The Spam Cryer

McColo - Why Would They Host Spammers?

 Email This Post   

November 14th, 2008

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

The recent big news is about the Washington Post being involved in the shutting down of a Co-Location hosting provider (McColo Corp.- AS26780) that has as customers some of the biggest spammers on the Internet – some reports are as high as 2/3rds or even 75% of all spam worldwide was associated with them. These numbers are reflected in the statistics reported by various anti-spam agencies and also by Barracuda Central. In contrast to the 2,225,000,000 messages processed on a typical day yesterday there was only 1,513,816,176 messages reported. So the volume is down but the 75% number may be partly hype.  In any case a decrease is welcome relieve even if it is short lived relief.

So why would a bricks and mortar company like McColo be involved with something as nasty and toxic as hosting spammers and malware / scareware companies?

In a word ‘MONEY’ - yes cold hard cash and lots of it. According to the dedicated hosting package page on McColo’s site they charge up to $2000 per month for a single server. This is chump change though compared to the graft and ‘other charges’ that could be possible to someone who was willing to host for a purveyor of malware.

One of the malware / Scare ware hosted on servers at McColo is the ‘Spyware XP 2008/2009’ – a nasty piece of work that claims your computer is infected with 1000’s of ‘bad things’ and that you really Really REALLY need to purchase SpyWare 200x RIGHT NOW to clean up your computer. The scan this software performs is bogus and when you purchase the software online your actually sending your money to the people that infected your computer in the first place.

As demonstrated by Joe Stewart this scam installed 154,825 versions of the software in just 10 days, and then 2,772 copies of the program were later purchased from those infected users. Based on that conversion rate,  it  is estimated  that an affiliate could expect to earn over $5 million annually by maintaining a botnet large enough to force between 10,000 and 20,000 installations on a daily basis.

Another report shows that spam is profitable at a 1 click per 12,000,000 spam’s sent.  With these statistics the Storm-generated pharmaceutical spam would produce roughly $3.5 million dollars of revenue a year,” the team concluded.

Like I said – MONEY and lots of it. If you were the owner of McColo and someone came to you with the above ‘business plan’ what would you say? Sadly there are those who would take the money first and ask questions later.

Take away points from this recent anti-spam ‘win’?

If there is collaboration between the ‘good guy’s’ we can make things harder for the ‘bad guy’s’. Will this result in a permanent decline in spam? Probably not – with that much money possible do you think the scammers / spammers are going to lie down and play dead? Not likely. Expect business as usual in the next few weeks as we enter the profitable and spam lucrative ‘holiday season’

To learn more:

• http://voices.washingtonpost.com/securityfix/2008/11/study_spam_still_profitable_at.html
• http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html
• http://news.cnet.com/8301-10789_3-10086352-57.html

- Spam Cryer

Popularity: 21% [?]

Entry Filed under: Botnets, Bulletins, Lead Story, Online Scams