Notorious Spam-Linked Web Hosting Service Goes Offline

 
 
By Brian Prince  |  Posted 2008-11-12 Email Print this article Print
 
 
 
 
 
 
 

McColo, a Web hosting firm believed to be responsible for hosting roughly three-quarters of the world's spam, goes offline. Two of the firm's primary ISPs reportedly cut ties with the company after receiving evidence of McColo's ties to botnets and cyber-crooks.

A Web hosting firm reportedly responsible for hosting roughly 75 percent of the world's spam went offline Nov. 11 after its primary Internet providers cut the company off.

According to the 'Security Fix' blog in the Washington Post, McColo's two main ISPs, Global Crossing and Hurricane Electric, terminated service after getting reports from Security Fix about McColo's activities. Security Fix said it studied the company for four months before reporting the issue.

Security researchers have accused McColo of hosting the command-and-control servers for a number of well-known botnets, including Rustock and Srizbi. In a report on McColo featured on hostexploit.com, researchers predicted if McColo were depeered, worldwide spam output would likely be cut in half. Hostexploit.com published a similar report on ISP Atrivo earlier in 2008.

Ben Feinstein, director of operations for SecureWorks' Counter Threat Unit, said taking McColo offline may have a short-term positive effect on online crime. However, in the medium to long term there are plenty of other places that will host online criminals, or they can shift to using compromised servers where they don't have to pay anyone, he said.

To ISPs based in the United States, this may serve as an example of what could happen if they provide services in support of shady activities and the word gets out, Feinstein added. But at the end of the day, the upstream providers like Hurricane Electric are the ones that ultimately make the decision to stop Web hosts from doing business, he said.

As of the afternoon of Nov. 12, mccolo.com remained inactive.

Editor's Note: This story was updated to add comments from SecureWorks.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel