by Blight Crusader

You’ll have to forgive me for using the same source almost all week long here, but I was tipped off earlier that the washingtonpost.com technology blog “Security Fix” had a big scoop brewing, and I have to say they did not disappoint. While I combed the blog earlier this week for minor stories, this is truly the motherload in the bot-fighting world.

I heartily encourage everyone to read the full and complete story for themselves.

What it all boils down to is this: the “Security Fix” blog identified the McColo Corporation (based in San Jose, California) as the primary host for all kinds of online slime, then contacted their internet service providers and demanded to know why they were putting up with such online criminal activity. And McColo was promptly shut down — which (unbelievably) could significantly decrease the total amount of fraudulent traffic on the net by three-fourths, in one swift stroke. From the article:

The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm, identified by the computer security community as a major host of organizations engaged in spam activity, was taken offline.

While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for a full-scale cyber crime offensive against America, security experts say a relatively small firm at that location is home to servers that help manage the distribution of the majority of the world’s junk e-mail.

According to these experts, the servers are operated by McColo Corp., a Web hosting company that has emerged as a major U.S. staging ground for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography.

But the company ceased to be reachable yesterday online, when two Internet providers turned off MoColo’s [sic] connectivity to the Internet.

Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company’s Web site. It’s not clear what, if anything, U.S. law enforcement is doing about the alleged activity happening at McColo. An FBI spokesman declined to offer a comment for this story. The U.S. Secret Service could not be immediately reached for comment.

Seriously, the entire article should be required reading for anyone even slightly interested in internet security. From further on in the article:

Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or “botnets,” which are vast collections of hacked computers that are networked together to blast out spam or attack others online.

Joe Stewart, director of malware research for Atlanta based SecureWorks, said that these known criminal botnets: “Mega-D,” “Srizbi,” “Pushdo,” “Rustock” and “Warezov,” have their master servers hosted at McColo.

Stewart said he has complained to McColo several times about botnets operating out of the company’s servers, and each time, he said, the company claimed it was addressing the problem. They did so, however, by just moving the offending Web sites to a different section of their network.

“McColo runs a service that offers its clients quite a bit more protection from takedowns than the average Web host,” Stewart said. “If they get abuse complaints they will try to appease whoever is complaining, but the end result is usually they just end up moving their Internet addresses around.”

Collectively, these botnets are responsible for sending roughly 75 percent of all spam each day, according to the latest stats from Marshal, a security company in the United Kingdom that tracks botnet activity.

Truly, the entire article is worth reading to understand how momentous a victory this is against the battle against forces of evil on the internet. I encourage everyone to read it in full.

Tags: bot, botnet, Bots, McColo

This entry was posted on Thursday, November 13th, 2008 at 4:17 am and is filed under Articles, Blight News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.