The Canadian Radio-television and Telecommunications Commission (CRTC) said its collaboration with a computer reseller and an Internet service provider based in Saskatchewan managed to stop the distribution of spam messages to millions of Canadians.
The CRTC said it received a report in July from Canada’s Spam Reporting Centre that massive amounts of spam were being routed through the server of Access Communications Co-operative Ltd., a cable television provider operating in Regina, Sask.
Further investigation conducted by CRTC revealed that the spam messages were actually coming from the server of a small business which was using Access Communications as its ISP.
The business’s server had become infected with a malware that linked the server to the Ebury botnet.
Ebury typically runs on Linux servers and provides attackers with a root backdoor shell (a malicious code that can be uploaded to a site to gain access to files stored in that site). Ebury allows attackers to send out spam and has the ability to steal secure shell (SSH) credentials which are used as cryptographic network protocols.
The Autonomous System (AS21804 for Access Communications, which includes the small business with the infected server, topped the charts for spam activity in Canada for the period between June and July 2014, According to the spam ranking Web site, Spamrankings.net. The system transmitted no less than 24 million emails in June and peaked at 73 million in July.
“Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware,” a CRTC statement issued today said.
After that the spam ranking for the two company’s dropped down to the 36th spot on the Spamrankings.net list and the Spam Reporting Centre also stopped receiving spam reports related to the company’s.
“This investigation illustrates how we can tailor our enforcement actions to the situation at hand,” said Manon Bombardier, chief compliance and enforcement officer of the CRTC. “By working together, we were able to stop this malicious spam from continuing to be sent to Canadians.”