Back in 2006, I commented on how much spam I was getting. Until recently.
A few weeks ago I noticed that I was hardly getting any spam at all. Let's call it 10x less than before. Instead of getting 60 spams a day I was getting 60 a week. Such a dramatic change I was curious what happened. Was my ISP blocking stuff for me?
On a recent episode of TWIT I heard the answer:
Spam plunges after McColo is taken off line
It looks as though one company in California was the base for "coordinating the sending of roughly 75% of all spam each day"
The efforts of Brian Krebs and other security researchers have resulted in McColo's hosting service being stopped, and this has resulted in far less spam being sent. However, it won't last long: within a week, you can expect spam levels to be higher than ever.
Krebs writes the Security Fix blog at the Washington Post, and he's written a series of items about the event. These include Host of Internet Spam Groups is Cut Off (free registration required), and on the blog: Major Source of Online Scams and Spams Knocked Offline and Spam Volumes Drop by Two-Thirds After Firm Goes Offline.
Krebs contacted the companies that provided more than 90% of McColo's connection to the larger Internet, and explained what they were doing. Global Crossing and Hurricane Electric then closed McColo's connections. Hurricane's Benny Ng said:
It looks as though the bulk of the spam was being sent via botnets of PCs, but McColo customers were running them. Anyway, the effect was noticeable:
Nilesh Bhandari, product manager with IronPort, said the company sees an average of about 190 billion spam e-mails each day. Then, at around 4:30 p.m. ET yesterday, IronPort saw a huge decline in spam levels. For the 24 hour period ending Tuesday, the company tracked about 112 billion spam messages.
Amazing. 60% of the spam was coming from a single company AND that company was in Silicon Valley, not some pirate haven in Estonia.
At first I thought it should have been obvious what they were doing. That amount of spam traffic should have been caught by their ISP immediately but it looks like they were using a botnet.
There are hundreds of millions of PCs out there running Windows and connected to the Internet. Windows is notoriously insecure, so is the Internet and this is just beginning.
Last week Microsoft announced a vulnerability in all versions of Internet Explorer that would allow PCs to be used in a botnet. The problem was so bad they apparently told users to use ANOTHER browser. Shocking.
On To The Point today I heard a discussion on network security and cyber weaponization. Spam is a nuisance but its also a canary. Most of us depend on the Internet for our information and daily work yet it was never designed for that purpose. We all experience the vulnerability of email but the entire system is vulnerable. These massive botnets are a case in point.
What will the Internet be like in 10 or 20 years? Take the spam, the porn, the botnets, the viruses and extrapolate out a few years. It's not a pretty sight.
