June 08, 2009, 8:43 PM — The U.S. Federal Trade Commission's recent takedown of an Internet service provider thought to be a safe haven for spammers has reduced spam volumes, but only by a little.
According to e-mail security vendor Marshal8e6, total spam volume dropped by about 15 percent last week, as the FTC got a court order to pull the plug on a notorious ISP named Pricewert. "We noticed quite a drop-off mid to late last week," said Phil Hay, a threat analyst with Marshal8e6. "Things got pretty quiet compared to what we'd been seeing."
Pricewert, which also did business under the name 3FN, was knocked off-line after the companies that provided it access to the Internet stopped doing business with it. This happened after the FTC was granted a temporary restraining order Tuesday in the U.S. District Court for the Northern District of California.
According to the FTC, Pricewert was home to a host of illegal activity including the distribution of viruses, phishing, spyware and child pornography. In a statement, the FTC said Pricewert "actively shielded its criminal clientele by either ignoring take-down requests issued by the on-line security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection."
The ISP has said that the alleged criminal activity on its network was the result of bad customers and not its fault.
Pricewert lists its principal place of business as Belize City, Belize, but it operated out of a DataPipe data center in San Jose, California, the FTC said.
Pricewert was thought to be home to several servers used to control computers infected with the Cutwail Trojan program (also known as Pushdo). Criminals had been using these infected machines to pump out spam messages, and right before the takedown the ISP was responsible for about 30 percent of the spam tracked by Marshal8e6.
Last November, spam levels dropped close to 50 percent after notorious ISP McColo was taken off-line by its upstream providers, and it took months for spam levels to rebound to the same volume.
However, the results from the Pricewert takedown were not as dramatic.
According to data from Cisco Systems, spam levels dropped about 30 percent at the end of last week but rebounded to normal levels on Sunday and Monday.
Security experts say that following the dramatic McColo incident, spammers may have put better backup systems in place to maintain control of their botnets of hacked computers. "Obviously, this was not a McColo. They were ready for the takedown," said Richard Cox, chief information officer with Spamhaus, an anti-spam group. "We've seen the backups pop up and have to get taken down and so on."
