Spam rates fell sharply around the globe after two major ISPs cut off internet access to hosting company McColo Corp. Security researchers estimated that spam rates fell between 40 and 75 per cent almost immediately after the company's servers were disconnected. Though traffic has picked up again, the drop is seen as evidence that McColo was hosting a significant part of the world's spam. Security sources said that McColo was certainly overlooking the activities of a number of criminal organisations, to whom it was playing host. These organisations were not only into spam but other illegal activities as well, such as child pornography. Security experts welcomed the action against McColo, saying it was an unprecedented change in stance by ISPs. Industry observers were sceptical about the effect the shut down would have on spam in the long or medium turn, saying spammers would eventually find other outlets. However, the action was important, they said, as it made it more difficult for spammers to do business. Earlier, in September, a California web hosting service, Intercage, also known as Atrivo, was similarly shut down. Though spam levels dropped 10 per cent, they quickly rebounded. In fact, spamming at McColo increased after the shutdown of Intercage, showing how quickly such business transfers to other locations. Meanwhile private security researchers, who have been investigating McColo, immediately released a report claiming the company may have been responsible for atleast 50 to 75 per cent of the world's spam in part or in whole. The report said McColo was hosting the command and control systems for a number of major botnets, including Rustock, Srizbi, Dedler, Storm, Mega-D and Pushdo. Each of these botnets, the report said, controls an average of 600,000 slaved computers, which together pump out massive amounts of spam. A more significant outcome of the shutdown would be that McColo was also hosting child pornography (CP) web sites for criminal organisations. According to the report, research indicated that at least 40 confirmed CP websites, name servers, and CP payment systems were recently served by McColo. ''With sub-domains, and associated links it is also the tip of the iceberg, however. As indicated earlier, with McColo and modern cyber criminal techniques these websites and domains move locations very rapidly, as in shuffling a deck of cards,'' said the report.
|