.NExT Web Security - Fighting 419 (Nigerian Advanced Fee Fraud) and other internet scams. Providing International Law Enforcement, investigators and anti-scam specialists with effective tools to combat internet crime.
Serving International Law Enforcement, Investigators and Anti-scam Specialists
Countries visiting Next Web Security - 419 Nigerian Advanced Fee Fraud

Major Source of Online Scams and Spams Knocked Offline

November 11, 2008

A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network.

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today.

On Monday, Security Fix contacted the Internet providers that manage more than 90 percent of the company's connection to the larger Internet, sending them information about badness at McColo as documented by the security industry.

On Tuesday afternoon, I heard back from Global Crossing, one of McColo's major Internet providers. Their spokesman declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.

Two hours later, I heard from Benny Ng, director of marketing for Hurricane Electric, the Fremont, Calif., company that was the other major Internet provider for McColo.

Hurricane Electric took a much stronger public stance: "We shut them down," Ng said.

"We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."

As of this writing, McColo's Web site is no longer available. In fact, I pinged no fewer than three different researchers who have tracked activity at McColo for many months: None could find a single Internet address assigned to the hosting provider that was still reachable.

The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.

Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site before the site was taken offline.

There's more to come with details about this story later tonight or early tomorrow, but I wanted to get this post published before we got scooped on our own story.

Back to Articles


Please visit our sponsors


Visit NExT Web Security's
Security Store