Notorious Spam-Linked Web Hosting Service Goes Offline

A Web hosting firm reportedly responsible for hosting roughly 75 percent of the world's spam went offline Nov. 11 after its primary Internet providers cut the company off.

According to the 'Security Fix' blog in the Washington Post, McColo's two main ISPs, Global Crossing and Hurricane Electric, terminated service after getting reports from Security Fix about McColo's activities. Security Fix said it studied the company for four months before reporting the issue.

Security researchers have accused McColo of hosting the command-and-control servers for a number of well-known botnets, including Rustock and Srizbi. In a report on McColo featured on hostexploit.com, researchers predicted if McColo were depeered, worldwide spam output would likely be cut in half. Hostexploit.com published a similar report on ISP Atrivo earlier in 2008.

Ben Feinstein, director of operations for SecureWorks' Counter Threat Unit, said taking McColo offline may have a short-term positive effect on online crime. However, in the medium to long term there are plenty of other places that will host online criminals, or they can shift to using compromised servers where they don't have to pay anyone, he said.

To ISPs based in the United States, this may serve as an example of what could happen if they provide services in support of shady activities and the word gets out, Feinstein added. But at the end of the day, the upstream providers like Hurricane Electric are the ones that ultimately make the decision to stop Web hosts from doing business, he said.

As of the afternoon of Nov. 12, mccolo.com remained inactive.