Crackdown on California company cans the Spam -- for now

SAN DIEGO — If it seems like there's a little less spam in your e-mail inbox this week, you're probably right.

The volume of unwanted e-mail crossing the World Wide Web was down about 60 percent Thursday from earlier in the week, after Internet companies in California shut down what apparently was a major hosting service for spam distributors.

McColo Corp., of San Jose, Calif. was allegedly responsible for servers that spewed thousands of unwanted e-mails each day from companies pitching sexual enhancement drugs, computer software and pornography sites, including child porn sites.

Don't get use to the slowdown in spam, however.

Experts say it's only a matter of days or weeks before spammers pump up the volume again.

"The financial motivation is just too great — this is serious lost revenues for the cybercriminals," said Nilesh Bhandari, product manager for Internet security company IronPort Systems.

"I'm sure they're scrambling, trying to figure out how to get back online — especially in time for the holiday season, which is typically their busiest season," he said.

Messages left at McColo's office were not returned Thursday. The company's Web site couldn't be accessed.

McColo is well known among Internet security companies. Using Internet protocol (IP) addresses and other information, researchers have linked the company with infamous cybercrime groups such as the Russian Business Network (RBN) and FraudCrew. By some estimates, McColo has been responsible for as much as 75 percent of all the world's spam.

"They're quite notorious," said Ben Feinstein of Atlanta-based Internet security company SecureWorks Inc.

As a Web hosting company, McColo didn't necessarily send out all of the offensive or illegal spam. But it did apparently provide the computer servers that enabled spammers to do their dirty work.

Feinstein's company and others have traced millions of pieces of spam to robotic "botnet" computer servers connected with McColo's servers.

Recently, the Washington Post published SecureWorks' findings and details of McColo's spam business in a series of stories. Sometime Monday or Tuesday, two Internet companies — Hurricane Electric and Global Crossing — cut off the company's service.

According to figures from IronPort, daily worldwide spam volume dropped by 27 percent on Wednesday, and by another 43 percent on Thursday.

Shutdowns of major spammers are usually temporary. It's tough, if not impossible, to keep them from popping up elsewhere.

It's even tougher for law enforcement to bring criminal charges against server companies that spammers employ. Not only is their culpability uncertain, but authorities typically don't have the manpower or other resources needed to crack down on cybercrime operations are run remotely from foreign countries, where they're protected by distance and the anonymity of the Internet.

"This might mean we are one step closer toward developing the sort of (cyberprotection) systems we need," said Jon Praed, founding partner of the Internet Law Group, which has brought several civil lawsuits against cybercriminals.

"But I'd say the state of cybercrime is still bad and getting worse," he added. "The bad guys simply find someplace else to go."

Bob Keefe is a west coast correspondent for Cox Newspapers.