Security researchers have had a number of victories to celebrate recently. First Atrivo and now McColo have been disconnected from the Internet. This was done not by law enforcement or other governmental action, but rather by the concerted efforts of the Internet community. The Internet is made up of privately owned networks that are voluntarily connected. The companies that were connected to Atrivo and McColo have severed those connections, removing the companies from the Internet.
Removing those two companies from the Internet has also removed large amounts of botnet and spam infrastructure. Several sources have reported seeing spam drop as much as 60-70% following McColo's loss of connectivity. There was a similar, but smaller drop when Atrivo was taken offline. Of course, one of the reasons that the McColo disconnect reduced spam more than Atrivo, is that some of the spammers simply moved from Atrivo to McColo.
Back in October, my colleague Joe Stewart documented the Warezov botnet moving to McColoand also predicted (quite correctly as it turned out) that disconnecting McColo would reduce spam by one-half world wide.
Other botnets will also be relocating their C&C servers. While most, if not all, will just pop up in another data center, the growing trend of upstream providers disconnecting nefarious hosting companies is encouraging. So far these companies have been US based. We're now seeing early evidence that bot-herders are moving their C&C servers overseas. The next question is: Will the Internet community be able to put pressure on those companies and their upstream providers to prevent the bot-herders from finding a new safe haven?