If you’ve noticed a drop in the amount of spam you’ve been getting, thank Washington Post security blogger Brian Krebs. Krebs did an expose on McColo, a San Jose, Calif. ISP that some called a “landfill ISP.” Those are ISPs that attract an inordinate amount of shady or criminal activity.
After his stories ran, McColo was kicked offline up its upstream provider. Our Managing Editor Chris Saunders did his own write-up on the issue. Since then, Krebs has tracked back much of McColo’s traffic, showing that major botnets like Srizbi and Rustock were operating through McColo.
The effect on the Internet has been tremendous, with spam volumes dropping anywhere from 40 percent to 70 percent, depending on which spam watcher you check, and according to IronPort, which sells spam filtering hardware, the levels have stayed down for more than a week, which means the crooks haven’t been able to find a new outlet yet.
Krebs is definitely one of the good guys. His reporting last year on the Russian Business Network put that vile ISP out of business, too. RBN didn’t appear to have a single legitimate business as a customer, it was entirely malware, spam and child porn. RBN’s upstream provider pulled the plug, putting it out of business as well, scattering the rats who used the service all over the place.
Nice work, Brian. Now make sure to check under your car before you get in it, ok?