Security experts say that the Cutwait botnet was one of the most notorious botnets, accounting for up to 35 percent of global spam levels in May, security experts said.

The FTC issued a complaint accusing the San Jose-based Pricewert, also known as 3FN and APS Telecom, of actively recruiting and colluding with criminals that sought to distribute illegal and malicious content that included child pornography, spyware, viruses, Trojan horses, phishing, botnet command and control servers and pornography featuring violence, bestiality and incest.

The FTC complaint, filed in the U.S. District Court for the Northern District of California, San Jose Division, also alleged that Pricewert actively protected its criminal clientele from detection by either ignoring take-down requests issued by the online security community or shifting its criminal elements to other Internet protocol addresses it controlled in order to evade detection.

The district court issued a temporary restraining order blocking Pricewert's illegal activities, freezing its assets and directing its upstream Internet providers to disconnect services with the rogue IPS. A preliminary hearing will be held June 15.

"Pricewert hosts very little legitimate content and vast quantities of illegal, malicious and harmful content," the FTC complaint stated. "Pricewert markets its services to domestic and overseas criminals by placing ads in the darkest corners of the Internet, including forums set up to facilitate communication between criminals. As a result of Pricewert's marketing efforts and its willingness to host content that legitimate ISPs will not, Pricewert's servers have become one of the leading U.S.-based havens for illegal, malicious and harmful content."

The FTC also claims that Pricewert played a significant role in deploying and operating botnets such as the notorious Cutwail, which was used to distribute spam and malicious code to steal information over the Web. The complaint alleged that the 3FN-hosted command and control servers controlled more than 4,500 pieces of malware used in cybercrime activities. The malware included keystroke loggers, password and data-stealing code, programs with hidden back-door remote controls and programs used for distributing spam.

Running at about 1 million nodes, Cutwail was one of the biggest botnets in history at its peak. Before the November 2008 shutdown of ISP McColo, Cutwail was linked to 25 percent of all spam, which climbed to 35 percent by the end of May 2009. The botnet was particularly known for a wave of Acai berry spam, one of its largest and longest-running spam campaigns.

In addition, the federal agency alleges that Pricewert was integral in recruiting and conspiring with bot herders in addition to hosting the command and control severs used to relay commands from the bot herders to the infected computers. The accusation was backed with transcripts of instant-message logs that show the ISP's senior employees discussing the configuration of botnets with bot herders, according to the complaint.

The Pricewert shutdown comes more than six months after renowned rogue ISP McColo was taken offline in November by its upstream provider. Following McColo's takedown, spam levels plummeted between 60 percent and 80 percent, representing record lows.

However, some security experts said that, unlike McColo, Pricewert's absence will not have a significant impact on the high volumes of spam, if any.

"It's not on the scale of McColo," said Vincent Weafer, vice president of Symantec Security response, which provided intelligence in the Pricewert shutdown. "We're not expecting to see a significant decline at all."

Matt Sergeant, MessageLabs Senior Antispam technologist, said that while spam levels will be slightly lower following the Pricewert takedown, Cutwail will likely make a comeback as spammers regroup. "The spammers learned that they can't put all their eggs in one basket and need to have backup command and control," he said.

Richard Wang, manager at SophosLabs U.S., echoed that following the McColo takedown, spammers and botnet operators learned that they needed to distribute control of botnets, in the event of a major McColo-like shutdown that forces the botnet offline. While Cutwail would be operating without all of its servers, the botnet operators would use the servers they still have to instruct the bots from elsewhere.

"They've learned the lessons of the McColo takedown," Wang said. "They can rebuild their network as long as they still have some control."

And while security experts maintain that the Pricewert shutdown would likely not lead to a significant decline in spam and malware volumes, the action could likely serve as a deterrent for similar ISPs hosting illegal and harmful content.

"The message here is that more and more we're seeing enforcement action against shady ISPs," Weafer said, adding that the Pricewert shutdown would also spark future litigation against rogue ISPs, which would compel cybercriminals to take their operations outside the U.S.

"With this kind of enforcement action, prosecution can and will occur," Weafer said. "And criminals won't look at the U.S. as a safe haven for these types of activities."