McColo

McColo
Effect of McColo takedown on spam volumes, from SpamCop.

McColo was a San Jose-based web hosting service provider.[1] In late 2008, the company was shut down by the two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.[1]

Contents

History

McColo was formed by a 19-year-old Russian hacker and student named Nikolai. Nikolai's nickname was "Kolya McColo;" hence the name of the provider.[2]

Malware traffic

At the time of termination of its upstream service on November 11, 2008, it was estimated that McColo customers were responsible for a substantial proportion of all email spam then flowing[3] and subsequent reports claim a two-thirds or greater reduction in global spam volume.[4] This reduction had been sustained for some period after the takedown.[5] McColo was one of the leading players in the so-called "bulletproof hosting" market — ISPs that will allow servers to remain online regardless of complaints.

According to Ars Technica and other sources, upstream ISPs Global Crossing and Hurricane Electric terminated service when contacted by Brian Krebs and The Washington Post’s Security Fix blog,[6][7] but multiple reports had been published by organisations including SecureWorks, FireEye and ThreatExpert, all naming McColo as the host for much of the world's botnet traffic.[8][9][10][11] According to Joe Stewart, director of malware research for SecureWorks, the Mega-D, Srizbi, Pushdo, Rustock and Warezov botnets all hosted their master servers at McColo; numerous complaints had been made but McColo simply moved offending servers and sites to different subnets. Spamhaus.org reportedly finds roughly 1.5 million computers infected with either Srizbi or Rustock sending spam in an average week.

Following the shut down, details began to emerge of the ISP's other clients, which included distributors and vendors of child pornography and other criminal enterprises, including the notorious Russian Business Network.[12]

McColo gained reconnection briefly on November 19, 2008 via a backup connection agreement common in the industry, but was rapidly shut down again.[13]

The McColo takedown especially affected Srizbi, the world's largest botnet, with around 500,000 infected nodes as of November 2008.[14] The botnet is reported to be capable of sending around 60 billion spam messages a day, which is more than half of the global total of 100 billion.[15]

Symantec's monthly state of spam report for April 2009 stated that spamming was now back to what it was before McColo was taken offline. Due to botnets being created and old ones being brought back online, it estimated that about 85 percent of all email traffic is spam.[16][17]

See also

External links

References

  1. ^ a b Krebs, Brian (November 12, 2008). "Host of Internet Spam Groups Is Cut Off". Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html. Retrieved January 27, 2009. 
  2. ^ Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Underworld. O'Reilly Media, Inc., 2009, ISBN 0596802153, pg. 127.
  3. ^ McColo goes silent, The Register, November 12, 2008
  4. ^ Spam Volumes Drop by Two-Thirds After Firm Goes Offline, Washington Post "Security Fix" blog, November 12, 2008
  5. ^ Spam Back to 94% of All E-Mail, The New York Times "Bits" Blog, March 31, 2009
  6. ^ A Closer Look at McColo, Washington Post Security Fix blog
  7. ^ Spam sees big nosedive as rogue ISP McColo knocked offline, Ars Technica, November 12, 2008
  8. ^ secureworks threat analysis
  9. ^ FireEye threat analysis
  10. ^ ThreatExpert threat analysis
  11. ^ SecureWorks threat analysis
  12. ^ Washington Post, November 12, 2008
  13. ^ McColo reconnect highlights network security gap, Ars Technica, November 20, 2008
  14. ^ Srizbi returns from the dead, The Register, November 26, 2008
  15. ^ Srizbi grows into world's largest botnet, CSO Online, May 13, 2008
  16. ^ Spammers recovering from McColo shutdown
  17. ^ State Of Spam for April 2009

Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Botnet Srizbi — Le botnet Srizbi, aussi connu sous les noms de Cbepblay et Exchanger, est réputé être le plus grand ou le deuxième plus grand botnet et est responsable de la transmission de la moitié du spam qui transite par l ensemble des botnets… …   Wikipédia en Français

  • Srizbi botnet — Botnet Srizbi Le botnet Srizbi, aussi connu sous les noms de Cbepblay et Exchanger, est réputé être le plus grand ou le deuxième plus grand botnet et est responsable de la transmission de la moitié du pourriel qui transite par l ensemble des… …   Wikipédia en Français

  • November 2008 in science — 2008 : ← January February March April May June July August September October November December → << November 2008 >> …   Wikipedia

  • Rustock — Rustock  руткит и ботнет, созданный на его базе. Rustock появился в 2006 году.[1] Ботнет функционировал до марта 2011 года.[2] Поражались ПК с 32 битной ОС Microsoft Windows. С заражённых компьютеров рассылался спам, скорость его рассылки… …   Википедия

  • Spam (electronic) — An email box folder littered with spam messages A typical spam m …   Wikipedia

  • Psycheclone — is a web bot used for harvesting e mail addresses. It started to appear on web logs around June 2006. On one occasion, it accessed a blog 800 times, trying to look for additional links for e mail harvesting.In September/October 2006 many spam… …   Wikipedia

  • Blog-Spam — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • Blog-Spamming — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • Blogspam — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • E-Mail-Spam — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”