McColo shutdown lightens malware load

Not only has the take down of McColo last week (link, link) caused a massive drop in worldwide spam levels, but it would also appear to have resulted in a big drop in the level of malware being spammed out as attachments.

Up until last week, we at SophosLabs had seen something of a resurgence in malware as an attachment in recent months, with huge numbers of malicious attachments from various malware families appearing on our spam traps, such as W32/Autorun-OG posing as fake UPS details, Troj/Agent-ICH as a fake eCard, Troj/Agent-HQK and Troj/Agent-IDO as bogus internet access suspension details.

However, over the last week, we have been seeing just the usual background radiation of W32/MyDoom’s, W32/Mytob’s and W32/NetSky’s.

malware attachments

It is unlikely that things will stay this quiet for long but we at SophosLabs appreciate the relative calm while it lasts.