Category Archives: Ogee

An ISP snowshoes ahead in spamming

Continuing the question of Ogee snowshoe: black swan or new strategy? let’s look at Ogee snowshoe spam in the first week of May 2012.

The two dotted lines trending down together in the middle are AS 29131 and AS 28178, and they both fit the traditional profile for snowshoe spam hosting sites, because they advertise hosting or colocation as their main services. AS 29131 is registered to RapidSwitch, which advertises dedicated servers, cloud solutions, and colocation. AS 28178, registered as Network Operations Center (NOC), which keeps on rolling waves of snowshoe spam, appears to be operating under the name BurstNet, which offers managed servers and co-location as its first two services.

However, the dotted line rising to the top right that pulled the solid overall snowshoe volume line back up is not a hosting center: it’s an ISP. CDM’s AS 6428 appears to be operating as Primary Network, whose first services are T-1 Internet access and metro Internet. And Primary Network is not alone. We’ve pulled out a list of all the ASNs affected by Ogee snowshoe so far, and quite a few of them are ISPs, some of them very well known ISPs.

Snowshoe: it’s not just for hosting centers anymore.

-jsq

Ogee snowshoe: black swan or new strategy? SpamRankings.net

A week ago you may recall most of March’s crop of Ogee spamming ASNs had subsided. Yet there were some contenders coming up from the bottom right corner of the graph.

Some correspondents say snowshoe spamming such as Ogee is a black swan, unanticipated and short-lived. I say it may be a change in strategy. Others say the actual spam coming out of Ogee is not the same campaigns as we’ve seen from botnets, so spammers are not moving over. To which I say: yet. And if snowshoe spam is big enough to change worldwide SpamRankings.net, and if it continues, that’s a strategy change. We’ll see how all that goes.

Meanwhile, what’s happened in the last week or two?

Top 10 ASNs showing Ogee spam 2012-03-01 to 2012-04-25, SpamRankings.net.

A few of those contenders were just flashes in the pan. But others are still spamming increasingly more.

-jsq