[ insider_reports_insider ]
75 Percent Of World’s Spam Knocked Offline
SecurityProNews
Staff Writer
2008-11-13
 Insider Reports RSS Feed
Score one for the security industry-a big one, a massively ginormous and temporary strike against spam. A slew of security companies and the Washington Post tracked massive amounts of spam back to one San Jose-based hosting company, now offline, and 75 percent of the world's spam went offline with it-for about 12 hours.
 | | 75 Percent Of World's Spam Knocked Offline |  |
But hey, that's a pretty good leap right?
Alert after alert went out about spam operations tracing back to McColo Corp. servers. Complaints were made to the company, which gave lip service about addressing the issue before simply moving offending clients to different addresses.
Spam traced back to McColo servers covered pretty much all forms, from pharmaceutical spam to child pornography hosted there. Upon the evidence, two providers, Global Crossing and Hurricane Electric took the company offline.
"MessageLabs documented a massive drop in spam volume to levels eight times less than typical volumes for a period of 12 hours immediately following the takedown before spam levels began to rise again, proving that taking out the kingpin members of the underground spam economy can have a massive effect on global spam levels," Matt Sergeant, Senior Anti-Spam Technologist for MessageLabs told SecurityProNews.
"First with Atrivo and now the demise of McColo is a testament to how community action is absolutely vital in the fight against spam."
Said community, which also includes the investigative security reporting from the Washington Post, was made up of SecureNetworks, FireEye, ThreatExpert, and SysInternals, and published data confirming McColo as the host for all of the top botnets.
It's unclear what, if any, criminal charges can be made against McColo. Most laws regarding hosting companies protect them from liability for third-party content. However, there may be grounds for exception if the company knowingly hosted illegal content, which in this case includes copyright infringing content and child pornography.
While this is a major coup, realists understand that massive takedowns like this only spread out offenders across the Web as they relocate to other dummy hosting providers. But recent actions by service providers and by ICANN, which used a contract breach to takedown a Russian network, have shown more aggression toward where malicious content is known to be hosted.
Indeed, researchers seem to be getting more skilled at locating, even manipulating sources of spam. For a recent study out of Berkeley and UCSD, researchers successfully hijacked the Storm botnet to study the profitability of spam. The study concluded it was unlikely offenders were spread out over third-party affiliate networks. Spammers and the malicious websites they attempt to lure people to were likely run by the same central operation. For example, to generate a profit, a pharmaceutical site selling knockoff drugs is likely to be run by the same people generating botnets.
In the future, then, it's likely security experts will find ways to target hives of malicious material, as it seems taking one offender down could be highly efficient.
View All Articles by SecurityProNews
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
