MessageLabs documented a drop in spam eight times less than normal in the 12 hours immediately following the takedown.
(Credit: MessageLabs)Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.
For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.
Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as a result on Wednesday.
Jose Nazario of Arbor Networks, a company that monitors botnet activity, speculated that McColo vanished at around 9 a.m. Eastern time on November 10. Botnets are frequently used to relay spam, and McColo may have hosted some of the command and control servers necessary to coordinate spam campaigns.
Adam O'Donnell, writing on theZDNet Zero Day blog, speculates that the spammers might regroup in Eastern Europe.
The Post credits Benny Ng, director of marketing for Hurricane Electric, an upstream provider for McColo, for pulling the plug on the company. Another provider, Global Crossing, declined to comment, telling Krebs the company "communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity."
Something similar happened in September when another hosting site, Intercage/Ativo, was shut down by its upstream providers.
LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.
Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.
The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a request to make a presentation and then waits to hear back from the conference--scrambling. Edge, who goes by the nickname "Krypted," is a well-known Apple security researcher who has previously presented at both Black Hat and its Defcon sister conference.
But on Tuesday, two different Black Hat officials told CNET News that Edge never submitted a paper for this year's conference.
In comments to CNET News, which have been edited for readability, Edge had a lot to say:
I submitted the talk, and later sent a second submission using the same system to then ask to be removed from consideration. As an alumni speaker, I know from experience that the entire Black Hat organization is run extremely well. Why they cannot find me in their system, I cannot speak to.
When this story first came to light, it was The Washington Post who contacted me, asking why the talk had been removed from consideration--and not I who contacted them. I had not, in fact, discussed the talk with anyone between the time that I rescinded the talk and the time I received the call from The Washington Post, and...their source (remains unclear).
It is correct that the reason I did not give the talk was due to various nondisclosure agreements; however, Apple was, to my knowledge, not aware of the talk, and there was no contact between them and myself, nor between them and anyone from my company, 318, in regard to the talk prior to my asking to be removed from consideration.
If it was by some error on my part that the talk was not submitted properly, then this further underscores why this issue is not a big deal. Submitting and then rescinding it has a similar effect to not having submitted at all. If the abstract never made its way into the CFP system, then it simply narrows down the list of people who I need to touch base with that could have been Brian's initial source.
Meanwhile, a Black Hat representative confirmed that a panel discussion titled "Meet the Apple Security Experts" was canceled by its moderator. The panel still appears in the printed schedule for the conference because the cancellation came too late to change the printing. All other references have been removed.
- prev
- 1
- next
