Spam volume drops after McColo servers forced offline
My incoming volume of Spam email has dwindled this week, steadily, since Tuesday, November 11. I have waited a few days to write about this in order to see how matters played out. Interestingly, Tuesday was also Veterans' Day in the USA and Armistice Day around the World. Coincidentally, there was a temporary armistice between the senders of spam and the targets of their spam messages. This armistice occurred around 1:30 PST in San Jose, California, USA.
Something major happened on Tuesday, November 11, 2008, that resulted in the huge drop in the volume of spam hitting my MailWasher Pro spam filtering program. It was on Tuesday afternoon, November 11, 2008, that Internet Backbone and Colocation Provider Hurricane Electric and global IP-based network Global Crossing terminated their Internet peering connections to the web server colocation hosting company known as McColo Corporation, located in San Jose, California. They did this after being presented with irrefutable evidence of long-term extreme badness being conducted by the hosting customers of McColo. It is estimated that up to 75% of the spam sent out on a daily basis is run by Command and Control servers hosted on machines at McColo's facilities. Without being commanded to receive new spam templates and then send out spam runs, the zombie PCs in numerous Botnets fell silent over the last few days.
This badness conducted by the McColo customers includes various unfriendly and illegal activities, including, but not limited to the following:
- Hosting distribution machines for malware executables and browser exploits, to be served to innocent web surfers drawn there by trickery, to infect their computers with Trojans and make them members of botnets.
- Command and Control over the World's most prolific Botnets, the members of which are remotely controlled to send spam, host malware laden web pages, or launch denial of service attacks on behalf of the Bot Masters.
- Hosting fake anti virus and rogue anti spyware scanners, used to scam victims into paying for useless removal programs. The so-called removal programs in fact only remove the pop-up notices, or balloon messages, or phony screensavers or desktop backgrounds that are made to resemble a Windows BSOD. They operate in collusion as a tandem infection.
- Hosting Phishing web sites that steal login credentials from banking customers, then empty their bank accounts, or make unauthorized purchases with their stolen credit card accounts.
- Hosting of illegal child pornography.
- Hosting of payment portals and systems by means of which cyber criminals receive payments.
- Hosting servers that are used to store information stolen by means of Phishing or Dictionary attacks against innocent parties.
- Databases containing the names and locations of Bot Masters, cyber criminals, pornographers and spammers.
- The hosting of fake pharmacy websites and payment systems.
- Launching DDoS attacks against the Republic of Georgia infrastructure and Government websites, and against other legitimate governments and companies.
McColo hosted the so-called command-and-control servers for botnets that are used to instruct PCs to send spam. The botnets included Rustock, Srizbi, Pushdo/Cutwail, Ozdok/Mega-D and Gheg, according to this report. If you are troubled by the sheer volume of spam that you must fight off everyday, take the time to read the report and you will gain a better understanding of how the cyber criminals behind these operations are able to conduct their illegal activities and where many of them are actually located.
The cyber criminals whose servers were taken offline when McColo went dark will eventually find other places to operate their servers and will rebuild their illegal businesses. In the meantime, you and I can enjoy a few days relief from the constant onslaught of spam that paralyzes our inboxes everyday. I can only hope that this shutdown will be a major inconvenience to them and will cost them a lot of time and money to rebuild. You and your friends can do your part by deleting all spam messages and by never ever buying anything that is spamvertised!
If you are in need of an effective spam filtering program that sits ahead of your email client, I use and recommend MailWasher Pro. MailWasher Pro intercepts your incoming POP3 email and filters out spam before you download it to your desktop email application.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.