Computerworld - Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.
On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.
"At 1:30 p.m. Pacific, we saw that McColo's connection was shut down," said Nilesh Bhandari, a product manager at IronPort, a messaging security company owned by Cisco Systems Inc. "We immediately saw a major drop in spam volume."
During October, an average of 190 billion spam messages were sent daily, Bhandari said. Yesterday, however, the projected daily total fell to 112 billion, a 41% decline, based on the spam volume that IronPort recorded after McColo was cut off.
"McColo was the hosting firm for some of the biggest spam botnets, including Srizbi and Rustock," said Bhandari, referring to two notorious bots that infect PCs and turn them into spam-sending machines. Experts have accused McColo of hosting the botnet command-and-control servers, as well as other systems that ran malware distribution points and criminal payment services.
"Botnets hosted by McColo accounted for half of the spam volume worldwide," Bhandari charged.
The respite, however, will likely be brief. "We're happy about this temporary reprieve -- normally, we see a big spike in spam this time of year, so it's nice to see a dip -- but we think it will be truly temporary," Bhandari said.
In September, after another U.S.-based hosting service suspected of harboring spammers was shut down, IronPort also saw a significant drop in the number of junk e-mails. Within three days, however, the dip had disappeared as others stepped in to take up the slack left when Intercage, which had also done business under the name Atrivo, went offline in late September.
"McColo is a little different in where they play in the criminal [ecosystem]," said Bhandari, "so I think it will take a little longer for spam volumes to recover. But McColo will find another upstream provider or its backers will just move their infrastructure overseas. So in a few days or a few weeks, we'll see spam return to its usual levels."
As of midday Wednesday, McColo's Web site remained offline. The company did not return a call asking for comment on its disappearance from the Internet and the simultaneous drop in spam volume.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
