McColo Shut Down Halts 75% of Spam
- By David Hamilton, November 14, 2008
-
Share
|
Send |
Print |
Comments (1)
Reddit
Newsvine
Stumbleupon
Twitter
Facebook
Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.
(WEB HOST INDUSTRY REVIEW) -- Allegedly hosting "some of the most disreputable cyber-criminal gangs in business today" according to Washington Post reports, web hosting provider McColo (www.mccolo.com) after going offline this week has reduced the global amount of spam by three quarters according to some estimates.
The take-down of San Jose-based hosting company McColo.com by two of its upstream providers on Tuesday afternoon, after which Internet security firm SophosLabs (www.sophos.com) recorded a more than 75% decline in connections to its spamtrap mail servers. Similarly, security firm IronPort (www.ironport.com) reported a 70 percent drop in spam over the last two days and MXLogic (www.mxlogic.com) a 50 percent reduction.
This graph shows that SophosLabs' spamtraps recorded a sharp decline at about 1:30PM PST.
The Washington Post's Security Fix blog has been watching McColo (www.mccolo.com) for the past four months, finding that the San Jose host may be hosting "some of the most disreputable cyber-criminal gangs in business today," including child pornography, phony anti-virus scams and malicious software that has stolen banking and credit card information from more than half a million people globally.
In its latest Cyber Crime USA report, Hostexploit.com security researchers said the company has played "a key role in managing world's major botnets, and malware warehousing, which has been estimated as partially controlling 50 to 75 percent of the world's spam."
SophosLabs' Ross Thomas wrote in a blog post, "The company (McColo) is alleged to have been hosting command-and-control mechanisms for several large botnets such as Rustock, Srizbi, Dedler, Storm, Mega-D and Pushdo, which are estimated to have infected more than 600,000 home computers, spreading more than 100 billion spam emails per day."
McColo has been identified as a questionable host since at least June 2006, when by tracking its , McColo's IP addresses seemed to have leased a large range of IP addresses to Moscow-based Digital Infinity, which was found responsible for Psycheclone, a web bot used for harvesting e-mail addresses. According to the Code Cave blog (www.thecodecave.com), McColo's IP addresses have also been "a major source of Wordpress comment spam."
A Wednesday Washington Post report by Brian Krebs states that it is uncertain if US law enforcement will do anything about McColo's alleged negligence in hosting scams and illegal content.
It is, he wrote, "unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law." He notes that liability is typically decided based on if the hosting provider is aware of the content.
 |
OLDER: SureWest Expands Data Center Space | | | NEWER: 3FN Increases Intrusion Prevention |  |
Comment anonymously or log into your WHIR account
Comment by Anonymous on Sunday, November 16, 2008
This was great news for everyone. I was just amazed that turning off one company’s internet access will do. I wrote an article about this subject on my blog http://simplehostingonline.com/blog/ and what effect this will have in the future of spam in the internet.
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.