Spam plummets after Calif. hosting service shuttered
Despite 41% drop, respite likely just temporary
Computerworld - Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.
On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.
"At 1:30 p.m. Pacific, we saw that McColo's connection was shut down," said Nilesh Bhandari, a product manager at IronPort, a messaging security company owned by Cisco Systems Inc. "We immediately saw a major drop in spam volume."
During October, an average of 190 billion spam messages were sent daily, Bhandari said. Yesterday, however, the projected daily total fell to 112 billion, a 41% decline, based on the spam volume that IronPort recorded after McColo was cut off.
"McColo was the hosting firm for some of the biggest spam botnets, including Srizbi and Rustock," said Bhandari, referring to two notorious bots that infect PCs and turn them into spam-sending machines. Experts have accused McColo of hosting the botnet command-and-control servers, as well as other systems that ran malware distribution points and criminal payment services.
"Botnets hosted by McColo accounted for half of the spam volume worldwide," Bhandari charged.
The respite, however, will likely be brief. "We're happy about this temporary reprieve -- normally, we see a big spike in spam this time of year, so it's nice to see a dip -- but we think it will be truly temporary," Bhandari said.
In September, after another U.S.-based hosting service suspected of harboring spammers was shut down, IronPort also saw a significant drop in the number of junk e-mails. Within three days, however, the dip had disappeared as others stepped in to take up the slack left when Intercage, which had also done business under the name Atrivo, went offline in late September.
"McColo is a little different in where they play in the criminal [ecosystem]," said Bhandari, "so I think it will take a little longer for spam volumes to recover. But McColo will find another upstream provider or its backers will just move their infrastructure overseas. So in a few days or a few weeks, we'll see spam return to its usual levels."
As of midday Wednesday, McColo's Web site remained offline. The company did not return a call asking for comment on its disappearance from the Internet and the simultaneous drop in spam volume.
- Massive botnet returns from the dead, starts spamming
- Spam levels fluctuate as crooks try to revive botnets
- Spam is silenced, but where are the feds?
- Dodgy ISP McColo briefly comes online, updates botnet
- McColo shutdown forces botnets to relocate
- Hosting firm takedown bags 500,000 bots
- Spam plummets after Calif. hosting service shuttered
- McColo takedown: Internet vigilantism or online Neighborhood Watch?
- IT Blogwatch: McColo is McShut McDown
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts