Published: Thursday, November 13, 2008
Big spam host is is booted off the Web
WASHINGTON -- The volume of junk e-mail sent worldwide may have dropped drastically Wednesday after a Web-hosting firm, identified by many in the computer security community as a major host of organizations engaged in spam activity, was taken offline.
McColo, a San Jose Web-hosting company that, according to computer security experts, serves as a U.S. staging ground for international firms that sell items from counterfeit pharmaceuticals to child pornography, ceased operations after Internet providers blocked Web access.
SecureWorks, an Atlanta security-services provider, estimates that McColo was responsible for 75 percent of all spam sent in the United States each day.
Global Crossing, a Bermuda company with U.S. operations and one of the two companies that provided Internet access to McColo, would not say why it cut off the company, but said its policy prohibits "malicious activity."
Benny Ng, a director for Hurricane Electric, a California firm that served as McColo's other Internet provider, said it decided to block the firm after reading about allegations against McColo.
"We shut them down," Ng said. "We looked into it a bit, saw the size and scope of the problem ... Within the hour, we had terminated all of our connections to them."
A number of security researchers have published reports over the past year alleging that McColo hosts the top "botnets," or vast collections of hacked computers networked together, to blast out spam or attack others online.
Joe Stewart, director of malware research for SecureWorks, said botnets such as "Mega-D" or "Srizbi," which are known to send e-mails about access to prescription drugs, have had their master servers hosted at McColo.
Although security experts who have been seeking to stop McColo from allegedly hosting questionable sites are pleased to see the company lose its access, some are worried it will only make it harder to track illegal activity.
"Everything will just be more spread out and harder to mitigate," Stewart said. "We rather like knowing where the bad activity is coming from, so protecting our networks is easier."
McColo, a San Jose Web-hosting company that, according to computer security experts, serves as a U.S. staging ground for international firms that sell items from counterfeit pharmaceuticals to child pornography, ceased operations after Internet providers blocked Web access.
SecureWorks, an Atlanta security-services provider, estimates that McColo was responsible for 75 percent of all spam sent in the United States each day.
Global Crossing, a Bermuda company with U.S. operations and one of the two companies that provided Internet access to McColo, would not say why it cut off the company, but said its policy prohibits "malicious activity."
Benny Ng, a director for Hurricane Electric, a California firm that served as McColo's other Internet provider, said it decided to block the firm after reading about allegations against McColo.
"We shut them down," Ng said. "We looked into it a bit, saw the size and scope of the problem ... Within the hour, we had terminated all of our connections to them."
A number of security researchers have published reports over the past year alleging that McColo hosts the top "botnets," or vast collections of hacked computers networked together, to blast out spam or attack others online.
Joe Stewart, director of malware research for SecureWorks, said botnets such as "Mega-D" or "Srizbi," which are known to send e-mails about access to prescription drugs, have had their master servers hosted at McColo.
Although security experts who have been seeking to stop McColo from allegedly hosting questionable sites are pleased to see the company lose its access, some are worried it will only make it harder to track illegal activity.
"Everything will just be more spread out and harder to mitigate," Stewart said. "We rather like knowing where the bad activity is coming from, so protecting our networks is easier."
Comments
(
