You have commented 358 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
-Lurid Crime Tales-
Major Source of Online Scams and Spams Knocked Offline
2008-11-13
A true public service was done.
A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network.

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today. On Monday, Security Fix contacted the Internet providers that manage more than 90 percent of the company's connection to the larger Internet, sending them information about badness at McColo as documented by the security industry.

On Tuesday afternoon, I heard back from Global Crossing, one of McColo's major Internet providers. Their spokesman declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.

Two hours later, I heard from Benny Ng, director of marketing for Hurricane Electric, the Fremont, Calif., company that was the other major Internet provider for McColo. Hurricane Electric took a much stronger public stance: "We shut them down," Ng said. "We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."
Hadn't noticed before, they hadn't, nope, nope ...
As of this writing, McColo's Web site is no longer available. In fact, I pinged no fewer than three different researchers who have tracked activity at McColo for many months: None could find a single Internet address assigned to the hosting provider that was still reachable. Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site before the site was taken offline.
Posted by:Steve White

#9  They didn't catch any spammers, just got the network shut off to one of their nests. They will build a new nest and be back online in a week or two.
Posted by: Phinetle Squank7785   2008-11-13 18:14  

#8  Plenty more potential spammers where these came from.
Posted by: Anguper Hupomosing9418   2008-11-13 15:08  

#7  So, you guys started building the gallows yet? I've got some plywood and 2x4s in the garage if you need them. And a nail gun. Come to think of it, let's dispense with the hanging and just use the nail gun on them; cheaper that way.
Posted by: Mike   2008-11-13 11:40  

#6  Looks like Patti won't be asking me out on dates anymore!
Posted by: gorb   2008-11-13 06:36  

#5  Oh, noes! Where will I get my paenis enarglement pills from now on?!
Posted by: anonymous5089   2008-11-13 05:27  

#4  Didn't someone assassinate a big-time spammer in Moscow a couple of years ago?
Posted by: Atomic Conspiracy   2008-11-13 04:13  

#3  Some interesting points raised on this subject in a different forum:

At the very least, it seems that this makes any prosecution more difficult. While it appears that folks did a great job of following the network connections--to nail the individuals involved you need to follow the money. Even worse, what if the FBI *was* investigating them already, and now their target has been shut down? Unless there was behind-the-scenes cooperation that hasn't been reported, someone (on either the technical or law enforcement side) was not behaving responsibly. This should have been a coordinated shutdown--simultaneously involving closing network connections and arresting individuals.

Secondly, aren't we still playing whack-a-mole here? The network controlled over a million compromised PCs. Those machines are still compromised. Since the individuals who controlled them are evidently still at large, I think it's safe to assume that the keys to those machines are still out there. If that's the case, then those machines will be up and spamming again inside of a week. The only thing that might delay that would be if the primary payment processors really were taken offline as well. I don't want to open the "counter-virus" can of worms. But how hard would it have been to identify the control sequences for those PCs and change them to random sequences? Shutting down a central control center is good news, but taking 1.5 million PCs permanently (at least until next infection) out of a botnet would be really impressive.

Maybe more information will prove me wrong, but right now this seems more like a lost opportunity than a great success. I was quite surprised to hear that so many operations were centralized in one place. I doubt that opportunity is going to come again.
Posted by: crosspatch   2008-11-13 02:22  

#2  One down, two to go.
Posted by: newc   2008-11-13 00:33  

#1  This could explain why we are seeing rather amateurish spamming activity; by the next generation of trainees...
Posted by: badanov   2008-11-13 00:16  

00:00