Spam plummets after Calif. hosting service shuttered
Despite 41% drop, respite likely just temporary
Computerworld - Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.
On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.
"At 1:30 p.m. Pacific, we saw that McColo's connection was shut down," said Nilesh Bhandari, a product manager at IronPort, a messaging security company owned by Cisco Systems Inc. "We immediately saw a major drop in spam volume."
During October, an average of 190 billion spam messages were sent daily, Bhandari said. Yesterday, however, the projected daily total fell to 112 billion, a 41% decline, based on the spam volume that IronPort recorded after McColo was cut off.
"McColo was the hosting firm for some of the biggest spam botnets, including Srizbi and Rustock," said Bhandari, referring to two notorious bots that infect PCs and turn them into spam-sending machines. Experts have accused McColo of hosting the botnet command-and-control servers, as well as other systems that ran malware distribution points and criminal payment services.
"Botnets hosted by McColo accounted for half of the spam volume worldwide," Bhandari charged.
The respite, however, will likely be brief. "We're happy about this temporary reprieve -- normally, we see a big spike in spam this time of year, so it's nice to see a dip -- but we think it will be truly temporary," Bhandari said.
In September, after another U.S.-based hosting service suspected of harboring spammers was shut down, IronPort also saw a significant drop in the number of junk e-mails. Within three days, however, the dip had disappeared as others stepped in to take up the slack left when Intercage, which had also done business under the name Atrivo, went offline in late September.
"McColo is a little different in where they play in the criminal [ecosystem]," said Bhandari, "so I think it will take a little longer for spam volumes to recover. But McColo will find another upstream provider or its backers will just move their infrastructure overseas. So in a few days or a few weeks, we'll see spam return to its usual levels."
As of midday Wednesday, McColo's Web site remained offline. The company did not return a call asking for comment on its disappearance from the Internet and the simultaneous drop in spam volume.
- Massive botnet returns from the dead, starts spamming
- Spam levels fluctuate as crooks try to revive botnets
- Spam is silenced, but where are the feds?
- Dodgy ISP McColo briefly comes online, updates botnet
- McColo shutdown forces botnets to relocate
- Hosting firm takedown bags 500,000 bots
- Spam plummets after Calif. hosting service shuttered
- McColo takedown: Internet vigilantism or online Neighborhood Watch?
- IT Blogwatch: McColo is McShut McDown
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts