For several weeks now, Internet Security Researchers have identified the servers hosted by McColo Corp (in San Jose, California, USA) as a major source of command-and-control of International Spam Botnets. On November 12th 2008, the Internet Connectivity to McColo Corp was cut by both its connectivity providers (Global Crossing and Hurricane Electric) - effectively disconnecting all the McColo Corp hosted servers from the Internet.

Since then, we have monitored a dramatic decrease in both Spam and Malware on the global Internet. The number of Spam and Malware emails has dropped to about 1/3rd of previous levels, and the global percentage of spam in email has dropped from 58% to 42%. We have not seen any reduction in the level of malicious network probes or Intrusions (indicating that the McColo affect is limited to eMail based threats).

One affect is that the USA has been knocked off it's #1 position as the major source of spam (a position it has held for several years now). Currently, China is the #1 source of spam, as USA-source spam has, over the past few days, dropped to 1/4 its previous levels.

Network Box Security Response has been monitoring for two days now, but we haven't seen any resurgence of spam activity. While the command-and-control systems of the botnets have been impacted by the shutdown of McColo, the botnets themselves are still in place and waiting for commands. It is uncertain how easily the affected spammers will be able to regain control of their botnets and resume their activity. While this is undoubtedly the largest such impact we have seen from enforcement activities against spammers, it is not a fatal blow and will merely delay the spammers.

Back