HostExploit presents the second CYBER CRIME USA report which highlights those Internet players that currently host the world’s major spam botnets (an estimated 50% of spam worldwide), malware, rogue PC security products, cybercrime affiliate payment systems, and child pornography.  This study from HostExploit.com is based on tracking and documenting ongoing cyber criminal activity. As a result of the first report focusing on Atrivo / Intercage and subsequent community actions, there was a quantitative drop of 10% of spam and malware worldwide. While temporary, it does clearly demonstrate that with a concerted and consistent effort by concerned commercial Internet network operators, a safer Internet can ensue.

On this occasion we focus on McColo and others that, like Atrivo / Intercage, actually operate from servers and depend on US transit peers. This open source security study sets out to quantify and continuously track cyber crime using numerous methods of measurement.  In addition to original quantitative research and analysis, the study draws upon and welcomes the findings of other research efforts.  What emerges is a picture of a front for cyber criminals who specifically target consumers in the United States and elsewhere. It provides hard data regarding specific current activity within McColo and associated networks, explains how consumers are targeted, and describes McColo's virtual network structure.

The philosophy behind the study is that we as an Internet community act in accordance with the ACM (Association of Computing Machinery) code of ethics, e.g. avoiding harm to others."Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm Internet users and the general public. It is the Internet security community’s responsibility to blow the whistle. While we do not take the actions to ‘stop’ the cyber criminals, we do urge those who provide connectivity or peering to consider this report and their role.

Nov 11 2008 – 7:30pm (EST)

According to the CIDR report which shows routing for AS networks. McColo has been de-peered by Hurricane Electric (HE) one of the major routes of transit for McColo tonight. An explanation is shown in the Washington Post, we ensured HE was aware of this report’s content. This clearly demonstrates that, when presented with the appropriate evidence of criminal activity, the Internet community can bring about the positive forces necessary to purge it. As a note of caution there is still limited access to the McColo badness and there still many other bad actors on the Internet, but we can believe in ‘change’.