ISP cut off from Internet after security concerns

A U.S.-based ISP suspected of aiding cybercriminals in online scams and hosting child pornography was at least partially cut off from the Internet Tuesday.

A U.S. Internet service provider suspected of aiding cybercriminals in online scams and hosting child pornography was at least partially cut off from the Internet on Tuesday night.

The ISP (Internet service provider), McColo, had been under the watchful eye of computer security analysts for years. It is one of a handful of so-called "bulletproof" hosting providers that provide safe haven online for cybercriminals selling Viagra and fake security software.

ISPs can connect with each other to exchange Internet traffic, a practice known as "peering." Hurricane Electric, an ISP that carried a portion of McColo's traffic, disconnected with McColo on Tuesday night. Global Crossing, an IP (Internet Protocol) network services provider also connected to McColo would not comment.

"All I can tell is we communicate and comply fully with legal authorities, but we do not comment on individual customers and individual incidents," said Richard Larris, senior manager for media relations at Global Crossing.

The shutdown coincides with a damming new report authored by several computer security researchers who detail how McColo and other questionable service providers are linked to spam and cybercrime.

McColo's shutdown "demonstrates that when presented with appropriate evidence of criminal activity, the Internet community can bring about the positive forces necessary to purge it," the analysts wrote.

McColo, whose servers were located within the U.S., at one time hosted up to 40 Web sites with child pornography, the report said.

McColo also played a big role in spam distribution, said Richard Cox, CIO of Spamhaus, which tracks spamming operations. It hosted Web sites that could infect people's computers with malicious software used for sending spam, he said.

Hacked computers then become part of a botnet, or networks of PCs that can be used to send spam or attack other Web sites.

McColo hosted the so-called command-and-control servers for botnets that are used to instruct PCs to send spam. The botnets included Rustock, Srizbi, Pushdo/Cutwail, Ozdok/Mega-D and Gheg, according to the report.

When it received complaints, McColo would shift around the suspect Web sites on its network and try to erase traces of wrongdoing, Cox said.

"Essentially, a lot of these providers know what their customers are doing and try to protect them," Cox said.

Analysts are predicting a drop in spam and botnet activity while McColo is offline. Joe Stewart, director of malware research for SecureWorks, said on Wednesday that he'd received only one spam message from the Rustock botnet, while on a normal day he might get up to 20.

McColo's demise is going "to be kind of a vindication for a lot of researchers that have been complaining about McColo for years and why law enforcement wasn't doing anything about it," Stewart said.

SecureWorks has tracked bad activity at McColo, but law enforcement has always been "tight-lipped" about investigations, he said.

But it may only be mere days before those who use hosting services from McColo find other bulletproof hosters. "There's all kinds of wanna-be McColos that are on the hacker forums, the spammer forums," Stewart said.

In fact, bad activity at McColo increased after the shutdown in September of Intercage, a California hosting company also known as Atrivo, Cox said. Intercage's upstream providers stopped carrying its traffic following years of complaints that the ISP supported spam and harmful Web sites.

McColo's increased activity showed spammers just moved from Intercage to there, and will likely move fast, Cox said. Cybercriminals probably have "hot stand-by" Web sites ready to go with other service providers to stay in business, Cox said.

The Washington Post reported that McColo's servers are located in San Jose, California. The ISP's Web site lists a postal address in Delaware. Efforts to reach McColo via a New York area number were unsuccessful.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags porn

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?