Page 1 of 3 123 LastLast
Results 1 to 25 of 60
  1. #1
    Hot off the press:
    http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html
    Interesting...

  2. #2
    I'm surprised they lasted so long.

  3. #3
    I'm surprised they lasted so long.
    I guess we should ask the major question. Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Since the McColo site is down, view the following link for a historical reference:
    http://web.archive.org/web/20080202054113/www.mccolo.com/about/

  4. #4
    Join Date
    Mar 2004
    Posts
    460
    Yea; but how long till they start again at another place. It will continue...

  5. #5
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    Yea; but how long till they start again at another place. It will continue...
    No doubt. It's big business.

  6. #6
    Join Date
    Aug 2008
    Posts
    671
    This will continue to happen.

  7. #7
    I guess we should ask the major question. Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Since the McColo site is down, view the following link for a historical reference:
    http://web.archive.org/web/20080202054113/www.mccolo.com/about/
    I would be shocked and concerned if they truly didn't know it was going on. I would imagine that Spamcop would have been on them, etc.

  8. #8
    Yea; but how long till they start again at another place. It will continue...
    Very true, I wonder if they will be fined for condoning these acts. The hosting company can always take the stance of them not knowing that this type of abuse was occurring on their network. Either way, it looks like the Washington Post will be following up on this story. Glad to see that someone is doing something about it.

  9. #9
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,861
    I would imagine that Spamcop would have been on them, etc.
    Spamcop were on them, and there's also an interesting (real time) graph that shows a major drop in spam right around the time McColo was shut down by Hurricane Electric.
    Week:
    http://www.spamcop.net/spamgraph.shtml?spamweek
    Month:
    http://www.spamcop.net/spamgraph.shtml?spammonth
    ... speaks for itself, but I give it a few more days before it's back to normal.

  10. #10
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Does a bear **** in the woods?
    Of course they did. They didn't care. As long as they kept getting paid for the pipe, and weren't getting bad publicity from it, they just kept looking the other way.
    Now all of a sudden one of the media's heavy hitters gets involved, and OMG!!! Shock and horror!!! HE and GLBX realize the jig is up, and 'golly gee, we should shut these Bad People down.' *snicker*
    HE and GLBX are classic examples of companies which will partake in improper, immoral, unethical and even illegal activities so long as the benefits outweigh the costs. And no, I don't for a minute believe that they'd never, ever previously been told of spam coming from this facility. I've worked abuse desks, I know how aggressively providers report this stuff ......... I've personally reported hundreds of spams to Hurricane Electric over the past 3 years, and they've all been completely ignored (based on the fact I have never seen a site removed from their network/downstream based on a report I sent to them.)
    So, good for the Washington Post for getting this facility shut off, but, shame on HE and GLBX for letting it go so long that it took the *Washington Post* sniffing around to make them take action.
    Incidentally, my inbox volume is down 38% today, and what was noticeably missing is: SPAM. There were very few spams; all that was left was legit stuff - company email and various newsletters I'm subscribed to.
    Even much more telling, on our busiest shared server, today we've received only 35% of the raw mail volume as we received yesterday. 35% of yesterday!! Granted we still have 6.3 hours to go in the day, but we don't normally get a huge email spike in the evening it's a sure bet that gross volume will be way down for the day.
    I'm going to watch and graph this, and blog about it... this is incredible.
    Bailey

  11. #11
    mwmarshall Guest
    They probally did know about this but did nothing because they had the business but as soon as the story took to the air they acted as if they had no knowledge and terminated all services they gave to the web hosting provider. I have a question though, what about companies that are located outside the US, should they be govern by the same laws US Hosting companies abide by as far as spam because in the US its illegal to spam messages but in other countries spam is find and hosting providers will also allow. Most of the US receives most of those spam messages/scam messages.

  12. #12
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Very true, I wonder if they will be fined for condoning these acts.
    I am not sure who you mean by "they," but IMO the backbones (Hurricane Electric and Global Crossing) absolutely should be fined, big-time. All that's needed are copies of previously reported spams which didn't result in any action (which surely there are all kinds of records of, internet-wide).
    Glad to see that someone is doing something about it.
    Well, but there's the misnomer. All kinds of people have been "doing something about it" for years. Heck, even I have been reporting spammers to Hurricane Electric for years. Hurricane Electric has chosen not to take action on properly-submitted legitimate spam reports.
    What it's taken to force HE's hand, is Big Media ... in other words, somebody with enough media swing & exposure finally got pissed off enough, and threatened to bring copious amounts of negative attention in HE's direction.
    What is utterly disgusting is that Hurricane Electric responds to negative media attention more quickly than legitimate spam reports sent by service providers through the proper channels.
    Bailey

  13. #13
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    I have a question though, what about companies that are located outside the US, should they be govern by the same laws US Hosting companies abide by as far as spam because in the US its illegal to spam messages but in other countries spam is find and hosting providers will also allow. Most of the US receives most of those spam messages/scam messages.
    It's impossible to impose U.S. laws outside of the U.S.
    The U.S. only has jurisdiction inside its own borders.
    Other countries do not recognize U.S. laws as applicable inside their borders; other countries have their own laws that they enforce.
    Same goes for the U.S. -- the U.S. does not officially recognize the laws of other countries as being applicable inside the U.S.'s borders.
    If the U.S. did recognize foreign laws as being applicable in the U.S., we (U.S. citizens) would be governed by both our laws and the laws of various foreign countries ........ not only is there no way for a citizen to possibly be aware of all those laws, but what happens when you break one? When you get caught having sex with your wife during daylight, now you get extradicted to XYZ Country to be prosecuted for it????? As nutty as an example that is, having marital relations during daylight is illegal activity in some countries, and a person must ask how it would be enforced -- because this discussion is about taking action (which is a type of enforcement).
    This of course begs the next question, if spam is illegal in the U.S., why don't we just block it at the borders?
    That answer is simple: The First Amendment. There is a ton of discussion online, as well as supporting case law ... Google is your friend.
    Bailey

  14. #14
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,006
    It's a pity too, as McColo.com was a pretty snazzy domain for colo.

