McColo shutdown won't stop spam, malware

McColo shutdown won't stop spam, malware

Tags:   anti-SPAM  Email and messaging threats (phising, spam)  McColo  security threats

By Dennis Fisher, Executive Editor | Nov 14, 2008

For years, security experts, antispam activists and law enforcement agencies have known where to find the Internet's worst spammers and malware distributors, but there was little they could do with that knowledge. The patchwork of international laws governing computer crime, along with the reluctance of some Internet service providers to pull the plug on customers accused of wrongdoing, have contributed in keeping many of these illegitimate businesses operating.

But now the tide is beginning to turn. First came the news that ICANN had decided to de-accredit EstDomains, an ISP notorious in the security community for serving as a haven for malware authors and spammers. Then earlier this week, the upstream providers for McColo Corp. killed their connections to the hosting provider, which has been known in security circles as another home base for malware and spammers, as well as alleged child pornographers. This effectively cut McColo off from the Internet, resulting in a significant drop in global spam levels. Symantec Corp. said on Thursday that it had seen spam levels decline 65% since Tuesday, and other messaging security providers reported similar drop-offs.

These are rare success stories in the fight against spam and malware, but security experts have no illusions that this is the beginning of the end of spam and malware, or that the drop-off will even last more than a few days.

"There are a lot of different issues involved. The folks involved in spam gave up on whack-a-mole model, where as soon as you take an ISP down and malware hosting and command and control along with it, then they move to another network," said Danny McPherson, vice president and chief security officer at Arbor Networks Inc. "Everyone understands where they are for a while and then they move somewhere else. They just take their address space and announce it elsewhere and they're back in business."

SearchSecurity radio:

In fact, McPherson said that some of the people involved with McColo, which is based in San Jose, Calif., are trying to get their address space announced somewhere else on the Internet right now.

"When that happens, they'll be right back at it," he said.

McPherson, who has been studying the spam and botnet problem, along with his colleague at Arbor, Jose Nazario, said that part of the reason there have been a string of wins recently against spammers and botnet operators is the increase in cooperation among security researchers, ISPs and others interested in stopping the problem. There has always been a loose-knit community of activists working to take down phishing sites and spammers whenever possible, but the level of cooperation by ISPs and law enforcement has been spotty, for a variety of reasons.

For ISPs, the problems arise from the contracts they have with their customers. Simply pulling the plug on a suspected spammer or malware-hosting service is not usually an option; the ISPs need solid proof. And gathering that proof takes time and effort, which many service providers don't have the resources to handle.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Top 10 tips for protecting sensitive data from malicious insiders
Cybercriminals target healthcare records
PCI tokenization on the rise
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS