Category Archives: network security

McColo Spam Botnets Taken Down to Chinatown

down to chinatown“I will be watching you and if I find that you are trying to corrupt my first born child, I will bring you down, baby. I will bring you down to Chinatown.” — Jack Byrnes, Meet the Parents

A San Jose, CA hosting company, McColo Corp, that many security experts claim is linked to spam, botnets, cyberattacks and child pornography; was taken offline yesterday by its internet access providers. Another spammer going down wouldn’t be big news, but the sheer magnitude of McColo’s impact caught my eye.

McColo servers are said to host botnets including Mega-D, Srizbi, Pushdo, Rustock and Warezov; and manage Torpig and Sinowal trojans, among others.

According to MSNBC’s coverage:
“Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or “botnets,” which are vast collections of hacked computers that are networked together to blast out spam or attack others online.
Collectively, these botnets appear to be responsible for sending roughly 75 percent of all spam each day, according to the latest stats from Marshal, a security company in the United Kingdom that tracks botnet activity”
Since being taken offline, security experts (and internet users) are reporting significant drops in spam activity. In the near term, this sounds great. However, I wonder how many new, smaller, offshore, and harder to monitor “bulletproof” hosting services this event will spawn.
I’ve always liked the investment potential of internet security and network management, the value of that sector just ticked up again…

Related posts:
Alex Lanstein, FireEye
Susan Hall, ITBusinessEdge
Jose Nazario, Arbor Networks
Virtual Blight
John Biggs, CrunchGear

Revision3, MediaDefender and the Building Robot Wars

terminatorOver the last couple years I’ve diligenced a few network security products that are the internet equivalent of automated unmanned air vehicles (UAVs). They offer the ability to scan the [network] horizon for enemy behavior and take aggressive, automated offensive/defensive action.

The magnitude of such automated action usually intrigued me and troubled me at the same time. Today’s detailed claim by Revision3 of a MediaDefender denial of service attack on its BitTorrent port reminded me of the robot wars that are coming in air (via UAVs) and in the “cloud” (via MediaDefender and others).

Revision3’s post sure sounded like they are setting up to sue MediaDefender (or at least scare up some kind of settlement). Given the business losses, R3’s claimed legitimate BitTorrent uses and the precision of the attack (8,000 packets/second at R3’s BT port), it’s hard to blame them.

At the same time, just as I’m allowed to protect my physical property, it seems like there should be some rights online for protecting my digital property (assuming protective action is taken against entities truly taking my property). I don’t know where that line is, but I’m curious how the courts would treat MediaDefender actions if their target really was stealing digital property they are paid to protect. It’s likely that most of those cases go unreported, but it would probably depend on the proportionality of their action to the risk of loss.

Anyway, R3’s detailed post is an interesting read. Are these the early skirmishes of the building Terminator Robot Wars?

UPDATE: Although I wouldn’t blame this one on the robots, a separate BitTorrent-related hack bit Comcast, possibly in response to their BT throttling.

Related images: revision3, mediadefender, bittorrent, comcast, terminator