bit-tech.net

Huge drop in spam as McColo closes

Huge drop in spam as McColo closes

This graph from anti-spam firm SpamCop shows the precipitous drop in spam volume after McColo was dropped by its upstream provider.

If you've noticed that your spam load has been a little lighter of late, you've got one company to thank for it: McColo, a spam-friendly hosting company that shut down early this week.

While you might not think that a single company could be responsible for too much of the Internet's sewage, you'd be surprised: according to figures from security vendor MXLogic quoted by CNet world spam volume is down by approximately 50 percent – all from that one host.

Benny Ng, marketing director of McColo's main upstream provider Hurricane Electric, is credited with pulling the plug on the company's main source of bandwidth – although why it took him quite so long is another matter entirely.

Much of the investigative work that resulted in the spam sewer being plugged was performed, perhaps surprisngly, by Brian Krebs of the Washington Post. Krebs claims that the company, which was hosting command and control servers for hordes of virus-infected Windows machines worldwide, could be responsible for the co-ordination of up to 75 percent of all spam.

While that figure might be a little on the high side, anti-spam outfit IronPort claims that the McColo shutdown resulted in “a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries” - a dip the company initially thought was due to a technical problem.

Sadly, the reprieve is likely to be temporary: IronPort's Nilesh Bhandari says his company is seeing a “slow recovery” by the spammers as they relocate the botnet servers to new hosts, and his company “fully [expects] this to recover completely, and to go into the highest spam period ever during the holiday season.” The message is clear: enjoy the quiet while it lasts.

Have you noticed a drop in your own personal spam feed, or have the pill pushers and porn merchants been as busy as ever making sure you don't miss a single shill? Share your thoughts over in the forums.

23 Comments

Discuss in the forums Reply
plagio 14th November 2008, 13:34 Quote
good news indeed, unfortunately my inbox is still full of rolex replica, cialis and viagra spam
DarkLord7854 14th November 2008, 13:36 Quote
These kind of people need to be shot -.-
Kúsař 14th November 2008, 14:15 Quote
Is it really so hard for them to check from time to time what's running on their servers?
pendragon 14th November 2008, 14:49 Quote
props for killing the server...too bad it won't last :(
kenco_uk 14th November 2008, 15:00 Quote
Quote:
Originally Posted by LA Times

A September effort by Armin's team focused on another hosting company, Atrivo/Intercage, and when major Internet carriers dropped that company, spam fell 10%. Some Atrivo/Intercage customers switched to McColo, the new report says, and the volume went back up. More reports are being prepared.

"People thought the first community-source effort was a fluke," Ferguson said. "Now they see with McColo, it's not a fluke. The community can police its own backyard and purge the badness."


source: LA Times
supermonkey 14th November 2008, 15:03 Quote
I hope they get back up and running soon. My supply of Viagra, Cialis, and penis pumps is running a tad thin.

:p

-monkey
DarkLord7854 14th November 2008, 15:22 Quote
Quote:
Originally Posted by supermonkey
I hope they get back up and running soon. My supply of Viagra, Cialis, and penis pumps is running a tad thin.

:p

-monkey

What, you don't get the year-long supply offers? You need to sign up to better spam sites sheesh.
kosch 14th November 2008, 16:42 Quote
Spam gives me hope when I see it downloading it outlook it actually makes me think that someone might want to talk to me haha.
supermonkey 14th November 2008, 17:36 Quote
Quote:
Originally Posted by DarkLord7854
What, you don't get the year-long supply offers? You need to sign up to better spam sites sheesh.
For some reason, all my year-long supplies only last a couple weeks. :?

Am I taking too much?

-monkey
chrisb2e9 14th November 2008, 21:28 Quote
My gmail spam box had over 900 messages in it. So, I hope that wasn't 75% less than what there would of been!
Darkefire 15th November 2008, 00:17 Quote
How much of a blithering moron do you have to be to order stuff from a spam e-mail nowadays, or to click on a link from an unknown sender? Sooner or later you think we'd reach the point where the only people stupid enough to do these things are the ones too stupid to own or operate a computer.
The_Beast 15th November 2008, 00:37 Quote
I love spam


send me more please
PhenomRed 15th November 2008, 01:24 Quote
not having a home loan makes me impotent, according to leading spam-senders
rhuitron 15th November 2008, 05:08 Quote
Ding Dong the Witch is Dead!!!
naokaji 15th November 2008, 07:36 Quote
Spam? lol... not getting any, atleast not on my real email.
Seriously, all you need to fight spam are multiple emails, a real one you only give to close family and friends and then another one you dont care how much spam you get which you use everywhere else.
ParaHelix.org 15th November 2008, 10:21 Quote
75% of all spam could be from one company? Jesus, that's actually quite impressive.
mikeuk2004 15th November 2008, 10:37 Quote
Whats wrong with spam?? I eat it all the time, and they even sell battered spam now in Somerfield. Win :)
RTT 15th November 2008, 13:46 Quote
Quote:
Originally Posted by Kúsař
Is it really so hard for them to check from time to time what's running on their servers?

It didn't really work like that. Spammers were using servers at McColo to command botnets, the actual spam wasn't originating at McColo at all. I suspect they knew exactly what was going on but decided to turn a blind eye to it. Unfortunately it means that as soon as the spammers find a new home it'll all return to business as usual, this is likely to be just a temporary blip :(
g3n3tiX 15th November 2008, 18:33 Quote
The internet breathes a little better now, but sadly not for long.
kenco_uk 15th November 2008, 20:03 Quote
So downloading something from abit.tw takes 10 minutes instead of 17 1/2 days.
[USRF]Obiwan 17th November 2008, 07:39 Quote
Quote:
Originally Posted by kenco_uk
So downloading something from Abit.tw takes 10 minutes instead of 17 1/2 days.

Lol. how about asus.tw. in fact every tw is slow as hell. Because the Chinese government is backtracking everything on that moment.
kenco_uk 27th November 2008, 17:17 Quote
Not far off but better than before.. for the moment.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums