It looks like spam volume has taken a turn for the better, at least for now.
After a couple of years of playing a shell game with security researchers, spam giant McColo Corp. was finally disconnected. Hosting major operations related to porn, credit card theft, fraud and other nefarious criminal activities, McColo posed as a legitimate corporate entity and conducted its business operations in Silicon Valley. On a global level, McColo is reportedly accountable for anywhere from 50 to 75 percent of all spam activity on the planet.
Trend Micro contributed research & intelligence to the HostExploit.com Cyber Crime Report, which detailed the criminal activity occurring inside of McColo for the past two years. Advanced Threats Researcher Paul Ferguson worked with other security researchers to compile the necessary information on those activities, which compelled their upstream ISPs to terminate connectivity to McColo after this information was made public.
McColo’s Internet Service Providers – Global Crossing and Hurricane Electric, were alerted by these investigators of their criminal activities, and once presented with details of this investigation, the ISPs immediately ceased their connectivity services with McColo.
This event definitely is a big blow to spam in general, however, it may be a very short-lived victory. The criminal operatives affected by these actions will most certainly make every attempt to move their operations elsewhere — we are watching.
The Trend Micro Email Reputation Services (ERS) detected a 40% drop in spam activity immediately following the termination of McColo’s connectivity:
Not only have we seen a dramatic drop in spam inside of Trend Micro’s back-end correlations systems, but the rest of the world continues to see the dramatically lower volumes of spam:
This small victory will most likely be short-lived, as it is almost certain that these obviously profitable criminal operations are too valuable for these criminal operations to be abandoned.
But Trend Micro customers won’t be without protection — the Trend Micro Smart Protection Network will block spam messages even before they reach users’ inboxes, and we are doing continual due diligence to ensure that all of the badware associated with these criminal operations is blocked before you ever see it.
With additional editorial input by Paul Ferguson, Advanced Threats research.
Update: 15 Nov 2008, 21:42 PST: It appears that McColo is back “on the air” as of this afternoon, so we’ll have to see what happens next.
Update: 16 Nov 2008, 09:30 PST: McColo is once again “off the air” as of this morning.