Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.
For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.
Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as a result on Wednesday.
Jose Nazario of Arbor Networks, a company that monitors botnet activity, speculated that McColo vanished at around 9 a.m. Eastern time on November 10. Botnets are frequently used to relay spam, and McColo may have hosted some of the command and control servers necessary to coordinate spam campaigns.
Adam O'Donnell, writing on theZDNet Zero Day blog, speculates that the spammers might regroup in Eastern Europe.
The Post credits Benny Ng, director of marketing for Hurricane Electric, an upstream provider for McColo, for pulling the plug on the company. Another provider, Global Crossing, declined to comment, telling Krebs the company "communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity."
Something similar happened in September when another hosting site, Intercage/Ativo, was shut down by its upstream providers.