Posts tagged as:

McColo

Looking back at McColo

by certifiedbug on November 13, 2009

in Internet Security

Brian Krebs-Security Fix
A year later: A look back at McColo

A year ago today, the Internet community witnessed a remarkable event: The unplugging of McColo, a Web hosting facility in Northern California that for a long time controlled a majority of the spam-sending operations on the planet. McColo’s two main Internet providers abruptly yanked the cord after Security Fix presented them with scads of evidence collected by security researchers tying massive amounts of spam and other illicit activity to McColo’s network.

http://certifiedbug.com/blog/tag/mccolo/

FireEye Labs: Smashing the Mega-d/Ozdok botnet in 24 hours

{ 0 comments }

Did retail fraud rates drop when McColo’s lights went out

by certifiedbug on December 15, 2008

in Internet Security

Brian Krebs at The Washington Post reports.
Retail Fraud Rates Plummeted the Night McColo Went Offline

Ori Eisen, founder of 41st Parameter, a company providing anti-fraud consulting to a number of big retailers and banks, informed Krebs that at least two of the largest retailers his company serves saw massive declines in fraud rates directly following McColo’s take down.

Think about close to a quarter of a million dollars worth of fraudulent charges that his customers faced every day and that’s huge.

Also by Brian Krebs: Web Fraud 2.0: Faking Your Internet Address

{ 0 comments }

Srizbi spam botnet resurrected, in time for the holidays

November 26, 2008

Two articles of note:
Brian Krebs at The Washington Post: Spam Volumes Expected to Rise with Botnet Resurrection.
Atif Mushtaq and Alex Lanstein at FireEye: Srizbi control regained by original owner
The new Command and Control servers are located in Estonia, and the domains registered through a registrar in Russia.
I have already noticed an increase over the past [...]

Read the full article →

McColo. Exploiting un-vetted bandwidth reselling

November 18, 2008

McColo, estimated to host the command-and-control servers for at least five large botnets, briefly regained connectivity Saturday for approximately 12-24 hours.
This happened after a Los Angeles-based reseller named Giglinx sold bandwidth from the Swedish internet service provider TeliaSonera to the bad guys.
The reconnection opened the door, enabling a partial update of the botnet and pushing [...]

Read the full article →

Spamhaus remarks on McColo

November 17, 2008

Spamhaus.

McColo is a bit different from Intercage/Atrivo in that although the IP addresses were from the N. American registry ARIN, were routed in the US, and the company used US postal addresses, the person or persons controlling the operation are based in Moscow, Russia.
We recommend anyone who saw more than a 30% reduction look [...]

Read the full article →

McColo on the move?

November 13, 2008

This still shows.
CIDR Report for AS26780
26780 MCCOLO – McColo Corporation
Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS3549 GBLX Global Crossing Ltd.
Steve Linford from Spamhaus responding to a topic at Google Groups,
McColo Corp
Andreas Kohlbach wrote:
> Mccolo will (under a different name) find a new peer at some
> point, or already has, and in a [...]

Read the full article →

McColo Corp downed, spam down

November 12, 2008

The stats at Spamcops and MxLogic, along with my own spam filter, makes me a believer in the claim of researchers that McColo provided the connectivity responsible for half the world’s spam.

No doubt the cyber crooks who lost their botnet’s ‘command and control’ servers will resume business somewhere else, but right now we [...]

Read the full article →

McColo Cyber Crime USA

November 12, 2008

HostExploit’s Cyber Crime Series – Version 2.0
This second CYBER CRIME USA report highlights those Internet players that currently host the world‟s major spam botnets (an estimated 50% of spam worldwide), malware, rogue PC security products, cybercrime affiliate payment systems, and child pornography. This study from HostExploit.com is based on tracking and documenting ongoing cyber [...]

Read the full article →

McColo Corp down for the count

November 12, 2008

Brian Krebs at the Washington Post reports,
A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about criminal activity emanating from the network.
1) Major Source of [...]

Read the full article →