When McColo, the nation's leading Website host for spammers and phishers, got shut down last November, the worldwide cyber-community watched in amazement as spam volume dropped by 72 percent for several weeks. That in turn has prompted ISPs and security researchers to try and devise new ways to extend that trend.

November's takedown was a team effort between Washington Post security writer Brian Krebs and a number of "upstream" Internet neighbors of McColo, such as Hurricane Electric, an ISP that had a desire to protect other Websites from the reverse denial-of-service attacks that were being launched from McColo servers. Since that time, spam and phishing have returned nearly to pre-McColo shutdown levels as organized botnet, spam, and phishing perpetrators like Rustock, Srizbi, Pushdo, and Mega-D have found new hosts from which to work.

What happpens now? Do patroling, reporting, and shutting down "bad" hosts become a cyber-community obligation? "Yes, I think it is our obligation," says Jart Armin of HostExploit.com, an Internet watchdog organization. "Some of us know how the hosting system works, and it is our responsibility to at least analyze what we see and publicize the bad and cybercriminal hosts. I am afraid that it is only by publicizing that the major Tier 1 international carriers act."

Dealing with bad hosts will figure highly on the agenda at the Anti-Spyware Coalition's convention in Washington, D.C., in May.

"It’s a difficult problem to address because there are so many layers of organizations and individuals involved in the process," says Maxim Weinstein, manager for StopBadware, who will be speaking at the May conference. "There are domain registrars, hosting companies, resellers, Website owners, law enforcement, independent security researchers, and companies involved in phishing attacks. All of these are involved in these ecosystems -- and that's not even counting the criminals!"

The criminal side is just as murky.

The most common issue is hosting companies whose only priority is selling hosting and accounts. "They are so busy doing this that there often is not much economic incentive to monitor and take down sites for malware or phishing," Weinstein explains. "These hosts allow things to happen and quickly get a reputation for failure to police. Naturally, the criminals all talk to each other, saying, 'Hey, there's this hosting company that doesn't do anything.' " Such was the case with McColo -- and the reason why the McColo takedown had such impact.

There is always that impulse to push for laws and regulations, but Congress up to now has demonstrated interest in keeping the Internet "open," and relatively free of constraints. "Getting a bill in front of Congress would require some very intelligent drafting," says attorney David Nance of Nance Group, an Internet law practice. "If you have the credibility and can explain the bill, you have a better chance of getting it passed."

Of course, there are also financial considerations behind any regulatory measures -- and there likely would also need to be a perception in Congress and other places that regulating Internet hosts and associated activities would be in the public interest. And that's not a legislative case anyone in Congress has been willing to make... yet.

Some experts and organizations within the Internet ecosystem believe the best approach to the problem is through industry self-regulation. "Whether or not there is legislation one day, we as an industry need to set expectations and develop clear practices and processes," Weinstein argues. "If one of us knows about a site, and there is a straightforward process for capturing information and reporting it, it makes it that much easier to monitor host Internet activity."

The jury is still out as to whether any colloquium or forum can develop best practices to combat bad hosts, or if there's even sufficient, collective will in the industry to do so. "Some argue that we should leave hosts alone, and just study them," says Armin, but that raises moral and pragmatic questions.

"For the moral, how can we stand by and allow even more people to get ripped off? The pragmatic side is simple. The longer we leave them alone, the stronger and richer they get," Armin says. "A few of us are fairly certain the criminals have used some of the substantial earnings to defend their positions and reinvest into the legitimate serving and carrier industry."

— Mary E. Shacklett, President, Transworld Data