Spam Falls Worldwide After Web Hosting Company's Servers Disconnected

By Matthew Harwood

The world experienced a drastic reduction in the number of spam e-mails sent worldwide Tuesday evening when the servers of a small Web-hosting company in San Jose, California, were disconnected.

According to The Washington Post, whose investigation led to the disconnection:

The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email ....  Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening., another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. (See their graphic representation here.)

Another Web security firm, Trend Micro, also discovered a 40 percent drop in spam levels after McColo Corp.'s servers were disconnected, reports San Jose's The Mercury News.

Astoundingly, the various botnets—strings of compromised computers controlled by hackers— hosted on McColo Corp.'s servers accounted for over 80 percent of the daily spam sent over the last four weeks, according to Marshal, a United Kingdom-based security company.

Despite the fall in spam due to McColo Corp.'s servers disconnection, Adam O'Donnell, director of emerging technologies at messaging security company Cloudmark, blogged that this will only be a "temporary lull."

He told The Sydney Morning Herald, "The shutdown has removed pieces of infrastructure critical for the operation of several spammers, but this does not mean they cannot adapt," adding they'll probably set up shop again "somewhere in Eastern Europe".

The Post says it's unclear whether McColo Corp.'s owners and managers will be held legally liable for the company's activities. Mark Rasch—a former cybercrime prosecutor for the Justice Department and managing director of FTI Consulting in Washington, D.C.— told the Post McColo Corp.'s activities are perfectly legal unless it can be proved they violated others' copyrights or knowingly had child pornography on their network and failed to eliminate it. Analysis on McColo Corp.'s servers by Jart Armin, reports the Post, showed that McColo Corp. hosted 40 child pornography Web sites or Web sites that collect fees for the illegal content.

Paul Ferguson, a threat researcher for Trend Micro, told the Post that McColo Corp.'s harmful activities were well known within the Web security community.

"There is damning evidence that [McColo's] activity (allegedly hosting purveyors of spam) has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care," Ferguson said.

As of yet, reports the Post, there is no evidence that anyone at McColo Corp. has been charged with a crime.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.