Single shutdown cuts internet spam by two-thirds
As difficult as it is to believe, internet security experts believe that the overall worldwide volume of spam was reduced as much as 66 percent by the recent shutdown of a single Web host in San Jose, CA. This Web host was not only responsible for huge volumes of spam, but also allegedly hosted illegal child pornography. The spam operations hosted by the company included the use of bot-nets, which are responsible for huge volumes of spam emails every day.
In an investigation led and reported by the Washington Post and CNN Money, and involving ISPs Global Crossing and Hurricane Electric, a small hosting service named McColo Corp was found to be responsible for a very high percentage of the world’s spam traffic. As soon as Global Crossing and Hurricane Electric removed McColo’s access to the internet, internet security firms began to see a drop of as much as 66 percent in the volume of spam worldwide.
This incredible volume of spam was made possible by the use of botnets controlled from the McColo servers. Botnets are made up of millions of compromised personal and business PCs, infected by the use of worms and Trojan horses, and controlled from a remote location such as McColo. Generally, the user of the hijacked computer remains unaware that their system is being used for nefarious or illegal activities.
Will McColo be prosecuted? Mark Rasch, a former Justice Department cyber-crime prosecutor now consulting privately, said “It’s a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours and not suspecting their may be drug activity going on. There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags. And to have so many third parties looking at the volume and content from this Internet provider saying ‘This is outrageous,’ clearly the people doing the hosting should know that as well.” It seems that prosecution is certainly an option.
But operations like the ones previously hosted at McColo can often be relocated quickly and put back into business. It remains to be seen if the reduction in spam will be permanent, or will even last very long. Spammers have stayed ahead of criminal prosecutors for years. Perhaps the techniques used in this investigation can be used again to track these and other spammers to their internet homes, and to continue to shut them down.
Related Posts:
November 16th, 2008
We need more of these takedowns, and more “white hat” researchers hacking the bots. An concerted effort for just a few eeks could make it so unprofitable to continue it might take years to get back to prior levels of spam.
November 17th, 2008
It seems like this investigation took a very direct route to the heart of the problem. Maybe we learned something from this. I hope so.