Spamhaus.
McColo is a bit different from Intercage/Atrivo in that although the IP addresses were from the N. American registry ARIN, were routed in the US, and the company used US postal addresses, the person or persons controlling the operation are based in Moscow, Russia.
We recommend anyone who saw more than a 30% reduction look into employing some sort of SMTP connection filtering as this drop in botnet spam, nice as it is, will not last. Investigators report that many of the C&C servers at McColo were originally hosted at Intercage/Atrivo. Even now, several of the C&C functions are migrating to hosting closer to the homes of the botmasters: Russia.
Complete article: Another one bytes the dust
Certifiedbug, November 13, 2008. McColo on the move?
{ 0 comments… add one now }