Spam Traffic Plunges After Report Blames Server Hosting Company

[Teacher Mark 53]

By Joseph Menn

November 14, 2008

Microsoft Corp. founder Bill Gates' 2004 proclamation that the spam problem would be solved within two years has proved a bitter joke, with unsolicited messages doubling yearly to make up about 90% of mail transmitted on the Internet.

But this week, the tide turned. The number of unwanted, offensive and misleading e-mails sent across the globe plummeted by about two-thirds, to a mere 60 billion or so a day by Thursday, according to spam filtering companies.

The surprising respite had very little to do with the hundreds of millions of dollars that corporations and consumers have spent on anti-spam software or with the lawsuits and criminal cases brought against spammers in the last decade.

Instead, a ragtag band of researchers pulled off the unprecedented coup of drastically cutting the spam volume by adopting a new strategy: going after mainstream U.S. companies that can unknowingly help spammers, identity thieves and child porn purveyors by carrying their traffic on the Internet.

Few expect the relief to last. The major anti-virus firm Symantec Corp. predicted a return to the previous level by Christmas.

"Enjoy it while you can," said Doug Bowers, the company's senior director of anti-abuse engineering.

But the rare victory gives hope to those combating spam and other "malware" by showing that even as the bad guys get smarter, new strategies can make a difference.

"I'm not under the illusion that it's going to last forever, but it's nice to have these small victories," said Paul Ferguson, an advanced threat researcher at software security company Trend Micro Inc. who contributed to the effort.

He and other analysts circulated a dense report Wednesday that blamed some companies for allowing spam to proliferate. Two big providers of Internet connections named in it -- Hurricane Electric Internet Services and Global Crossing Ltd. -- acted quickly to cut ties to the core subject of the document, a little-known Silicon Valley company called McColo Corp. that rents out servers to clients.

The researchers didn't say whether McColo knowingly aided criminals, but they described some of the nefarious activities conducted on some websites the company hosted. Among other things, McColo reportedly enabled its customers to control vast networks of hijacked computers to send spam and take payments for fake anti-virus software.

"We got the report, and it looked pretty damning," said Benny Ng, director of infrastructure at Hurricane Electric, of Fremont, Calif. "They were a client of ours, and we turned them off."

Global Crossing did the same thing, security researchers said, though it didn't respond to interview requests.

McColo didn't answer messages seeking comment, and its website was off-line late Thursday. The company is now under FBI scrutiny, people familiar with the case said. An agency spokesman said the FBI wouldn't confirm or deny an active investigation.

Among other things, the researchers alleged that McColo operated servers that were used to control armies of drone computers that sent spam and siphoned financial information from those computers' owners, as well as servers used in offering child pornography.

The criminal groups that allegedly used McColo are largely believed to be based overseas. The groups now have to find other service providers.

"They're just like cockroaches; they'll scurry and set up operations other places," Ferguson said. "We're watching them do it, and maybe we'll be able to identify who is pulling the strings in Eastern Europe."

Several other contributors to the report, published at HostExploit.com, were identified by first name only, and its editor uses a pseudonym, Jart Armin. Some researchers don't want to cause controversy for their various corporate employers, while others fear physical harm from organized criminal groups behind child porn and fraudulent activity.

"The majority of the mainstream does care," said Armin, who described himself as a financial services security consultant. "As the community, we need to continuously remind or shame the others into caring. When the industry takes a proactive stance, many of the problems can be resolved."

Members of the band have different specialties, including tracing Internet traffic, analyzing how malicious software works and attributing spam to specific groups.

What they have in common is frustration -- at the enormous problems U.S. law enforcement has in pursuing suspects overseas; at the cloak of plausible deniability that allows bad operators to keep doing business with larger and more reputable firms; and at the inability of software to prevent consumers from being ripped off.

Unfortunately, the new approach would have been far more effective a few years ago. Server hosting companies and high-speed Internet providers are now easier to find around the world. And drone armies of computers can now be operated without having a single machine in charge, making them less vulnerable to a fatal beheading.

A September effort by Armin's team focused on another hosting company, Atrivo/Intercage, and when major Internet carriers dropped that company, spam fell 10%. Some Atrivo/Intercage customers switched to McColo, the new report says, and the volume went back up. More reports are being prepared.

"People thought the first community-source effort was a fluke," Ferguson said. "Now they see with McColo, it's not a fluke. The community can police its own backyard and purge the badness."

Menn is a Times staff writer.

http://www.latimes.com/technology/la-fi-sp...1,4316124.story

I've gotten 2 in the past 12 hours. That's down from the usual 20 or 30.

[Ban Hammer 13,656]

cool. maybe my yahoo email will stop being flooded.

[Teacher Mark 53]

8 hours later and still no spam.

[NickD 203]

Can someone explain the concept of spam, or these telemarketing calls? Annoying to say the least, and you would be an idiot to respond. My server finally added a filter, was getting as much as 200 per day, now down to about 2-3 a day, but still too much, these e-mails are not even addressed to me!

Kid told me about gmail, signed up for it and forgot it, used a strange handle, but opened it up and over 300 spam letters in it, but all in a separate spam folder, if it annoys you, can at least delete the entire folder in a couple of clicks, yahoo is the same way.

I set my e-mail program not to automatically download my e-mail, go to my server site first, delete all the trash, then hope I can manually download what I want before someone else sends some spam. Not only spam, but well meaning friends and relatives that love to send me 10 MB files they found on the web they thought was interesting.

Ha, my wife uses Outlook express and was complaining it took forever to open it. checked her e-mail files, was over 1.5 GB of trash in it, she has some very well meaning friends. Do you really want to keep this stuff? Well maybe not, she didn't think that was were problem, deleted most of it, now her Outlook opens in a flash.

Feel her friends are bored, does this ring a bell about some of yours? A lot of this stuff contains virus's that lead to even more problems, watch out for MP3 and *.jpg files.

[Reba 2]

I'm still getting a couple dozen spam messages per day since they shut that company down. I would appear that whoever is spamming me is of the 25% that didn't have servers with this company

And our eejit ISP has their own homegrown spam filters on the email server. Most of the time it catches emails from people we have approved as senders, but sends thru the spam.

[Niels Bohr 72]

I did notice that my spam folder has listed only 3-5 spams/day instead of 100 spams/day.

Also, all the spam emails are forwarded to spam@uce.gov which is an email provided by the FTC to foward all spam messages to there for prosecuting spammers who are trying to phish.

[sara..... 371]

I did notice that my spam folder has listed only 3-5 spams/day instead of 100 spams/day.

Also, all the spam emails are forwarded to spam@uce.gov which is an email provided by the FTC to foward all spam messages to there for prosecuting spammers who are trying to phish.

so has mine and didnt know why until just now thanks that explains it