One of the largest spamnetworks taken down

Amounts of spam arriving on servers drops by over 50%

Based on evidence gather by Washington Post reporters and the security industry, the hosting provider McColo Corp from San Jose, California, has been cut off. At least two large uplink providers for McColo have shut down their up link to them (Global Crossing and Hurricane Electric). It is assumed that this was 90% to 100% of the full internet capacity of McColo.

McColo turned out to be responsible for operating one of the largest botnets in the world (if not thé largest). Such botnets consist mostly of computers infected by virusses, which enables them to be abused to route spam. Spammers route their mails through such botnets to wipe out traces that could lead back to their real network. In this case investigators however did find out the real source of all this traffic: McColo.

The network connection of McColo was disconnected on Tuesday evening. Spam logs on our servers confirm the difference this made, with the amount of spam going down by 48%. Other are reporting difference varying between 40 and 60%. The difference can also be clearly seen on the graph published by spamcop.net showing the amounts of spamreports they receive.  You can see this dropping from between 20 to 30 messages to around 10 messages per second.

Question now is how long this drop will sustain. When Atrivo went offline in September spam amounts did also drop noticeably. But those spammers have found other ways to restart their operations. A couple of days later, spam levels where up at their previous level again. It is expected that taking down McColo will also only have a temporal effect. But at least it’s not making life easy for those spammers.