Worldwide spam rates fell sharply recently after two major ISPs cut off internet access to hosting company McColo Corp. Various security sources estimated that spam rates fell by between 40 and 75% shortly after the company’s servers were disconnected.
Although the levels have picked up again, the drop is being seen as strong evidence that a significant slice of the world’s spam was coming from McColo.
“McColo Corp had a number of criminal organisations they were turning a blind eye to,” said Jason Steer, product manager at IronPort. “It was responsible for spam but lots as other things as well, even down to the level of child pornography. This is an unprecedented change in stance from ISPs that I do not think we have seen before.”
However, Steer does not believe that the shutdown will affect spam in the long or even medium term, saying that spammers will find other outlets. Nevertheless, it is a step in the right direction in making it harder for spammers to do business, he said.
The situation is similar to that which occurred after Californian web hosting service Intercage was shut down. Spam levels dropped by nearly 10%, but quickly rebounded.
Jart Armin, a private security researcher who has been investigating McColo, has released a report claiming that the company was responsible for partial control of between 50 and 75% of the world’s spam.
The McColo – Cyber Crime USA report claims that McColo was hosting the command and control systems for a number of major botnets, including Rustock, Srizbi, Dedler, Storm, Mega-D and Pushdo. Each of these networks control an average of 600,000 computers which pump out a massive amount of spam. More seriously, Armin also alleged that the company was hosting child pornography web sites for criminal organisations.
“Research and contribution has shown at least 40 confirmed child pornography websites, name servers and payment systems recently served by McColo,” the report states. “With sub-domains and associated links it is the tip of the iceberg. As indicated earlier, with McColo and modern cyber-criminal techniques these websites and domains move locations very rapidly, as in shuffling a deck of cards.”
McColo’s web page was down at the time of going to press.
Subscribers 0
Fans 0
Followers 0
Followers