By Justin Lee, theWHIR.com
October 10, 2008 — (WEB HOST INDUSTRY REVIEW) — Internet security firm MessageLabs (www.messagelabs.com) discovered a brief decline in spam following the demise of Atrivo/Intercage, an Internet service provider that hosted many malware and cyber criminal websites, as reported on Brian Krebs’ Security Fix blog on WashingtonPost.com.
The security firm released new information this week revealing the significant decrease in spam and botnet activity after Atrivio was shut down by its provider.
In the past year, Atrivo went through 10 different Internet providers, including LiteUp, Hurricane Electric, Global Crossing, United Layer, Server Central and Pacific Internet Exchange.
According to the MessageLabs intelligence report, Atrivo’s only remaining provider, Pacific Internet Exchange, terminated the ISP’s service on September 20 after several researchers, including Krebs, published evidence that a large part of Atrivo’s network was being used to distribute fraudulent security tools, Trojan horse programs, and other malicious devices.
In the report, which can be downloaded as a PDF file here, MessageLabs pinpoints this plunge in malicious activity following the disconnection.
However, within a couple of days, the ISP’s former customers moved their botnet’s command and control servers to other hosting locations, and cyber-crime quickly bounced back to its usual levels.
MessageLabs says that the significant decline in the amount of spam can be explained by the fact that many command and control networks used to control the malware spam systems were found on the Atrivo network’s servers.
