Various security sources estimated that spam rates fell by between 40 and 75 per cent shortly after the company’s servers were disconnected. Although they have picked up again more recently the drop is being seen as strong evidence that a significant part of the world’s spam was coming from McColo.
“McColo Corp had a number of criminal organisations they were turning a blind eye to,” Jason Steer, product manager at IronPort told vnunet.com.
“It was responsible for spam but lots as other things as well, even down to the level of child pornography. This is unprecedented change in stance from ISPs I don’t think we’ve seen before.”
However, Steer didn’t think the shut down would affect spam in the long or even medium turn, saying that spammers would find other outlets. Nevertheless it was a step in the right direction in making it harder for spammers to do business.
The situation is similar to that which occurred after another Californian web hosting service Intercage was shut down. Then spam levels dropped by nearly ten per cent, but quickly rebounded.
Jart Armin, a private security researcher who has been investigating McColo, today released a report claiming that the company was responsible for partial control of between 50 and 75 per cent of the world’s spam.
The report states McColo was be hosting the command and control systems for a number of major botnets, including Rustock, Srizbi, Dedler, Storm, Mega-D and Pushdo. Each of these control an average of 600,000 slaved computers each, which pump out a massive amount of spam.
More seriously, Armin also says that the company was hosting child pornography (CP) web sites for criminal organisations.
“Research and contribution has shown at least 40 confirmed CP websites, name servers, and CP payment systems recently served by McColo,” the report states.
“With sub-domains, and associated links it is also the tip of the iceberg, however. As indicated earlier, with McColo and modern cyber criminal techniques these websites and domains move locations very rapidly, as in shuffling a deck of cards.”
McColo’s web page is currently down at the time of going to press.
Spam rates slashed as McColo shut down
By Iain Thomson on Nov 13, 2008 2:54PM