Spam drops after McColo Corp taken offline

SMTP connections that involves spam have dropped 50% at MX Lab since yesterday. At first, we thought we faced a technical problem and all systems where checked to be sure but there where less SMTP conenctions that contained spam. Today we still noticed a very low level of spam volume.

Several news sites report that the San-Jose, California, US based hosting firm McColo Corp. has been taken offline when its primary Internet providers severed its connection to the web.

McColo’s clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets. McColo hosts the botnet command-and-control servers (Rustock, Srizbi, Pushdo/Cutwail, Ozdok/Mega-D and Gheg)  as well as other systems that ran malware distribution points and criminal payment services. McColo could be responsible for approx. 75% of all the spam traffic according to several sources.

Security Fix has gathered data about the activities of McColo over the past four months and has handed over some critical information towards the ISPs that offer the internet connection for McColo.

Hurricane Electric, one of the major Internet providers for McColo, has shut down the internet connection towards the hosting provider within the hour.

In September another U.S.-based hosting service Intercage, also active under the name Atrivo, suspected of harboring spammers was shut down. Within three days, the dip had disappeared as others stepped in. So it is expected that the spam level will return to its usual levels within the next few days.