The reason that this company was shut down was because of spam originating from their servers, not zombie herders.

Even a large zombie network doesn't need more than one machine (and maybe a few more for redundancy, preferrably hosted on a completely different NOC or ISP) for instructions and it can be hosted anywhere, the US being the least attractive choice.

Sun's right, of course. The vast majority of all e-mail spam is sent out from Windows computers infested through all those zillions of reported (and unreported) security flaws. A single host sending out anything like that amount of spam would be shut down by its internet connection very quickly (and, for that matter, its owner would be arrested in most of the civilized world.)

The only way the spammers can stay in business is by distributing and disguising the source of their spam.

I'm persuaded that ISP's could do more. Fact is, the majority of home users never NEVER access an e-mail server. So, suppose an ISP required users to manually call in and verbally list the e-mail servers they were going to access. 99% of users wouldn't ever do this. The other 1% would call once, and set up their (one or maybe several) whitelisted servers.

And all the botnets could send out their commands, and the compromized Windows systems would try to send out e-mail....and be blocked at the ISP.

Socially speaking, this would do much more good than trying to block peer-to-peer networks. And it would have less potential for harm.

Softlayer has their act together.

That they do. They're my host too, and are the best I've ever had.

If you have evidence that spam is originating from Softlayer, just tell them. I do not think they will let it go on for long.

You're quite right. Every account I've reported to them has been terminated promptly. I get so tired of people (not you) bashing good hosts like this. Please, bash the customers, not the host, and then report those customers.

BTW, I've had more spam today than I've had in ages. And more of it has gotten past my spam filters.

We'll just have to hope that Softlayer is paying attention then, and has begun to take action on the 1538 Softlayer-hosted Infected/badware sites enumerated in the report that triggered McColo's de=peering.

Though Softlayer's exploit sites/hosted sites ratio is only one-quarter that of McColo, they are far ahead in terms of raw numbers of bad sites; McColo had only 62 (The report states that these numbers are from October, 2008).

In short, while this article about McColo focused on spam, Softlayer apparently has a lot of cleaning up to do regarding malware sites.

Jim

Infected servers are a reality in any self-managed hosting environment. I've seen far more attacks emanating from Planet servers than from SL servers. Regardless, unless infected sites are reported to the host how can we hold the host responsible?

I am glad there is a rational reason for the sudden drop in my daily viagra ads and #*$! enlargement propaganda - and I was starting to feel unpopular ;)

Looking at that map, I'd say that definitely qualifies as "organized crime".

Law enforcement should have been all over this before the plug was pulled to learn more.

Zombie computers still need to receive commands from another computer.

The botnet controllers were a large element in the mindmap published in the Washington Post article.

My daily email quarentine summary is almost back to normal today.

In the infamous words of Kandoo Nelson (Simpsons) HA HA!

And, in California no less > Yeah this really surprised me too.

Its fashionable to blame China or Russia, then big surprise when major perpurtrators often turn out to be American.

Thanx to the Internet community.

Hehe, rogerd.

I once accidentally created an open mail relay on my server. I took the authentication off it to test something and forgot to put it back. Someone noticed.

Didn't realise until my ISP sent an actual letter to me, not just an email, saying they'd had complaints.

Anyway, looking briefly at the logs, I reckon it had sent out about 3 million emails in a week.

That was just one computer, and the bandwidth wasn't even enough for us to notice a slowdown, either on the server or the connection.

>>> Reports by Joe Stewart, director of malware research for Atlanta-based SecureWorks, said that these known botnets: Mega-D, Srizbi, Pushdo, Rustock and Warezov, "have their master servers hosted at McColo.

Stewart said he has complained to McColo several times about botnets operating out of the company's servers, and each time, he said, the company claimed it was addressing the problem. But according to Stewart, they did so by just moving the offending Web sites to a different section of their network. <<< Washingtonpost.com

Now, I think we need to get after The Planet and all of those pesky content scrapers & sql injection scripts.

Is there any evidence that its sill happening there, the reason I ask is that I'm sure were not the only company there with servers running legitimate sites not involved in these types of activities at softlayer, also your post insinuated that shutting down softlayer would take care of the rest. From what I've read today these people operate out of many of the larger web hosting companies.

[i37.tinypic.com...]

Source:
[hostexploit.com...]

I wonder : If you got the skill to develop a network of spam mail computer surely you could use that skill to make money legally.

Honestly some amount of entrepreneurial spirit , skill (be it technical ) must go into this .

I wonder : If you got the skill to develop a network of spam mail computer surely you could use that skill to make money legally.

Probably not as much money, though.

I'm still getting only a third of the spam I used to get before this firm was taken offline. Pretty amazing that just one host was responsible for so much spam.

Last night I got 36 Nigerian spam e-mails in a row, all to the same address, interspersed with a dozen or so similar scams from South Africa. Overall my spam count is still higher than usual. And most of it is currently getting past my filters.

Virginia and few other states passed laws 4-5 years ago prohibiting spam and unsolicited email messages. However, they were unable to enforce these laws, perhaps they did not hire the right people to monitor thousands of email messages every single day. Since these were not federal legislation, their laws were applicable in their own jurisdiction only. So, anti-spam initiative failed soon after it was born. That's a pity!

Spam has become a part of our daily life and we don't even discuss how dearly it costs us and how it can be prevented. I assumed as others that it was totally out of control and supported by unfriendly countries. But this event shows us that it can be controlled, at least contained, and old initiative must be given a serious and more comprehensive consideration.

Looked like it was picking up again on Thursday but the three quarentine lists for the weekend totalled 5 messages between them. I'd just love to see a totally spam free day.

No idea what is happening on my personal emails, the filters there just auto delete.

I've always been told by industry experts the bulk of spam was from "zombie" computers in the US / UK / other local "target regions" where these unwilling average home pcs became little mail servers to pump out spam with fresh ips.

The FTC recently shut down a major bot-net spam ring which is what you describe: WebmasterWorld thread. [webmasterworld.com]

I've seen a drop in the number of emails processed by my server too.

Spam on my main e-mail account is starting to ramp up again, after a huge drop in the preceding days. I should have known it was too good to last! :-)

According to the weekly graph, the overall numbers are still "way down"...

[spamcop.net...]
[spamcop.net...]
[spamcop.net...]

My Yahoo Spam has decreased tremendously lol

At work I am still seeing less in the quarentine report but at home more is getting through the filters into my inbox.

According to that spamcop graph it shows that last year about this time it was also down pretty low for some reason. I see no difference in my spam box its still packed with spam.

Good riddance to bad rubbish.

It appears that the spam levels are still maintaining their lows...

[spamcop.net...]
[spamcop.net...]

But, if you look very closely, there is a slow rise happening. Was it just temporary? ;)

Was it just temporary?

Apparently so because my clients and I have been inundated by casino spam of late. The hell of it is my spam filters aren't trapping any of it despite all of it being submitted back to the filters marked as spam.

My gut feel from work (filtered by Postini) and my home email is that my work and home emails are being attacked by different networks.

The Postini quarantine reports still show numbers down (but starting to pick up)
At home I am seeing a lot more spam in my inbox. The personal account auto deletes filtered spam so I can't check absolute numbers.

Looks to me like there is less spam around but it is better disguised.