(WEB HOST INDUSTRY REVIEW) — After four months gathering data about web hosting service provider McColo (www.mccolo.com), the Security Fix blog has found the San Jose host may be hosting “some of the most disreputable cyber-criminal gangs in business today.”
According to Washington Post’s Security Fix blogger Brian Krebs, McColo’s malicious hosting was not limited to spam. “It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide,” Krebs wrote in a blog post.
Looking up one of those IP addresses shows McColo Corporation has leased a large range of IP addresses to Moscow-based Digital Infinity, which was found responsible for Psycheclone, a web bot used for harvesting e-mail addresses starting in June 2006. According to the Code Cave blog (www.thecodecave.com), McColo’s IP addresses have also been “a major source of WordPress comment spam.”
Krebs contacted the major internet providers for McColo including Fremont, California-based Hurricane Electric. “We shut them down,” director of marketing for Hurricane Electric Benny Ng told Krebs. “We looked into it a bit, saw the size and scope of the problem you were reporting and said ‘Holy cow! Within the hour we had terminated all of our connections to them.”
As a sign that McColo’s hosting business is all but finished, McColo’s home page is no longer available. Crebs and three other researchers report that they could not reach a single webpage assigned to McColo.
No related posts.
