Worldwide spam rates fell sharply today after two major ISPs cut off internet
access to hosting company McColo Corp.
Various security sources estimated that spam rates fell by between 40 and 75
per cent shortly after the company's servers were disconnected.
Although the levels have picked up again, the drop is being seen as strong
evidence that a significant slice of the world's spam was coming from McColo.
"McColo Corp had a number of criminal organisations they were turning a blind
eye to," Jason Steer, product manager at
IronPort,
told vnunet.com.
"It was responsible for spam but lots as other things as well, even down to
the level of child pornography. This is an unprecedented change in stance from
ISPs that I do not think we have seen before."
However, Steer does not believe that the shutdown will affect spam in the
long or even medium term, saying that spammers will find other outlets.
Nevertheless, it is a step in the right direction in making it harder for
spammers to do business, he said.
The situation is similar to that which occurred after Californian web hosting
service
Intercage
was shut down. Spam levels dropped by nearly 10 per cent, but quickly
rebounded.
Jart Armin, a private security researcher who has been investigating McColo,
today released a report claiming that the company was responsible for partial
control of between 50 and 75 per cent of the world's spam.
The
McColo
- Cyber Crime USA report claims that McColo was hosting the command and
control systems for a number of major botnets, including Rustock, Srizbi,
Dedler, Storm, Mega-D and Pushdo. Each of these control an average of 600,000
computers which pump out a massive amount of spam.
More seriously, Armin also alleged that the company was hosting child
pornography web sites for criminal organisations.
"Research and contribution has shown at least 40 confirmed child pornography
websites, name servers and payment systems recently served by McColo," the
report states.
“With sub-domains and associated links it is the tip of the iceberg. As
indicated earlier, with McColo and modern cyber-criminal techniques these
websites and domains move locations very rapidly, as in shuffling a deck of
cards."
McColo's web page is currently down at the time of going to press.
Do you agree?
Have your say on this article