Page 1 of 2 12 LastLast
Results 1 to 40 of 60
  1. #1
    Hot off the press:
    http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html
    Interesting...

  2. #2
    I'm surprised they lasted so long.

  3. #3
    I'm surprised they lasted so long.
    I guess we should ask the major question. Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Since the McColo site is down, view the following link for a historical reference:
    http://web.archive.org/web/20080202054113/www.mccolo.com/about/

  4. #4
    Join Date
    Mar 2004
    Posts
    461
    Yea; but how long till they start again at another place. It will continue...

  5. #5
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    506
    Yea; but how long till they start again at another place. It will continue...
    No doubt. It's big business.

  6. #6
    Join Date
    Aug 2008
    Posts
    671
    This will continue to happen.

  7. #7
    I guess we should ask the major question. Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Since the McColo site is down, view the following link for a historical reference:
    http://web.archive.org/web/20080202054113/www.mccolo.com/about/
    I would be shocked and concerned if they truly didn't know it was going on. I would imagine that Spamcop would have been on them, etc.

  8. #8
    Yea; but how long till they start again at another place. It will continue...
    Very true, I wonder if they will be fined for condoning these acts. The hosting company can always take the stance of them not knowing that this type of abuse was occurring on their network. Either way, it looks like the Washington Post will be following up on this story. Glad to see that someone is doing something about it.

  9. #9
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,908
    I would imagine that Spamcop would have been on them, etc.
    Spamcop were on them, and there's also an interesting (real time) graph that shows a major drop in spam right around the time McColo was shut down by Hurricane Electric.
    Week:
    http://www.spamcop.net/spamgraph.shtml?spamweek
    Month:
    http://www.spamcop.net/spamgraph.shtml?spammonth
    ... speaks for itself, but I give it a few more days before it's back to normal.

  10. #10
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Did Hurricane Electric and Global Crossing know about this prior to the Washington Post getting involved?
    Does a bear **** in the woods?
    Of course they did. They didn't care. As long as they kept getting paid for the pipe, and weren't getting bad publicity from it, they just kept looking the other way.
    Now all of a sudden one of the media's heavy hitters gets involved, and OMG!!! Shock and horror!!! HE and GLBX realize the jig is up, and 'golly gee, we should shut these Bad People down.' *snicker*
    HE and GLBX are classic examples of companies which will partake in improper, immoral, unethical and even illegal activities so long as the benefits outweigh the costs. And no, I don't for a minute believe that they'd never, ever previously been told of spam coming from this facility. I've worked abuse desks, I know how aggressively providers report this stuff ......... I've personally reported hundreds of spams to Hurricane Electric over the past 3 years, and they've all been completely ignored (based on the fact I have never seen a site removed from their network/downstream based on a report I sent to them.)
    So, good for the Washington Post for getting this facility shut off, but, shame on HE and GLBX for letting it go so long that it took the *Washington Post* sniffing around to make them take action.
    Incidentally, my inbox volume is down 38% today, and what was noticeably missing is: SPAM. There were very few spams; all that was left was legit stuff - company email and various newsletters I'm subscribed to.
    Even much more telling, on our busiest shared server, today we've received only 35% of the raw mail volume as we received yesterday. 35% of yesterday!! Granted we still have 6.3 hours to go in the day, but we don't normally get a huge email spike in the evening it's a sure bet that gross volume will be way down for the day.
    I'm going to watch and graph this, and blog about it... this is incredible.
    Bailey

  11. #11
    mwmarshall Guest
    They probally did know about this but did nothing because they had the business but as soon as the story took to the air they acted as if they had no knowledge and terminated all services they gave to the web hosting provider. I have a question though, what about companies that are located outside the US, should they be govern by the same laws US Hosting companies abide by as far as spam because in the US its illegal to spam messages but in other countries spam is find and hosting providers will also allow. Most of the US receives most of those spam messages/scam messages.

