A major Web host accused of serving up spam and controlling botnets has been largely yanked from the Internet.
What’s unique about this story is that a mainstream media outlet had a hand in bringing it down.
While digging into McColo, the Web host in question, Brian Krebs at The Washington Post‘s Security Fix blog prompted two of the company’s ISPs to cut them off.
In his blog, Krebs writes:
> The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.
The company was also the subject of a report issued today by security researchers HostExploit. Following a two-year study, the report confirmed many of Krebs’ charges, including that McColo supported pharmaceutical and other kinds of spam, served as command centers for botnets, hosted illegal content and served malware and infected sites.
According to Krebs, McColo’s servers “help manage the distribution of the majority of the world’s junk e-mail.”
Even if that’s the case, the net effect of severing the major connections used by HostExploit — which still maintains a few tenuous links to the Net through other ISPs, HostExploit noted — may be hard to see.
Krebs’ claim hinges on findings like that by HostExploit, Kaspersky Labs and others, who have accused McColo of not just malfeasance, but of playing a major part in the world’s spam epidemic. In its report, HostExploit’s analysts wrote that “it is clear that McColo has a key role in managing [the] world’s major botnets, and malware warehousing, which has been estimated as partially controlling 50 – 75 percent of the world’s spam.”
As a result, McColo’s alleged bad behavior represents only a portion of a portion of the causes of spam. And with the actual perpetrators — the parties responsible for controlling the botnet command servers that McColo hosted — still at large, and their botnets still intact (if uncoordinated at present,) it’s unclear how great an impact the news might have in even the short term.
The Web host’s site, McColo.com, was down as of press time. E-mails to the address listed in McColo’s WHOIS database entry were not returned.