In recent news, there have been several reports of authorities finally shutting down some spam operations.
In September, Atrivo’s upstream providers finally pulled the plug. The ISP had long been suspected of providing safe haven for spammers, botnet and malware operators. Atrivo was linked to a large botnet that powered the Storm Worm. The masters that controlled the botnet were apparently hosted by Atrivo. Once Atrivo was shutdown the botnet began to die off.
In October, a confidant of Alan Ralsky, a well know spam operator, agreed to testify against the persistent spammer, who’s long been a member of Spamhuas’ ROSKO list. Earlier this year, Ralsky was indicted for a “wide-ranging international fraud scheme involving the illegal use of bulk commercial e-mailing.” Judy Devenow, one of Ralsky’s crew, plead guilty to conspiracy and aiding fraud in a US Federal court. Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. According to Spamhaus, Devenow faces 33 months to 41 months in prison, but could get less time due to her co-operation with the feds.
This week, McColo was yanked offline as upstream providers severed their ties. According to the Washington Post, the firm was responsible for as much as 75% of email being blasted. As seen in the graph, Spamcop saw a huge drop in the number of reports sent after McColo was pulled offline. Brien Krebs has posted an interesting follow-up on the McColo story that includes a mind map of how involved the ISP was in nefarious internet activities.
Much of these successes have come through the work of security and network professionals. By analyzing traffic patterns, they can begin to reconstruct the sources of these bad players. While I’ve not seen any decrease yet in our own spam processing, I hope that these efforts will begin to have an impact.