  12. #12
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Very true, I wonder if they will be fined for condoning these acts.
    I am not sure who you mean by "they," but IMO the backbones (Hurricane Electric and Global Crossing) absolutely should be fined, big-time. All that's needed are copies of previously reported spams which didn't result in any action (which surely there are all kinds of records of, internet-wide).
    Glad to see that someone is doing something about it.
    Well, but there's the misnomer. All kinds of people have been "doing something about it" for years. Heck, even I have been reporting spammers to Hurricane Electric for years. Hurricane Electric has chosen not to take action on properly-submitted legitimate spam reports.
    What it's taken to force HE's hand, is Big Media ... in other words, somebody with enough media swing & exposure finally got pissed off enough, and threatened to bring copious amounts of negative attention in HE's direction.
    What is utterly disgusting is that Hurricane Electric responds to negative media attention more quickly than legitimate spam reports sent by service providers through the proper channels.
    Bailey

  13. #13
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    I have a question though, what about companies that are located outside the US, should they be govern by the same laws US Hosting companies abide by as far as spam because in the US its illegal to spam messages but in other countries spam is find and hosting providers will also allow. Most of the US receives most of those spam messages/scam messages.
    It's impossible to impose U.S. laws outside of the U.S.
    The U.S. only has jurisdiction inside its own borders.
    Other countries do not recognize U.S. laws as applicable inside their borders; other countries have their own laws that they enforce.
    Same goes for the U.S. -- the U.S. does not officially recognize the laws of other countries as being applicable inside the U.S.'s borders.
    If the U.S. did recognize foreign laws as being applicable in the U.S., we (U.S. citizens) would be governed by both our laws and the laws of various foreign countries ........ not only is there no way for a citizen to possibly be aware of all those laws, but what happens when you break one? When you get caught having sex with your wife during daylight, now you get extradicted to XYZ Country to be prosecuted for it????? As nutty as an example that is, having marital relations during daylight is illegal activity in some countries, and a person must ask how it would be enforced -- because this discussion is about taking action (which is a type of enforcement).
    This of course begs the next question, if spam is illegal in the U.S., why don't we just block it at the borders?
    That answer is simple: The First Amendment. There is a ton of discussion online, as well as supporting case law ... Google is your friend.
    Bailey

  14. #14
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,009
    It's a pity too, as McColo.com was a pretty snazzy domain for colo.

  15. #15
    mwmarshall Guest
    The government already has regulations about spam/scams going through mail, e-mail, etc. Also if we stop it at the borders and not allow it to come in, why would that violate our first amendment? The person sending it is probably not a US citizen meaning our constitution does not apply to them and only applies to US Citizenship. I won't get much into freedom of speech and so on but this story seems interesting and I would like to see how it un-folds in the long run. Also does anyone know actually the size of the company, how many hosting accounts, domains hosted, etc?

  16. #16
    Does a bear **** in the woods?

    Let me add to this wonderful analogy:
    http://www.charmin.com/en_us/pages/home.shtml

  17. #17
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,612
    This is great. Our email logs are usually around 1 million entries per day. On the day they shut down McColo, it dropped to about 500K. Today (first full day with them offline) it was 300K.

  18. #18
    Join Date
    Feb 2004
    Posts
    741
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.

  19. #19
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,200
    Excellent news! It is disappointing though that it had to take the Washington Post for HE & GLBX to finally act.

  20. #20
    Join Date
    May 2004
    Posts
    1,663
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.
    I also thought it was more distributed - much more. I noticed a significant drop in incoming spam as well (which spamcop confirms overall).

  21. #21
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,612
    I am amazed at how much spam can come from just one source. I thought it would be more distributed from botnets.
    My understanding is that they were hosting the command servers for several large botnets, so most likely there's still a bunch of idling bots out there, waiting for their next command.

  22. #22
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    T Also if we stop it at the borders and not allow it to come in, why would that violate our first amendment?
    The key word you're looking for here is censorship.
    Bailey

  23. #23
    This is great. Our email logs are usually around 1 million entries per day. On the day they shut down McColo, it dropped to about 500K. Today (first full day with them offline) it was 300K.

    Glad to hear it.
    This is a concrete rebuttal to the often repeated, and unsubtantiated claim that the majority of spam originates from "somewhere else", else always being a region of the world held in disdain by whoever is making the proclamation.

