Posts Tagged: Softlayer

Oct 15

IBM Runs World’s Worst Spam-Hosting ISP?

This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online ne’er-do-wells off their networks. Typically, the companies on the receiving end of this criticism are little-known Internet firms. But according to anti-spam activists, the title of the Internet’s most spam-friendly provider recently has passed to networks managed by IBM — one of the more recognizable and trusted names in technology and security.

In March 2010, not long after I began working on my new book Spam Nation: The Inside Story of Organized Cybercrime, From Global Epidemic to Your Front DoorI ran a piece titled Naming and Shaming Bad ISPs. That story drew on data from 10 different groups that track spam and malware activity by ISP. At the time, a cloud computing firm called Softlayer was listed prominently in six out of 10 of those rankings.

In June 2013, Softlayer was acquired by IBM. (Update: Oct. 31, 11:43 p.m. ET: As reader Alex and others have pointed out, another ISP listed prominently in this chart below — ThePlanet — is now also part of IBM/Softlayer).

The top spam-friendly ISPs and hosting providers in early 2010.

The top spam-friendly ISPs and hosting providers in early 2010. Softlayer and ThePlanet both listed prominently in the top 10, and both are now owned by IBM/Softlayer.

Original story:

Softlayer gradually cleaned up its act, and began responding more quickly to abuse reports filed by anti-spammers and security researchers. In July 2013, the company was acquired by IBM. More recently, however, the trouble at networks managed by Softlayer has returned. Last month, anti-spam group listed Softlayer as the “#1 spam hosting ISP,” putting Softlayer at the very top of its World’s Worst Spam Support ISPs index. Spamhaus said the number of abuse issues at the ISP has “rapidly reached rarely previously seen numbers.”

Contacted by KrebsOnSecurity, Softlayer for several weeks did not respond to requests for comment. After reaching out to IBM earlier this week, I received the following statement from Softlayer Communications Director Andre Fuochi:

“With the growth of Softlayer’s global footprint, as expected with any fast growing service, spammers have targeted our platform. We are aggressively working with authorities, groups like The Spamhaus Project, and IBM Security analysts to shut down this recent, isolated spike. Just in the past month we’ve shut down 95 percent of the spam accounts identified by Spamhaus, and continue to actively eliminate this activity.” Continue reading →

Mar 10

Naming and Shaming ‘Bad’ ISPs

Roughly two years ago, I began an investigation that sought to chart the baddest places on the Internet, the red light districts of the Web, if you will. What I found in the process was that many security experts, companies and private researchers also were gathering this intelligence, but that few were publishing it. Working with several other researchers, I collected and correlated mounds of data, and published what I could verify in The Washington Post. The subsequent unplugging of malware and spammer-friendly ISPs Atrivo and then McColo in late 2008 showed what can happen when the Internet community collectively highlights centers of badness online.

Fast-forward to today, and we can see that there are a large number of organizations publishing data on the Internet’s top trouble spots. I polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points.  [A few notes about the graphic below: The ISPs or hosts that show up more frequently than others on these lists are color-coded to illustrate consistency of findings. The ISPs at the top of each list are the “worst,” or have the most number of outstanding abuse issues.  “AS” stands for “autonomous system” and is mainly a numerical way of keeping track of ISPs and hosting providers. Click the image to enlarge it.]

What you find when you start digging through these various community watch efforts is not that the networks named are entirely or even mostly bad, but that they do tend to have more than their share of  neighborhoods that have been overrun by the online equivalent of street gangs.  The trouble is, all of these individual efforts tend to map ISP reputation from just one or a handful of perspectives, each of which may be limited in some way by particular biases, such as the type of threats that they monitor. For example, some measure only phishing attacks, while others concentrate on charting networks that play host to malicious software and botnet controllers. Some only take snapshots of badness, as opposed to measuring badness that persists at a given host for a sizable period of time.

Also, some organizations that measure badness are limited by their relative level of visibility or by simple geography. That is to say, while the Internet is truly a global network, any one watcher’s view of things may be colored by where they are situated in the world geographically, or where they most often encounter threats, as well as their level of visibility beyond their immediate horizon.

In February 2009, I gave the keynote address at a Messaging Anti-Abuse Working Group (MAAWG) conference in San Francisco, where I was invited to talk about research that preceded the Atrivo and McColo takedowns. The biggest point I tried to hammer home in my talk was that there was a clear need for an entity whose organizing principle was to collate and publish near real-time information on the Web’s most hazardous networks. Instead of having 15 or 20 different organizations independently mapping ISP reputation, I said, why not create one entity that does this full-time?

Unfortunately, some of the most clear-cut nests of badness online — the Troyaks of the world and other networks that appear to designed from the ground up for cyber criminals — are obscured for the most part from surface data collation efforts such as my simplistic attempt above. For a variety of reasons, unearthing and confirming that level of badness requires a far deeper dive. But even at its most basic, an ongoing, public project that cross-correlates ISP reputation data from a multiplicity of vantage points could persuade legitimate ISPs — particularly major carriers here in the United States — to do a better job of cleaning up their networks.

What follows is the first in what I hope will be a series of stories on different, ongoing efforts to measure ISP reputation, and to hold Internet providers and Web hosts more accountable for the badness on their networks.

Continue reading →