McColo takedown nets massive drop in spam
The depeering of an Internet service provider has resulted in a drop in Internet-wide spam of as much as 75 percent, security firms said Wednesday.
On Tuesday, two major Internet service providers stopped routing traffic for McColo, a hosting provider based in San Jose, Calif., essentially making all sites hosted by the service inaccessible. The action followed investigations by security researchers that found that McColo had become the preferred home of for many botnets" command and control servers, according to an article in the Washington Post.
"It was like night and day," said Matt Sergeant, anti-spam technologist with MessageLabs. "The second that they went offline the drop started."
MessageLabs, McAfee, Symantec, and Arbor Networks -- as well as other security firms -- noted the drop, though the companies differed on the magnitude, with estimates varying between 60 percent and 75 percent.
The depeering of McColo follows significant efforts by Washington Post reporter Brian Krebs to track down Internet service providers that hosted malicious and criminals servers while ignoring their owners" actions. In September, Atrivo, an Internet service provider based in California, went offline after its sole remaining upstream provider ceased to route its traffic. A drop in spam was also witnessed by observers after the disconnection of Atrivo.
Online criminals jumped from Atrivo to McColo, according to an analysis published by SecureWorks in October. MessageLabs" Sergeant believes, this time, spam will again ramp up as online criminals find a new place to roost.
"I don"t believe this will have a lasting effect on spam volumes," Sergeant said. "The people responsible for this are making a lot of money. They are now going to work to get back to a position where they are making a lot of money again."