Internet providers cut off host of spam e-mail
The volume of junk e-mail sent worldwide may have dropped drastically Wednesday after a San Jose Web-hosting firm, identified by many in the computer security community as a major host of organizations engaged in spam activity, was taken offline.
McColo Co., which computer security experts say serves as a U.S. staging ground for international firms that sell items including counterfeit pharmaceuticals and child pornography, ceased operations after two Internet providers blocked Web access.
SecureWorks, an Atlanta security-services provider, estimates that McColo was responsible for 75% of all spam sent in the U.S. each day.
Telecommunications carrier Global Crossing, a Bermuda company with U.S. operations in New Jersey, would not say why it cut off the company’s Internet access, but said Global Crossing’s policy prohibited “malicious activity.”
Benny Ng, director of marketing for Hurricane Electric, a Fremont, Calif., company that served as MoColo’s other Internet provider, said it decided to block the host firm after reading about allegations against McColo.
“We shut them down,” Ng said. “We looked into it a bit, saw the size and scope of the problem. . . . Within the hour, we had terminated all of our connections to them.”
McColo officials did not respond to several e-mails, phone calls and instant messages.
Paul Ferguson, a threat researcher with computer security firm Trend Micro, said that despite the actions by McColo’s Internet providers, U.S. authorities should have looked into the company and its customers a long time ago.
“There is damning evidence that this activity has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network,” he said. “It’s a statement on the inefficiencies of trying to pursue legal prosecution of these guys that it takes so long for anything to be done about it.”
It is unclear the extent to which McColo could be held responsible for the activities of the clients for whom it provides hosting services. It is also unclear what action U.S. law enforcement has taken regarding McColo. A spokesman for the FBI, which investigates cyber crimes, declined to comment.
Mark Rasch, a former cyber-crime prosecutor for the Justice Department and managing director of FTI Consulting in Washington, said Web-hosting providers generally are not liable for illegal activity carried out on their networks except in cases involving copyright violations and child pornography.
In 2001, BuffNET, a large regional service provider in Buffalo, N.Y., pleaded guilty to knowingly providing access to child pornography because the company failed to remove the Web pages after being alerted to the material.
“It’s a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours,” Rasch said. “There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags.”
A number of security researchers have published reports over the last year alleging that McColo hosts the top robot networks, or “botnets,” which are vast collections of hacked computers networked together, to blast out spam or attack others online.
Joe Stewart, director of malware research for SecureWorks, said botnets such as “Mega-D” or “Srizbi,” which are known to send e-mails about prescription drugs, have had their master servers hosted at McColo.
Although security experts who have been seeking to stop McColo from allegedly hosting questionable sites are pleased to see the company lose its access, some are worried that it will only make it harder to track illegal activity.
“Everything will just be more spread out and harder to mitigate,” Stewart said. “We rather like knowing where the bad activity is coming from, so protecting our networks is easier.”