  24. #24
    Join Date
    Dec 2002
    Location
    USA
    Posts
    337
    Host of spam groups cut off
    The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.
    While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world's junk e-mail.
    The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.
    But the company's web site was not accessible today, when two Internet providers cut off MoColo's connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.
    Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second.
    Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site. It's not clear what, if anything, U.S. law enforcement is doing about McColo's alleged involvement in the delivery of spam. An FBI spokesman declined to offer a comment for this story. The U.S. Secret Service could not be immediately reached for comment.
    Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law.
    Mark Rasch, a former cyber crime prosecutor for the Justice Department and managing director of FTI Consulting in Washington, D.C.,. said Web hosting providers are generally not liable for illegal activity carried out on their networks, except in cases involving copyright violations and child pornography.
    In the case of child pornography, providers may be held criminally liable if they know about but do nothing to eliminate such content from their servers. For example, in 2001, BuffNET, a large regional service provider in Buffalo, N .Y., pleaded guilty to knowingly providing access to child pornography because the company failed to remove offending Web pages after being alerted to the material.
    Rasch said liability in such cases generally hinges on whether the hosting provider is aware of or reasonably should have been aware of the infringing content.
    "It's a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours and not suspecting their may be drug activity going on ," Rasch said. " There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags. And to have so many third parties looking at the volume and content from this Internet provider saying 'This is outrageous,' clearly the people doing the hosting should know that as well."
    Global Crossing, a Bermuda-based company with U.S. operations in New Jersey, which was one of the two companies providing Internet connectivity to McColo, declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.
    Benny Ng, director of marketing for Hurricane Electric, a Fremont, Calif., company that was the other major Internet provider for McColo, took a much stronger public stance, upon receiving information about this investigation from washingtonpost.com
    "We shut them down," Ng said. "We looked into it a bit, saw the size and scope of the problem [washingtonpost.com was] reporting and said 'Holy cow!' Within the hour we had terminated all of our connections to them."
    Paul Ferguson, a threat researcher with computer security firm Trend Micro, said despite the apparently unilateral actions by McColo's Internet providers, his opinion is that U.S. authorities should have been examining McColo and its customers for a long time.
    "There is damning evidence that [McColo's] activity (allegedly hosting purveyors of spam) has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care," Ferguson said."
    Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert.
    More here: http://www.msnbc.msn.com/id/27689714/page/2/
    art Armin, a private security researcher who documented the activity at McColo in a report published today
    http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemid=15

  25. #25
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,559
    Interesting...I can confirm a ~50% drop in spam on Tuesday. Good riddance...although it appears the spammers are slowly firing up their servers elsewhere.
    Anyone else notice Softlayer on the "bad" list in that hostexploit report? One of the top 5?

  26. #26
    Join Date
    Mar 2008
    Location
    Los Angeles, CA
    Posts
    555
    Here is just the amount of spam emails per day in my personal email address:
    Nov 1: 147
    Nov 2: 127
    Nov 3: 159
    Nov 4: 170
    Nov 5: 169
    Nov 6: 195
    Nov 7: 183
    Nov 8: 176
    Nov 9: 173
    Nov 10: 169
    Nov 11: 142
    Nov 12: 45
    Nov 13: 8
    Its only 7 hours into November 13th but yeah Nov 12th was an all-time low.

  27. #27
    Join Date
    Dec 2002
    Location
    USA
    Posts
    337
    Many folks have the Softlayer IP range banned due to spam/phishing. We never get a response when we send abuse reports. We just sent an email to abuse@softlayer due to an attempted server intrusion from one of their IP's, not even a courtesy autoresponder.
    http://i37.tinypic.com/j5f0p1.jpg

  28. #28
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Interesting ... I had about a half-dozen spams (pharmacy, as I recall) from Softlayer in the last month -- I reported them through SpamCop.
    Do we need to start a Data Center Wall of Shame thread???
    Bailey

  29. #29
    Join Date
    Dec 2002
    Location
    USA
    Posts
    337
    Softlayer IP ranges tagged for spam:
    67.228.0.0/16
    http://www.senderbase.org/senderbase_queries/detailip?search_string=67.228.0.0%2F16
    74.86.0.0/16
    http://www.senderbase.org/senderbase_queries/detailip?search_string=74.86.0.0%2F16
    75.126.0.0/16
    http://www.senderbase.org/senderbase_queries/detailip?search_string=75.126.0.0%2F16
    208.101.0.0/18
    http://www.senderbase.org/senderbase_queries/detailip?search_string=208.101.0.0%2F18

  30. #30
    Let's have a closer look at McColo:
    http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html?nav=rss_blog

  31. #31
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    Host of spam groups cut off
    While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world's junk e-mail.
    I was curious as to which building they are referring to...
    I'm aware of at least one private cage McColo has in a datacenter in downtown SJC, but it's not in a 30 story office tower.

