McColo, a Web hosting firm believed to be responsible for hosting roughly three-quarters of the world's spam, goes offline. Two of the firm's primary ISPs reportedly cut ties with the company after receiving evidence of McColo's ties to botnets and cyber-crooks.
A Web hosting firm reportedly responsible for hosting roughly 75 percent of the
world's spam went offline Nov. 11 after its primary Internet providers cut
the company off.
According to the
'Security
Fix' blog in the Washington Post, McColo's two main ISPs, Global Crossing
and Hurricane Electric, terminated service after getting reports from Security
Fix about McColo's activities. Security Fix said it studied the company for
four months before reporting the issue.
Security researchers have accused McColo of
hosting
the command-and-control servers for a number of well-known botnets,
including Rustock and Srizbi. In a
report
on McColo featured on
hostexploit.com, researchers predicted if McColo
were depeered, worldwide spam output would likely be cut in
half. Hostexploit.com published a similar report on ISP Atrivo earlier in
2008.
Ben Feinstein, director of operations for
SecureWorks' Counter Threat Unit,
said taking McColo offline may have a short-term positive effect on online
crime. However, in the medium to long term there are plenty of other places
that will host online criminals, or they can shift to using compromised servers
where they don't have to pay anyone, he said.
To ISPs based in the United States, this may serve as an example of what
could happen if they provide services in support of shady activities and the
word gets out, Feinstein added. But at the end of the day, the upstream
providers like Hurricane Electric are the ones that ultimately make the
decision to stop Web hosts from doing business, he said.
As of the afternoon of Nov. 12, mccolo.com remained inactive.
Editor's Note: This story was updated to add comments from
SecureWorks.
Email
Print
