Home / News I have a News Tip

Spam Volumes Dropped by Two-Thirds After Major Spam Hub Shut Down

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.

The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline, reports Brian Krebs of The Washington Post today.

"Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day."

Graphs shows the number of messages submitted as spam along with the number of reports consumated regarding those messages in a 24 hour period. These numbers now reflect only a small fraction of total spam being processed by SpamCop, but they are still representative of the total. Source: Spamcop.net

During October, an average of 190 billion spam messages were sent daily, said Nilesh Bhandari, a product manager at IronPort, a messaging security company. Yesterday, however, the hourly average dropped to 112 billion, resulting in a 41% decline.

Read full story: The Washington Post

Related topics: Spam

 
   

Comments

Re: Spam Volumes Dropped by Two-Thirds After Major Spam Hub Shut Down Fergie  –  Nov 12, 2008 9:11 PM PDT

I would also recommend reading the HostExploit.com research whitepaper on the activities observed in McColo:

http://hostexploit.com/

...and it becomes very clear the sort of "badness" that was occurring there.

FYI,

- ferg

mccolo never lost connectivity? Carl Byington  –  Nov 13, 2008 10:29 AM PDT

From looking at the bgp logs, it seems that mccolo never lost connectivity. They brought up a new connection via Los Nettos before dropping (or being dropped by) HE.

show ip bgp 208.66.194.0
7397 226 26780

Re:mccolo never lost connectivity? Fergie  –  Nov 13, 2008 12:47 PM PDT

@Carl Byington

Not sure where you came up with that — McColo is dead in the water, routing-wise:

Hello, this is zebra (version 0.95a).
Copyright 1996-2004 Kunihiro Ishiguro.

route-views2.routeviews.org> sho ip bgp 208.66.192.0
BGP routing table entry for 208.66.192.0/22
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
3277 3216 3549 26780
194.85.4.55 from 194.85.4.55 (194.85.4.16)
Origin IGP, localpref 100, valid, external, best
Community: 3216:3000 3216:3004 3277:3216 3549:4151 3549:30840
Last update: Thu Nov 13 15:19:33 2008

8001 10910 22212 26780
209.123.12.51 from 209.123.12.51 (209.123.12.51)
Origin IGP, localpref 100, valid, external
Community: 8001:1000 8001:1008 65010:300
Last update: Wed Nov 12 16:16:20 2008

route-views2.routeviews.org>

%traceroute 208.66.192.1

Tracing route to 208.66.192.1 over a maximum of 30 hops

1 2 ms 1 ms 1 ms 208.66.192.1

[snip]

4 12 ms 23 ms 49 ms pos-0-4-0-0-ar01.sfsutro.ca.sfba.comcast.net [68
.86.90.158]
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * ^C

- ferg

> Not sure where you came up Carl Byington  –  Nov 13, 2008 6:30 PM PDT

> Not sure where you came up with that

From a bgp speaking router.

> BGP routing table entry for 208.66.192.0/22
> 3277 3216 3549 26780

Your own test via routeviews shows them connected via as3549 gblx.net.

Or am I missing something? Many systems don't respond to traceroute or ping.

Re: > Not sure where you came up Fergie  –  Nov 13, 2008 6:52 PM PDT

For all intents and purposes, McColo is "off the air".

- ferg

up and running today Carl Byington  –  Nov 14, 2008 4:48 PM PDT

host canadianpharmacycorp2.com
canadianpharmacycorp2.com has address 208.72.168.23

curl http://canadianpharmacycorp2.com/welcome.php 2>/dev/null | grep TITLE

License Pharmacy Online

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Government Guidance for Email Authentication Has Arrived in USA and UK

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor Fraud Intelligence Report Released for Q2 2011

The Botnet-Counterfeit Drugs Connection

New Monthly Fraud Intelligence Report Now Available

MarkMonitor to Highlight Importance of Cross-Functional Approach to Brand Protection

Paid Search Ads Can Lead to Fake Goods

Open Phishing Season

.ORG Highlighted for Success in Fighting Phishing

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

New Report Shows .INFO Domain Safest from Phishing Attacks

MarkMonitor AntiFraud Solutions Combine Proven Antiphishing and Expert Antimalware Capabalities

COCC Partners with MarkMonitor for Anti-Phishing Services

ICANN Mexico City Meeting Brings a Significant Shift in Direction for Brand Rights Holder Issues

MarkMonitor Year-in-Review Report Finds Online Abuse of Major Brands Was a Growth Industry for Fraud

Committed to Keeping the Internet a Safe Place