Spam drops (dramatically!) after Internet providers disconnect a California hosting firm

By | November 14, 2008

A San Jose business reported to be responsible for more than 75 percent of the world’s spam email has been cut off from the Internet and its web site shut down. According to a report at the Washington Post, McColo Corp. was a web hosting business with customers made up of “some of the most disreputable cyber-criminal gangs in business today.”

The company’s web site,, was not working on Wednesday. The Post reported in a blog that Global Crossing in Bermuda and Hurricane Electric in Fremont, two of McColo’s main Internet providers, pulled the plug after getting reports from Security Fix about its activities, some of which were annoying and others outright illegal. Security Fix studied the company for four months before making the report. – bizj

ph2008111301768The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedly engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.

While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world’s junk e-mail.

… Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening., another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. (12 November 2008)

Is this for real? A 66% drop? Can anyone calculate how much energy this represents (e.g. in electricity and infrastructure)? -BA – energybulletin

Interestingly, the story has been pulled off of MSNBC. Still available on the WashingtonPost web site.

… Ian Amit, director of security research for Aladdin Knowledge Systems, an Israeli security intelligence firm, said cyber criminals have for many months used servers at McColo to manage Web sites that push out new versions of the “Torpig,” or “Sinowal” Trojan horse program, which is widely considered one of the stealthiest and most sophisticated families of malicious software in existence today. In October, RSA FraudAction Research Lab learned a single cyber crime group has used the Torpig Trojan to steal more than a half million bank, credit and debit card accounts from infected PCs over the past two-and-a-half years. Amit said he found that recent Torpig attacks were being coordinated out of a Web server in Florida, which in turn was controlled by a VPN server running at McColo. Aladdin’s findings were mirrored by those of researchers at iDefense, a security firm in Sterling, Va.

I spoke to an agent briefly once about spam.  What I took away is that the FBI sees Internet marketing in general as a legitimate business, not as a crime that costs billions of dollars in computer resources and worker productivity.

It would be reassuring to learn that McColo was not one of the 23,000 members of InfraGard, protected, perhaps, by having access to inside information.

The FBI’s InfraGard program: “A more localized example of our private sector partnerships. Members from a host of industries, from computer security to the chemical sector, share information about threats to their own companies, in their own communities, through a secure computer server. To date, there are nearly 21,000 members of InfraGard, from Fortune 500 companies to small businesses. That amounts to 21,000 partners in our mission to protect America.” – infragard

Infragard protects members against attacks and builds relationships between business and local FBI officials according to a power point presentation titled “InfraGard, A Partnership for Protection” on

I don’t buy the hype that InfraGard is a vast and dangrous conspiracy, but in the case of this one company I would find it unsurprising if Bush’s influence has been responsible for 66 to 75% of the world’s spam. The Bush “Can Spam Act” protects Internet Marketers, and increased spam.

2 thoughts on “Spam drops (dramatically!) after Internet providers disconnect a California hosting firm

  1. Alan

    Hard to believe that anyone thinks that Infragard members are “protected” from anything.

    Not hard to believe this is a blog run by just another conspiracy theorist that hasn’t actually done any research what-so-ever. :

Leave a Reply