US ISP McColo has been cut from the internet after it was thought to have aided cybercriminals in online scams and hosting child pornography.
Joe Stewart, director of malware research for SecureWorks, said after McColo's access had been cut he'd received only one spam message from the Rustock botnet, while on a normal day he might get up to 20.
McColo's demise is going "to be kind of a vindication for a lot of researchers that have been complaining about McColo for years and why law enforcement wasn't doing anything about it," Stewart said.
SecureWorks has tracked bad activity at McColo, but law enforcement has always been "tight-lipped" about investigations, he said.
But it may only be mere days before those who use hosting services from McColo find other bulletproof hosters. "There's all kinds of wanna-be McColos that are on the hacker forums, the spammer forums," Stewart said.
In fact, bad activity at McColo increased after the shutdown in September of Intercage, a California hosting company also known as Atrivo, Cox said. Intercage's upstream providers stopped carrying its traffic following years of complaints that the ISP supported spam and harmful websites.
McColo's increased activity showed spammers just moved from Intercage to there, and will likely move fast, Cox said. Cybercriminals probably have "hot stand-by" websites ready to go with other service providers to stay in business, Cox said.
The Washington Post reported that McColo's servers are located in San Jose, California. The ISP's website lists a postal address in Delaware. Efforts to reach McColo via a New York area number were unsuccessful.