Net provider accused of coddling crooks yanked offline • The Register (http://www.theregister.co.uk/2008/11/12/mccolo_goes_silent/)

Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com) (http://voices.washingtonpost.com/securityfix/)

Major Source of Online Scams and Spams Knocked Offline

A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network.

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today.

You always hear about these international spam gangs, etcetera.. but if it's true that this web hosting service was knowingly hosting spammers, DDOS botnet clients, even (apparently) hosting child porn sites here in the US... I'm not only for throwing the book at them, I'm for throwing the Encyclopedia Brittanica at them!

Apaprently all the spammers and scammers are scrambling for new hosting.. currently there has been a 50% decrease in spam. If the Internet ever becomes the superregulated nofun zone that all the technologists gloomily predict it will be come, it will because the spammers and scammers ruined it for everyone

Further info from The Register:

Some researchers claimed McColo provided the connectivity that was responsible for more than half the world's spam. McColo's dissolution was immediately followed by a marked decrease in spam and botnet activity, they said.

"In our own database we have been tracking a few dozen botnets that phoned home to McColo IPs as well as nearly 1000 distinct URLs from hundreds of different malcode samples, Arbor's Jose Nazario wrote here. "These guys ran a dirty operation.

Statistics from SpamCop showed a drop in the amount of spam being blasted out to the world. Starting Tuesday afternoon, spam volumes dropped from about 30 junk messages being sent every second to less than 15 at time of writing.

"When McColo went off the net yesterday we saw a very dramatic fall-off of botnet activity on the internet as the 'command and control' servers for many botnets were on McColo," Spamhaus chief executive Steve Linford wrote in an email.

The take-down of McColo comes two months after Intercage, another network provider with a sullied reputation, was disconnected by its last remaining transit providers. The termination created a brief decline in spam and malicious net activity, but most of the bad actors that used Intercage have since found new providers, researchers have said.

McColo's demise came as a new report claimed the provider enables a host of bad actors on the internet. In addition to spammers and botnet operators, at least 40 websites, nameservers or payment services used for child pornography were also recently found to be hosted by McColo, according to the report.

Long overdo, if you can lose money by hosting bad eggs than you might want to stick to legitimate web services. Eventually they'll run out of places to do their spam cheap, and the lazier spammers will give it up for some new scam.

The solution to spam is easy - simply design email servers so the user has to approve the email address for incoming emails. I don't understand why every email server doesn't do this.

I have two home accounts and one work account and the total number of spam I got this year probably totals less than 10. Don't know why exactly. Good filters on the hosts and firewalls, I guess.

The solution to spam is easy - simply design email servers so the user has to approve the email address for incoming emails. I don't understand why every email server doesn't do this.

That puts far too much burden on the average user.

That puts far too much burden on the average user.

I'd quit any e-mail provider that forced this on me.

I think GMail's spam filters are pretty solid. I don't remember the last time something slipped through (not to be confused with junk email, like the weekly offers from Ticketmaster which I receive because they have my address).

The solution to spam is easy - simply design email servers so the user has to approve the email address for incoming emails. I don't understand why every email server doesn't do this.


I will echo what others say in saying that it would be fairly difficult for me to do my job if I had to go in and explicitly list each person that I wanted to be able to email me.

I actually never have really had any problem with spam though.. the trick is to never use your real email address for anything, anywhere (including signing up for various forums). Have an account that you create specifically for that function and always use it. Then your real email address is used between friends, family and what not.


As for this story/article, the part that I find most interesting is the response from the providers for this company. Global Crossing and Hurricane Electric both eventually pulled their connections after the Washington Post exposed their "proof" of the story. My belief is that it likely was more phrased like the Washington Post was about to publish a story on this, and the providers can either choose to do something about it or take the black eye that they were knowingly supporting kiddie porn.

With the reported amount of bandwidth that this company was using, it is virtually impossible that someone at those providers did not have some idea that something was up. A pretty telling sign on how far those companies chose to go for the all mighty dollar in my opinion. (Not that I have personally chosen to do anything with Global Crossing since before they filed for bankruptcy about 4-6 years ago anyways though).