Colo shutdown takes a big bite out of spam traffic
Brian Krebs reports that the takedown of a single computer colocation facility in Northern California, the cleverly named "McColo", caused worldwide spam traffic to drop an amazing "two-thirds" to "75 percent". It has long been suspected that the majority of spam comes from just a handful of sources, but that's pretty incredible.
My unix admin roommate and I were debating how a location pushing out such an overwhelming amount of spam could have operated within the United States for so long without being taken down. Obviously they could be relaying the mail, etc., but they what's to stop the spammers from simply reinstating the control machines from another location? I'm sure there's a simple explanation, but I'm too dumb to know what it is.
Spam Volumes Drop by Two-Thirds After Firm Goes Offline [WashingtonPost.com]
6 Comments
Leave a comment
RECENT COMMENTS
nehpetsE on Colo shutdown takes a big bite...
"It has been shientifically proofed that only one in Twelve million, Five hundred..."
dragonfrog on Colo shutdown takes a big bite...
"Bardfinn I can attest that much of the botnet command traffic going into McColo..."
bardfinn on Colo shutdown takes a big bite...
"Doomstalk's explanation & Hackaday makes sense: Every colo admin I've worked wit..."
Doomstalk on Colo shutdown takes a big bite...
"According to Hackaday, it's not so much that these guys were sending out spam th..."
yer_maw on Colo shutdown takes a big bite...
"STOP BUYING STUFF FROM SPAM!!!! JEESUS...."
MarlboroTestMonkey7 on Colo shutdown takes a big bite...
"My take is that the authorities grok easier to cut the spampersons instead of an..."
AT |
|
- Ashcroft may be held liable for those wrongfully detained after 9/11
- Spreadsheet of every TED talk as of 9/2/2009
- San Francisco: art.tech at The LAB
- Skeleton Dance cartoon from 1929
- Film decors by the Brothers Quay
- Locus column: Special Pleading, the dirty rhetorical trick used to disqualify all open publishing successes
- Why the Mt. Wilson Observatory was worth saving
- Interview with author of Introvert Power
- Microgravity science experiments
- Bones salt & pepper shakers
MarlboroTestMonkey7
#1 – 6:32 AM November 13, 2008
My take is that the authorities grok easier to cut the spampersons instead of an hydra of spammachinery.
yer_maw
#2 – 6:51 AM November 13, 2008
STOP BUYING STUFF FROM SPAM!!!!
JEESUS.
Doomstalk
#3 – 7:32 AM November 13, 2008
According to Hackaday, it's not so much that these guys were sending out spam themselves, as hosting the control servers for spam botnets.
bardfinn
#4 – 8:27 AM November 13, 2008
Doomstalk's explanation & Hackaday makes sense: Every colo admin I've worked with had IDS characterising the traffic into and out of each machine. It's entirely possible that the spammers were renting time on the colo's machines for command & control systems, with entirely encrypted traffic.
It would make an interesting tidbit of knowledge for the lawyers of anyone who ever hosted at that colo whose machine was hijacked for a spambot, though.
dragonfrog
#5 – 4:00 PM November 13, 2008
Bardfinn
I can attest that much of the botnet command traffic going into McColo's data centres was not encrypted - plain old IRC logins to helpfully named channels like #botnet, downloading long lists of email addresses over unencrypted HTTP, etc. If they were profiling the traffic, it wasn't with the aim of helping the Feds.
In investigating possibly infected machines (which I do semi-regularly at work), if firewall logs showed regular traffic into McColo, that was a dead giveaway. I don't think I ever ran into a case of legitimate, non-malicous traffic to their servers.
Good riddance to them, and may they never come back, I say.
nehpetsE
#6 – 6:24 PM November 13, 2008
It has been shientifically proofed that only one in Twelve million, Five hundred thousand spam emails actually makes a sale. see link
http://www.techradar.com/news/computing/spammers-get-1-response-to-12-500-000-emails-483381
this would tend to confirm that the odds are very good that NO ONE i know has ever bought anything from a spam.