Daily Spam Down 75% After ISP McColo Is Cut Off By Providers

By Dee Chisamera
08:43, November 14th 2008

Spam world received a major hit on Wednesday, when U.S. based ISP McColo Corp., which offered Web hosting services, was taken down after being linked to suspicious activities. The move was possible following reports from Washington Post’s Security Fix, which had been tracking McColo’s activities for the past four months.

According to Security Fix, among McColo’s clients were some of the most prolific cyber-criminal gangs today. Their activities include spam, malware, rogue PC security products, fraud and even child pornography.

One day after taking down McColo Corp, spam activities drastically dropped almost 2/3, thus confirming the role played by McColo in distributing spam e-mail. According to SecureWorks estimations, McColo’s activity accounted for 75 percent of all spam sent daily in the United States.

After contacting McColo’s Internet providers on Monday, Security Fix found out on Tuesday that first Global Crossing, then Hurricane Electric, cut off McColo’s Internet traffic. According to a Global Crossing spokesperson, the company is fully cooperating with law enforcement in the McColo case.

Furthermore, Benny Ng, director of marketing for Hurricane Electric, said they decided to shut McColo down after assessing the situation: “We looked into it a bit, saw the size and scope of the problem you were reporting and said ‘Holy cow!’ Within the hour we had terminated all of our connections to them,” Ng told Security Fix.

According to researchers at e-mail security firm IronPort, the spam volume dropped immediately, from an average of 190 billion spam messages per day, to an average of 112 billion. Nilesh Bhandari, product manager at IronPort, explained that even though we might see a decrease in activity now, spam levels will go back to “normal” soon, when either other ISPs will take over McColo’s role, or perhaps McColo will be back in business, probably from another control center where they will be less likely to be interrupted.

The report comes two months after the Intercage, a.k.a. Atrivo, incident, when the California-based Internet Service Provider, which was in fact a major hub for cyber crime, was also cut off by its upstream providers. In Atrivo’s case, the spam traffic only dropped for a short period of time, until the spammers went back on business soon after. This is why it would come as no surprise if the spammers in the McColo case will quickly find a new host.

Despite that, things appear to be moving in the right direction. Just last month, the Federal Trade Commission announced taking down a vast international spam ring, responsible for flooding inboxes with prescription drug and Viagra offers. The spam gang was said to be the world’s largest, with activities running internationally. The FTC reported they had sent billions of e-mails with false header information, directing consumers to sites operated by them. Furthermore, they were found guilty of violating the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003.