132:
284:
monthly state of spam report for April 2009 stated that spamming was now back to what it was before McColo was taken offline. Due to botnets being created and old ones being brought back online, it estimated that about 85 percent of all email traffic is spam. By
November 2009 the IP space used by
193:
then flowing and subsequent reports claim a two-thirds or greater reduction in global spam volume. This reduction had been sustained for some period after the takedown. McColo was one of the leading players in the so-called
678:
260:
Following the shut down, details began to emerge of the ISP's other clients, which included distributors and vendors of child pornography and other criminal enterprises, including the
656:
153:
that was, for a long time, the source of the majority of spam-sending activities for the entire world. In late 2008, the company was shut down by two upstream providers,
683:
411:
473:
253:
botnets all hosted their master servers at McColo; numerous complaints had been made but McColo simply moved offending servers and sites to different subnets.
509:
688:
233:, all naming McColo as the host for much of the world's botnet traffic. According to Joe Stewart, director of malware research for SecureWorks, the
177:
McColo was formed by a 19-year-old
Russian hacker and student named Nikolai. Nikolai's nickname was "Kolya McColo"; hence the name of the provider.
267:
McColo gained reconnection briefly on
November 19, 2008 via a backup connection agreement common in the industry, but was rapidly shut down again.
528:
617:
356:
445:
257:
reportedly finds roughly 1.5 million computers infected with either Srizbi or
Rustock sending spam in an average week.
415:
323:
189:
service on
November 11, 2008, it was estimated that McColo customers were responsible for a substantial proportion of all
645:
605:
383:
582:
311:
150:
261:
570:
207:
and other sources, upstream ISPs Global
Crossing and Hurricane Electric terminated service when contacted by
285:
McColo was still largely unused, as much of it was unattractive to buyers due to being widely blacklisted.
491:
346:
629:
98:
52:
673:
213:
195:
147:
30:
496:
158:
457:
441:
352:
513:
478:
299:
186:
154:
305:
281:
667:
271:
238:
234:
226:
108:
56:
633:
532:
461:
254:
230:
203:
198:" market — ISPs that will allow servers to remain online regardless of complaints.
222:
208:
594:
546:
131:
190:
102:
221:
blog, but multiple reports had been published by organisations including
250:
246:
162:
136:
294:
275:
242:
166:
130:
529:
Spam sees big nosedive as rogue ISP McColo knocked offline
278:, controlling 500,000 infected nodes as of November 2008.
474:
Spam
Volumes Drop by Two-Thirds After Firm Goes Offline
412:"Security Fix - A year later: A look back at McColo"
120:
115:
93:
85:
70:
62:
36:
26:
438:Inside Cyber Warfare: Mapping the Cyber Underworld
618:McColo reconnect highlights network security gap
135:Effect of McColo takedown on spam volumes, from
16:Defunct web hosting provider used for cybercrime
679:Internet service providers of the United States
377:
375:
169:had been trafficking from the McColo servers.
8:
21:
406:
404:
302:, whose arrest also reduced worldwide spam
20:
384:"Host of Internet Spam Groups Is Cut Off"
646:Spammers recovering from McColo shutdown
308:, one of the largest spambots ever built
270:The McColo takedown especially affected
684:Companies based in San Jose, California
337:
482:"Security Fix" blog, November 12, 2008
7:
382:Krebs, Brian (November 12, 2008).
185:At the time of termination of its
161:, because a significant amount of
14:
620:, Ars Technica, November 20, 2008
689:Companies disestablished in 2008
492:Spam Back to 94% of All E-Mail
440:. O'Reilly Media, Inc., 2009,
1:
274:, one of the world's largest
657:State Of Spam for April 2009
630:Srizbi returns from the dead
500:"Bits" Blog, March 31, 2009
351:. Sourcebooks. p. 43.
74:November 11, 2008
42:; 20 years ago
705:
312:Zombie (computer science)
262:Russian Business Network
547:"The Return of Warezov"
510:A Closer Look at McColo
140:
66:Nikolai "Kolya" McColo
345:Krebs, Brian (2014).
134:
53:San Jose, California
636:, November 26, 2008
608:, November 12, 2008
535:, November 12, 2008
464:, November 12, 2008
327:"Security Fix" blog
214:The Washington Post
196:bulletproof hosting
31:Web hosting service
23:
497:The New York Times
458:McColo goes silent
418:on August 10, 2011
159:Hurricane Electric
141:
129:
128:
696:
659:
654:
648:
643:
637:
627:
621:
615:
609:
603:
597:
592:
586:
580:
574:
568:
562:
561:
559:
557:
542:
536:
526:
520:
507:
501:
489:
483:
471:
465:
455:
449:
434:
428:
427:
425:
423:
414:. Archived from
408:
399:
398:
396:
394:
379:
370:
369:
367:
365:
342:
151:service provider
125:
122:
81:
79:
50:
48:
43:
24:
704:
703:
699:
698:
697:
695:
694:
693:
664:
663:
662:
655:
651:
644:
640:
628:
624:
616:
612:
606:Washington Post
604:
600:
596:threat analysis
593:
589:
585:threat analysis
581:
577:
573:threat analysis
569:
565:
555:
553:
544:
543:
539:
527:
523:
514:Washington Post
508:
504:
490:
486:
479:Washington Post
472:
468:
456:
452:
436:Carr, Jeffrey.
