A huge botnet consisting of 500,000 compromised PCs was crippled when US-based 'spam ISP' McColo was taken offline last week, according to Joe Stewart, director of malware research at SecureWorks.
McColo, which was thought to host a number of hacking and child pornography sites, was cut off from the internet last week by its upstream providers after an investigation by computer security analysts and the Washington Post.
That means the PCs that formed the botnets can no longer receive instructions, according to Stewart, and are therefore no longer accessible by criminals.
Stewart said "half a million bots are either offline or not communicating" with their command-and-control servers. Those PCs were previously responsible for as much as 75 percent of worldwide spam, according to reports, with a record number of bots being severed from their controllers.
At least two major botnets were crippled when McColo was taken offline. One - called Srizbi - was said to include a network of 315,000 bots worldwide in April. The other - Rustock - controlled 150,000 PCs.
Rustock's bots may be never be recovered, Stewart said. However, the Srizbi botnet may still come back online. "When Srizbi bots can't connect, as a backup they're coded to try other domain names," he said.