  32. #32
    Join Date
    Feb 2004
    Location
    San Diego, CA
    Posts
    2,584
    I have also seen a 45% decrease in spam over our local office network of about 25 computers. Nice to see this!

  33. #33
    McColo White Paper:
    http://hostexploit.com/downloads/Hostexploit%20Cyber%20Crime%20USA%20v%202.0%201108.pdf

  34. #34
    Join Date
    Jul 2005
    Location
    Los Angeles, California
    Posts
    1,369
    This is great. Our email logs are usually around 1 million entries per day. On the day they shut down McColo, it dropped to about 500K. Today (first full day with them offline) it was 300K.

    I can confirm that. Today, my inbox only had 2 spam messages compared to the usual 10-20 for my account.
    I just read about McColo in the LA Times today and I was pretty shocked that it wasn't handled earlier. According to them, there were numerous attempts to call them and email them to get them to shut down their spammers but apparently, McColo just ignored all of them. Good riddance to all of the spam, however, I'm not sure how long this will last.

  35. #35
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    Be sure to grab that White Paper. SoftLayer is presented as a 'major cog on the wheel.' (my words)
    So much for SoftLayer's reputation ....... un-freakin'-believable.
    Bailey

  36. #36
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,559
    Be sure to grab that White Paper. SoftLayer is presented as a 'major cog on the wheel.' (my words)
    So much for SoftLayer's reputation ....... un-freakin'-believable.
    Bailey
    Even worse, GNAX is listed towards the end as one of the top three child porn hosters...

  37. #37
    Softlayer IP ranges tagged for spam:
    67.228.0.0/16
    http://www.senderbase.org/senderbase_queries/detailip?search_string=67.228.0.0%2F16
    The host names in that block are interesting. It would seem that ironport.com and spamcop.net are calling spamarrest.com spammers.

  38. #38
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,772
    Even worse, GNAX is listed towards the end as one of the top three child porn hosters...
    Now that would surprise me as fast as they get on to me for any abuse reports.
    I just read that report again and it hardly says Gnax is one of the top 3 hosters of child porn. Your reading comprehension must be a little off.
    Research and contribution has shown at least 40 confirmed CP websites, name servers, and CP payment systems recently served by McColo. With sub-domains, and associated links it is also the tip of the iceberg, however. As indicated earlier, with McColo and modern cyber criminal techniques these websites and domains move locations very rapidly, as in shuffling a deck of cards. In these cases, at the time of investigation, the websites and domains in question are also co-hosted or name served by: AS12578 APOLLO LATTELEKOM Latvia AS3595 Global Net Access, LLC 1100 White Street Atlanta, GA USA AS9121 TTNet TURKEY (via - AbdAllah Internet Hizmetleri)It is simply stating that some of the domains have moved to or the name servers DNS are dual hosted at the above mentioned host.
    Big indictment to say they are one the 3 main hosters of child porn in the world.
    Spreading a rumor like that could get you sued.
    Any how I alerted Sailor to this thread, I am sure he will want to clarify and maybe have a word with you about your assertion that he is in child porn.

  39. #39
    Join Date
    Feb 2004
    Location
    Your Screen
    Posts
    3,998
    It would seem that ironport.com and spamcop.net are calling spamarrest.com spammers.
    Maybe there's a side to spamarrest.com that we don't know about ... ?? Not saying it's true, just pointing out it is a possibility.
    FWIW, I have received 4 or 5 spams from the Global Crossing network in the last 24 hours. I keep reporting them ... one of the servers on their network that I reported, I received more spam from (same server but different domain) about 8 hours after my first report!!
    So much for speedy attention to things...
    It's disgusting.
    Bailey

  40. #40
    Join Date
    Sep 2005
    Location
    Canada
    Posts
    645
    That is absolutely beautiful. The botnets being taken down is fantastic, thats probably months or years of work by the spammers up in smoke. They won't be easy to replace.
    I hope the police go through their customer lists carefully.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •