Analyzing the aftermath of the McColo shutdown


This paper examines how spam behavior was impacted by the shutdown of McColo, a service provider known for its lax security enforcement. Since the shutdown, a variety of sources have reported significant changes to global spam patterns. In an effort to clarify how spam has changed, we examine reputation data provided by a leading security vendor and present an analysis of spam before and after the McColo shutdown. We show that the actual number of spammers has decreased. We also examine the distribution of spammers both geographically and across the IP space. Our results show that 87% spam sending regions suffered some reductions. Despite this however, the number of sources identified as spammers is still monotonically increasing and the spam volume has recovered to its pre-shutdown levels. © 2009 IEEE.

Publication Title

Proceedings - 2009 9th Annual International Symposium on Applications and the Internet, SAINT 2009