Web Provider Busted, Spam Drops
Since the ISP McColo was taken offline Tuesday by upstream provider Hurricane Electric, experts immediately noticed a significant decrease -- at least 35 percent -- in the level of spam worldwide. While the exact figure is still up for debate, experts speculate that the ISP was responsible for anywhere between 35 and 70 percent of the world's total spam.
"We've certainly enjoyed the reduction in spam the last couple of days," said Dave Marcus, security research manager for McAfee. "This organization was responsible for a lot of malicious activity. Putting them out of business was the right thing to do."
The drop in spam has been sustained for about 48 hours -- a record for spammers, experts say. McColo lost its Internet privileges Tuesday after upstream service provider Hurricane Electric disconnected from McColo, rendering its downstream ISP without most of its Internet traffic.
Hurricane Electric terminated its service with McColo shortly after a scathing report was released by a group of notable security researchers and vendors that lambasted McColo and other ISPs for hosting numerous Web sites known to cater to child pornography and malware. According to the report, McColo was known for carrying some world's largest botnets -- large networks of computers under the control of a remote attacker or group, usually programmed to forward malicious cyber campaigns.
And experts say that more legitimate providers will likely continue to disassociate themselves from ISPs that cater to illicit content such as child pornography, malware and e-mail scams. If anything, more upstanding nations will synchronize Internet policy and regulation, ultimately forcing less legitimate ISPs to venture to more remote shores, experts say.
"Countries that observe common standards for Internet traffic simply won't tolerate it anymore and certain countries will become havens as they are for terrorism and piracy. At that point it is more manageable," said Garth Bruen, CEO of e-mail security organization Project KnuJon, who contributed to the study.
However, experts say that spam will likely return to normal levels as McColo's customers regroup and find another provider through which to carry their phishing campaigns and malware.
"There are a dozen other shady pieces still out there that are not yet "active,'" said Bruen."The spammers are mercenaries. They get paid to promote a product, an illicit product. The people who pay them are going to demand better results or a refund, and the people paying them aren't very nice people, they're people with guns."
Even still, experts say that the McColo take down and ensuing difficulty spammers have had in distributing spam campaigns over the last two days will set a precedent in the future.
"This sends a good message. It sends the right message that this type of [spam] activity isn't going to be tolerated," said Marcus. "This just goes to show that it may take time for it to happen, we're still going to find some way of tracking (spammers) down and putting you out of business."
Bruen said that he and others are currently working on more research projects that will further unveil shady ISPs that host fraudulent and other illegal Web sites. And contrary to popular conceptions, numerous Internet providers hosting spam are actually located on U.S. shores, as opposed to being off-shore cyber criminals, Bruen said.
"We've been following a twisty road for several years and it did not necessarily lead us to dead ends and mysterious players. It led us to major Internet players and many in the United States," he said. "The next round [of research] may be even more shocking."