Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Spam drops as ISP is cut off from Internet

McColo is solo.

Article comments

McColo, an ISP suspected of aiding cybercriminals in online scams and hosting child pornography has been at least partially disconnected from the Internet.

ISPs can connect with each other to exchange Internet traffic, a practice known as "peering." Hurricane Electric, an ISP that was one of the primary connections for McColo's traffic, has disconnected with McColo, one of a handful of so-called "bulletproof" hosting providers that provide a safe haven online for cybercriminals.

Global Crossing, an IP (Internet Protocol) network services provider also connected to McColo would not comment, however McColo's main website remains offline.

The shutdown coincides with a damming new report on McColo authored by several computer security researchers who detail how McColo and other questionable service providers are linked to spam and cybercrime.

McColo's shutdown "demonstrates that when presented with appropriate evidence of criminal activity, the Internet community can bring about the positive forces necessary to purge it," the analysts wrote.

McColo, whose servers were located within the US, at one time hosted up to 40 websites with child pornography, the report said.

McColo also played a big role in spam distribution, said Richard Cox, CIO of Spamhaus, which tracks spamming operations. It hosted websites that could infect people's computers with malicious software used for sending spam, he said.

Hacked computers then become part of a botnet, or networks of PCs that can be used to send spam or attack other websites.

McColo hosted the so-called command-and-control servers for botnets that are used to instruct PCs to send spam. The botnets included Rustock, Srizbi, Pushdo/Cutwail, Ozdok/Mega-D and Gheg, according to the report.

When it received complaints, McColo would shift around the suspect websites on its network and try to erase traces of wrongdoing, Cox said.

"Essentially, a lot of these providers know what their customers are doing and try to protect them," Cox said.

Analysts are predicting a drop in spam and botnet activity while McColo is offline. Joe Stewart, director of malware research for SecureWorks, said on Wednesday that he'd received only one spam message from the Rustock botnet, while on a normal day he might get up to 20.

McColo's demise is going "to be kind of a vindication for a lot of researchers that have been complaining about McColo for years and why law enforcement wasn't doing anything about it," Stewart said.

SecureWorks has tracked bad activity at McColo, but law enforcement has always been "tight-lipped" about investigations, he said.

But it may only be mere days before those who use hosting services from McColo find other bulletproof hosters. "There's all kinds of wanna-be McColos that are on the hacker forums, the spammer forums," Stewart said.

In fact, bad activity at McColo increased after the shutdown in September of Intercage, a California hosting company also known as Atrivo, Cox said. Intercage's upstream providers stopped carrying its traffic following years of complaints that the ISP supported spam and harmful websites.

McColo's increased activity showed spammers just moved from Intercage to there, and will likely move fast, Cox said. Cybercriminals probably have "hot stand-by" websites ready to go with other service providers to stay in business, Cox said.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *