Spam ISP McColo Cut Off From the Internet


You might recall we reported a while ago about ‘spam friendly’ ISP Intercage coming back online after having their plug pulled by upstream provider UnitedLayer.

They pledged to clean up their act though and drop their biggest client who was an Eastern European malware and phishing host.

This time another ISP has been suspected of hosting sites that partake in online crime, child pornography and phishing scams.

A U.S. Internet service provider suspected of aiding cybercriminals in online scams and hosting child pornography was at least partially cut off from the Internet on Tuesday night.

The ISP (Internet service provider), McColo, had been under the watchful eye of computer security analysts for years. It is one of a handful of so-called “bulletproof” hosting providers that provide safe haven online for cybercriminals selling Viagra and fake security software.

ISPs can connect with each other to exchange Internet traffic, a practice known as “peering.” Hurricane Electric, an ISP that carried a portion of McColo’s traffic, disconnected with McColo on Tuesday night. Global Crossing, an IP (Internet Protocol) network services provider also connected to McColo would not comment.

Any hosting provider that offers ‘bulletproof’ services rings alarm bells for me as that usually means they are willing to hide spammers/scammers and malware propagation as long as you keep paying the bills.

2 of their Internet peers have already disconnected them, you can see an interesting freemind map of some of the sites and activity they were linked to here.

The whole article can be found here: A Closer Look at McColo

The shutdown coincides with a damming new report authored by several computer security researchers who detail how McColo and other questionable service providers are linked to spam and cybercrime.

McColo’s shutdown “demonstrates that when presented with appropriate evidence of criminal activity, the Internet community can bring about the positive forces necessary to purge it,” the analysts wrote.

McColo, whose servers were located within the U.S., at one time hosted up to 40 Web sites with child pornography, the report said.

McColo also played a big role in spam distribution, said Richard Cox, CIO of Spamhaus, which tracks spamming operations. It hosted Web sites that could infect people’s computers with malicious software used for sending spam, he said.

Apparently there has been a noticeable drop in spam after McColo has been partially cut off from the Internet. There have been reports that a 60-75% reduction in overall spam has been measured after 2 of the McColo peers dropped them meaning the majority of their sites are unreachable.

That’s a huge amount coming from 1 ISP! I hope the other culprits in hosting such sites can be found and disconnected dropping the spam percentage to something that is easy for everyone to deal with.

Source: Network World

Posted in: Legal Issues, Spammers & Scammers

, , , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


3 Responses to Spam ISP McColo Cut Off From the Internet

  1. ethicalhack3r November 17, 2008 at 5:18 pm #

    I have recently finished a presentation on Phishing attacks for university. I may mention this as a form of defence/protection. I have also included user awarness, administrator action and spam filtering. I never even thought of the fact that the administrators encoraged it.

  2. navin November 18, 2008 at 7:30 am #

    spam will be back up to speed by christmas……however it feels nice to hear, even if temporarily, tht the good guys won!!

  3. Greg November 19, 2008 at 10:15 am #

    Slashdot had a short info about McColo resurrected for short to hand on their CC to other Russian pals