McColo was back online

The internet provider McColo had been taken off-line last Wednesday by two of its uplink providers. Investigations had revealed that McColo was running a botnet responsible for what would seem to be around 50% of all spam being sent.

Last Saterday they however managed to get internet access restarted temporarily via a new provider (Telia.net). Why this upstream provider was willing to provide McColo with internet access is unsure. Most commentaries point to either “lots of money” or “simple ignorance” being the the cause.

On Sunday Telia, swamped by complaints from security exports and others, shut down the uplink to McColo again. By that time, McColo had however been able to send a message out to a large amount of the computers they had hijacked, pointing them to a new datacenter in Russia from which they would be running this operation from now on.

Until now, spamlevels however haven’t gone up again. They’re still at more or less the same level as where they where on Thursday just after McColo had just been shut down. At least that’s what we see on our servers and the graphs Spamassing provides on the amount of spam reports per second seem to indicate the same thing.

More information on http://blog.fireeye.com/