435:
431:
421:
419:
410:
409:
402:
392:
390:
388:Washington Post
381:
380:
373:
363:
361:
359:
344:
343:
339:
335:
325:Washington Post
320:
300:Oleg Nikolaenko
291:
183:
181:Malware traffic
175:
155:Global Crossing
146:was a US-based
119:
111:
105:
77:
75:
46:
44:
41:
17:
12:
11:
5:
702:
700:
692:
691:
686:
681:
676:
666:
665:
661:
660:
649:
638:
622:
610:
598:
587:
575:
563:
545:Stewart, Joe.
537:
521:
502:
484:
466:
450:
429:
400:
371:
357:
336:
334:
331:
330:
329:
319:
318:External links
316:
315:
314:
309:
306:Rustock botnet
303:
297:
290:
287:
182:
179:
174:
171:
127:
126:
117:
113:
112:
107:
97:
95:
91:
90:
87:
83:
82:
72:
68:
67:
64:
60:
59:
38:
34:
33:
28:
15:
13:
10:
9:
6:
4:
3:
2:
701:
690:
687:
685:
682:
680:
677:
675:
672:
671:
669:
658:
653:
650:
647:
642:
639:
635:
631:
626:
623:
619:
614:
611:
607:
602:
599:
595:
591:
588:
584:
579:
576:
572:
567:
564:
552:
548:
541:
538:
534:
530:
525:
522:
518:
515:
511:
506:
503:
499:
498:
493:
488:
485:
481:
480:
475:
470:
467:
463:
459:
454:
451:
447:
443:
439:
433:
430:
417:
413:
407:
405:
401:
389:
385:
378:
376:
372:
360:
358:9781402295621
354:
350:
349:
341:
338:
332:
328:
326:
322:
321:
317:
313:
310:
307:
304:
301:
298:
296:
293:
292:
288:
286:
283:
279:
277:
273:
268:
265:
263:
258:
256:
252:
248:
244:
240:
236:
232:
228:
224:
220:
216:
215:
210:
206:
205:
201:According to
199:
197:
192:
188:
180:
178:
172:
170:
168:
164:
160:
156:
152:
149:
145:
138:
133:
124:
118:
114:
110:
109:United States
104:
100:
96:
92:
88:
84:
73:
69:
65:
61:
58:
57:United States
54:
39:
35:
32:
29:
25:
19:
652:
641:
634:The Register
625:
613:
601:
590:
583:ThreatExpert
578:
566:
556:February 25,
554:. Retrieved
550:
540:
533:Ars Technica
524:
517:Security Fix
516:
505:
495:
487:
477:
469:
462:The Register
453:
437:
432:
420:. Retrieved
416:the original
391:. Retrieved
387:
362:. Retrieved
347:
340:
324:
280:
269:
266:
259:
255:Spamhaus.org
231:ThreatExpert
219:Security Fix
218:
212:
204:Ars Technica
202:
200:
184:
176:
143:
142:
94:Headquarters
18:
551:SecureWorks
393:January 27,
348:Spam Nation
223:SecureWorks
209:Brian Krebs
148:web hosting
674:Cybercrime
668:Categories
448:, pg. 127.
446:0596802153
422:August 20,
333:References
282:Symantec's
191:email spam
103:California
78:2008-11-11
364:June 19,
289:See also
187:upstream
99:San Jose
89:Shutdown
27:Industry
571:FireEye
276:botnets
251:Warezov
247:Rustock
227:FireEye
173:History
167:botnets
163:malware
137:SpamCop
116:Website
76: (
71:Defunct
63:Founder
45: (
37:Founded
444:
355:
295:Botnet
272:Srizbi
243:Pushdo
239:Srizbi
235:Mega-D
144:McColo
121:mccolo
22:McColo
558:2016
519:blog
442:ISBN
424:2019
395:2009
366:2017
353:ISBN
249:and
229:and
211:and
165:and
157:and
123:.com
86:Fate
47:2004
40:2004
217:’s
51:in
670::
632:,
549:.
531:,
512:,
494:,
476:,
460:,
403:^
386:.
374:^
264:.
245:,
241:,
237:,
225:,
106:,
101:,
55:,
560:.
426:.
397:.
368:.
194:"
139:.
80:)
49:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.