Botnet Seen Spamming The Internet After Host Shutdown

The Srizbi Botnet is once again spamming email accounts after its host was shutdown earlier this month. The spam bot has a mechanism that can actually search for its owners and await further instructions when the master servers are down.

Network security firms warn that an email spamming botnet is active once again. Its primary servers were shutdown on November 11 after its host was engaged in spamming technics.

The botnet, known as Srizbi, is a collection of over 500,000 hacked PCs that are used as drones to relay about 30 percent of the world's spam. It is the largest organized spam network of compromised computers.

While its host facilities are shutdown, network security firms have learned that each bot on a compromised computer has a built-in function which is fail-safe if its primary servers are offline. This function instructs the bots to wait for further instructions by its primary botnet authors. The bots simply hunt down their malware authors by searching the Internet.

From this point, all the malware authors have to do is register a new Web site or domain name with a new primary host. It is a technic designed to resume spamming as usual once the bots find their host again.

According to network security firm FireEye, at least 50,000 Srizbi infected PCs are redirected to new host domains. The firm found the servers in Estonia. The bots are receiving updates of malware to resume email spamming once again.

It is recommended that PC users have an anti-virus package installed on their computer. Most of them, such as McAfee and Norton, also trap email spam.