter), you need to know that your data is safely backed up and easily accessible somewhere far from the reach of the Cyber Thugs.