Spam plummets after Calif. hosting service shuttered
Despite 41% drop, respite likely just temporary
Computerworld - Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.
On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.
"At 1:30 p.m. Pacific, we saw that McColo's connection was shut down," said Nilesh Bhandari, a product manager at IronPort, a messaging security company owned by Cisco Systems Inc. "We immediately saw a major drop in spam volume."
During October, an average of 190 billion spam messages were sent daily, Bhandari said. Yesterday, however, the projected daily total fell to 112 billion, a 41% decline, based on the spam volume that IronPort recorded after McColo was cut off.
"McColo was the hosting firm for some of the biggest spam botnets, including Srizbi and Rustock," said Bhandari, referring to two notorious bots that infect PCs and turn them into spam-sending machines. Experts have accused McColo of hosting the botnet command-and-control servers, as well as other systems that ran malware distribution points and criminal payment services.
"Botnets hosted by McColo accounted for half of the spam volume worldwide," Bhandari charged.
The respite, however, will likely be brief. "We're happy about this temporary reprieve -- normally, we see a big spike in spam this time of year, so it's nice to see a dip -- but we think it will be truly temporary," Bhandari said.
In September, after another U.S.-based hosting service suspected of harboring spammers was shut down, IronPort also saw a significant drop in the number of junk e-mails. Within three days, however, the dip had disappeared as others stepped in to take up the slack left when Intercage, which had also done business under the name Atrivo, went offline in late September.
"McColo is a little different in where they play in the criminal [ecosystem]," said Bhandari, "so I think it will take a little longer for spam volumes to recover. But McColo will find another upstream provider or its backers will just move their infrastructure overseas. So in a few days or a few weeks, we'll see spam return to its usual levels."
As of midday Wednesday, McColo's Web site remained offline. The company did not return a call asking for comment on its disappearance from the Internet and the simultaneous drop in spam volume.
- Massive botnet returns from the dead, starts spamming
- Spam levels fluctuate as crooks try to revive botnets
- Spam is silenced, but where are the feds?
- Dodgy ISP McColo briefly comes online, updates botnet
- McColo shutdown forces botnets to relocate
- Hosting firm takedown bags 500,000 bots
- Spam plummets after Calif. hosting service shuttered
- McColo takedown: Internet vigilantism or online Neighborhood Watch?
- IT Blogwatch: McColo is McShut McDown
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts