Tag Archives: CDM

CDM snowshoes to the top of the world in May 2012 SpamRankings.net

In addition to snowshoe spam taking 7 of the top 10 U.S. SpamRankings.net for May 2012, one of the snowshoe spamming companies, CDM, outspammed every other organization in the world! CDM’s AS 6428 outspammed even chronic world winner Vietnam PT.

In this graph, you can see CDM leap up from zero in March to 15.7 million spam messages in April and 48.8 million in May, and of course that’s just the messages caught by a few spamtraps.

The same spamtraps never saw more than 56 hosts sending all those messages. That was on 11 May 2012, when they saw 1,989,762 spam messages, for a ratio of 35,531 spam messages per sending host. That’s not exactly the old botnet low-and-slow technique. Snowshoe spam: it’s already in prime time!

And remember, CDM is not a hosting center: it’s an ISP. CDM continues to illustrate that snowshoe spam is no longer confined to the traditional profile of infesting hosting centers.

-jsq

An ISP snowshoes ahead in spamming

Continuing the question of Ogee snowshoe: black swan or new strategy? let’s look at Ogee snowshoe spam in the first week of May 2012.

The two dotted lines trending down together in the middle are AS 29131 and AS 28178, and they both fit the traditional profile for snowshoe spam hosting sites, because they advertise hosting or colocation as their main services. AS 29131 is registered to RapidSwitch, which advertises dedicated servers, cloud solutions, and colocation. AS 28178, registered as Network Operations Center (NOC), which keeps on rolling waves of snowshoe spam, appears to be operating under the name BurstNet, which offers managed servers and co-location as its first two services.

However, the dotted line rising to the top right that pulled the solid overall snowshoe volume line back up is not a hosting center: it’s an ISP. CDM’s AS 6428 appears to be operating as Primary Network, whose first services are T-1 Internet access and metro Internet. And Primary Network is not alone. We’ve pulled out a list of all the ASNs affected by Ogee snowshoe so far, and quite a few of them are ISPs, some of them very well known ISPs.

Snowshoe: it’s not just for hosting centers anymore.

-jsq