Recently, there has been a lot of focus from the security research community on a hosting provider named McColo corporation (out of San Jose, CA). Reports on spam, phishing and connections to Malweb distribution amongst other have been accumulating (including our own malicious server analysis which has been spotted to be administered from a McColo address).
It seems like the combination of law enforcement investigations with a recent story by the Washington Post have made their mark and McColo IP addresses have gone silent since yesterday. We’ll be looking forward to additional coverage on this in the coming days, as we are finalizing our own threat report on the eCrime server that has been analyzed, and on which we found the 200,000 compromised FTP credentials.
Related posts:
[...] promised, the AIRC Threat Report for November is [...]
Wonderful article. I been looking for one on a similar note. I guess you always have something up your sleeve.