Computer Crime Research Center


Spam traffic plunges after report blames server hosting company

Date: November 14, 2008

Microsoft Corp. founder Bill Gates' 2004 proclamation that the spam problem would be solved within two years has proved a bitter joke, with unsolicited messages doubling yearly to make up about 90% of mail transmitted on the Internet.

But this week, the tide turned. The number of unwanted, offensive and misleading e-mails sent across the globe plummeted by about two-thirds, to a mere 60 billion or so a day by Thursday, according to spam filtering companies.

The surprising respite had very little to do with the hundreds of millions of dollars that corporations and consumers have spent on anti-spam software or with the lawsuits and criminal cases brought against spammers in the last decade.

Instead, a ragtag band of researchers pulled off the unprecedented coup of drastically cutting the spam volume by adopting a new strategy: going after mainstream U.S. companies that can unknowingly help spammers, identity thieves and child porn purveyors by carrying their traffic on the Internet.

Few expect the relief to last. The major anti-virus firm Symantec Corp. predicted a return to the previous level by Christmas.

"Enjoy it while you can," said Doug Bowers, the company's senior director of anti-abuse engineering.

But the rare victory gives hope to those combating spam and other "malware" by showing that even as the bad guys get smarter, new strategies can make a difference.

"I'm not under the illusion that it's going to last forever, but it's nice to have these small victories," said Paul Ferguson, an advanced threat researcher at software security company Trend Micro Inc. who contributed to the effort.

He and other analysts circulated a dense report Wednesday that blamed some companies for allowing spam to proliferate. Two big providers of Internet connections named in it -- Hurricane Electric Internet Services and Global Crossing Ltd. -- acted quickly to cut ties to the core subject of the document, a little-known Silicon Valley company called McColo Corp. that rents out servers to clients.

The researchers didn't say whether McColo knowingly aided criminals, but they described some of the nefarious activities conducted on some websites the company hosted. Among other things, McColo reportedly enabled its customers to control vast networks of hijacked computers to send spam and take payments for fake anti-virus software.

"We got the report, and it looked pretty damning," said Benny Ng, director of infrastructure at Hurricane Electric, of Fremont, Calif. "They were a client of ours, and we turned them off."

Global Crossing did the same thing, security researchers said, though it didn't respond to interview requests.

McColo didn't answer messages seeking comment, and its website was off-line late Thursday. The company is now under FBI scrutiny, people familiar with the case said. An agency spokesman said the FBI wouldn't confirm or deny an active investigation.

Among other things, the researchers alleged that McColo operated servers that were used to control armies of drone computers that sent spam and siphoned financial information from those computers' owners, as well as servers used in offering child pornography.

The criminal groups that allegedly used McColo are largely believed to be based overseas. The groups now have to find other service providers.

"They're just like cockroaches; they'll scurry and set up operations other places," Ferguson said. "We're watching them do it, and maybe we'll be able to identify who is pulling the strings in Eastern Europe."
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-12-24 12:39:16 - Dear sir, I want to report one company... Tom Rojer
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo