McColo shutdown lightens malware load

Filed Under: Malware, SophosLabs, Spam

Not only has the take down of McColo last week (link, link) caused a massive drop in worldwide spam levels, but it would also appear to have resulted in a big drop in the level of malware being spammed out as attachments.

Up until last week, we at SophosLabs had seen something of a resurgence in malware as an attachment in recent months, with huge numbers of malicious attachments from various malware families appearing on our spam traps, such as W32/Autorun-OG posing as fake UPS details, Troj/Agent-ICH as a fake eCard, Troj/Agent-HQK and Troj/Agent-IDO as bogus internet access suspension details.

However, over the last week, we have been seeing just the usual background radiation of W32/MyDoom's, W32/Mytob's and W32/NetSky's.

malware attachments

It is unlikely that things will stay this quiet for long but we at SophosLabs appreciate the relative calm while it lasts.

You might like

About the author

James Wyke is a Senior Threat Researcher with SophosLabs UK