  15. #15
    mwmarshall Guest
    The government already has regulations about spam/scams going through mail, e-mail, etc. Also if we stop it at the borders and not allow it to come in, why would that violate our first amendment? The person sending it is probably not a US citizen meaning our constitution does not apply to them and only applies to US Citizenship. I won't get much into freedom of speech and so on but this story seems interesting and I would like to see how it un-folds in the long run. Also does anyone know actually the size of the company, how many hosting accounts, domains hosted, etc?

  16. #16
    Does a bear **** in the woods?

    Let me add to this wonderful analogy:
    http://www.charmin.com/en_us/pages/home.shtml

  17. #17
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,559
    This is great. Our email logs are usually around 1 million entries per day. On the day they shut down McColo, it dropped to about 500K. Today (first full day with them offline) it was 300K.

  18. #18
    Join Date
    Feb 2004
    Posts
    741
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.

  19. #19
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,195
    Excellent news! It is disappointing though that it had to take the Washington Post for HE & GLBX to finally act.

  20. #20
    Join Date
    May 2004
    Posts
    1,663
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.
    I also thought it was more distributed - much more. I noticed a significant drop in incoming spam as well (which spamcop confirms overall).

  21. #21
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,559
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.
    My understanding is that they were hosting the command servers for several large botnets, so most likely there's still a bunch of idling bots out there, waiting for their next command.

  22. #22
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    T Also if we stop it at the borders and not allow it to come in, why would that violate our first amendment?
    The key word you're looking for here is censorship.
    Bailey

  23. #23
    This is great. Our email logs are usually around 1 million entries per day. On the day they shut down McColo, it dropped to about 500K. Today (first full day with them offline) it was 300K.

    Glad to hear it.
    This is a concrete rebuttal to the often repeated, and unsubtantiated claim that the majority of spam originates from "somewhere else", else always being a region of the world held in disdain by whoever is making the proclamation.

  24. #24
    Join Date
    Dec 2002
    Location
    USA
    Posts
    337
    Host of spam groups cut off
    The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.
    While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world's junk e-mail.
    The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.
    But the company's web site was not accessible today, when two Internet providers cut off MoColo's connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.
    Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second.
    Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site. It's not clear what, if anything, U.S. law enforcement is doing about McColo's alleged involvement in the delivery of spam. An FBI spokesman declined to offer a comment for this story. The U.S. Secret Service could not be immediately reached for comment.
    Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law.
    Mark Rasch, a former cyber crime prosecutor for the Justice Department and managing director of FTI Consulting in Washington, D.C.,. said Web hosting providers are generally not liable for illegal activity carried out on their networks, except in cases involving copyright violations and child pornography.
    In the case of child pornography, providers may be held criminally liable if they know about but do nothing to eliminate such content from their servers. For example, in 2001, BuffNET, a large regional service provider in Buffalo, N .Y., pleaded guilty to knowingly providing access to child pornography because the company failed to remove offending Web pages after being alerted to the material.
    Rasch said liability in such cases generally hinges on whether the hosting provider is aware of or reasonably should have been aware of the infringing content.
    "It's a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours and not suspecting their may be drug activity going on ," Rasch said. " There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags. And to have so many third parties looking at the volume and content from this Internet provider saying 'This is outrageous,' clearly the people doing the hosting should know that as well."
    Global Crossing, a Bermuda-based company with U.S. operations in New Jersey, which was one of the two companies providing Internet connectivity to McColo, declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.
    Benny Ng, director of marketing for Hurricane Electric, a Fremont, Calif., company that was the other major Internet provider for McColo, took a much stronger public stance, upon receiving information about this investigation from washingtonpost.com
    "We shut them down," Ng said. "We looked into it a bit, saw the size and scope of the problem [washingtonpost.com was] reporting and said 'Holy cow!' Within the hour we had terminated all of our connections to them."
    Paul Ferguson, a threat researcher with computer security firm Trend Micro, said despite the apparently unilateral actions by McColo's Internet providers, his opinion is that U.S. authorities should have been examining McColo and its customers for a long time.
    "There is damning evidence that [McColo's] activity (allegedly hosting purveyors of spam) has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care," Ferguson said."
    Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert.
    More here: http://www.msnbc.msn.com/id/27689714/page/2/
    art Armin, a private security researcher who documented the activity at McColo in a report published today
    http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemid=15

  25. #25
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,477
    Interesting...I can confirm a ~50% drop in spam on Tuesday. Good riddance...although it appears the spammers are slowly firing up their servers elsewhere.
    Anyone else notice Softlayer on the "bad" list in that hostexploit report? One of the top 5?

Page 1 of 3 123 LastLast

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •