Microsoft’s attack on the ZeroAccess botnet reduces spam

Druckfreundlich, PDF & E-Mail

This article was contributed by our Engineer John Sparry


During the first week of September, Barracuda Labs identified 10,498 unique domains in the content of captured spam messages. Since then, that number has dropped roughly 80% to 2,131 domains per week. As you might expect, the amount of spam emailed across the internet tends to decrease along with the number of unique domains found in spam content.

Above: chart showing millions of email messages categorized as “spam” and “allowed” (not spam). The regular dips represent weekend traffic, which is generally lower than weekday email flow. Click here for a larger view

What would cause such a drastic reduction? Have spammers taken an extended break for the holidays? Not likely.


Microsoft has partnered with members of the financial services and technology industries over the last few years to target and attack botnets, which are armies of computers and other devices under the control of hackers. Most recently, they announced the disruption of the ZeroAccess botnet, a network consisting of more than 2 million devices worldwide. While not necessarily the only factor contributing to the decrease in spam linked domains, this attack certainly played a significant role.


However, some experts think Microsoft was too hasty and went after ZeroAccess without knowing enough about its makeup.** They believe most of the infrastructure is still in place and it’s only a matter of time before it is fully functional again. In fact, the Barracuda honeypots are already capturing increasing levels of spam. Whether this is due to a recovering botnet or simply spammers of all stripes attempting to take advantage of the holiday gift buying season, Barracuda Networks customers are protected from both.

Nach oben scrollen