<p>The Srizbi botnet was responsible for about 75% of all of the spam on Earth. All of it's command and control servers were hosted in downtown San Jose, CA. Once this was pointed out to McColo's peers, they stopped routing that AS. As a backup, the botnet was designed to connect to deterministically generated DNS names, which at the time were not registered... So we registered them, blocking the spammers from regaining control of the botnet, and getting a list of every bot-infected source IP.</p>
Julia Wolf tracks botnets, reverse engineers malware, writes IDS signatures, and performs low-level bit-twiddling. She likes mathematics an photography, and she has purple hair.</p>