On Thursday, Compic's upstream provider, Linxtelecom, sent an e-mail to the Estonian ISP community that said they are planning to cut off Compic, Randal said.

Linxtelecom sells IP transit services that connect local ISPs and telecommunications operators with larger data carriers. Linxtelecom said in the e-mail that 99 percent of the complaints that it receives over abuse are related to Compic, Randel said.

A Linxtelecom official said he did not know about the e-mail. Compic does respond to complaints within two days or so, but Linxtelecom in the past cut off connectivity to Web sites hosted by Compic after complaints, the official said.

Computer security experts say there are a handful of ISPs and domain name registrars that work closely with cybercriminals to support spam operations, Web sites that sell fake software and other scams.

The operations are difficult to stop due to their international nature, the speed with which cybercriminals react to shutdowns and the lack of law enforcement resources or interest.

McColo's shutdown came after research was published which showed the extent to which the company was involved in the criminal underground.

Similarly, another noted bad ISP -- known as Atrivo or Intercage -- was cut off by its upstream providers in September as a result of mounting pressure from the computer security community.

"With the recent cases of McColo and Atrivo/Intercage taken off the Internet, it will be easier in the future to put more pressure on other known hosters of badware to take action or go offline," said Toralv Dirro, security strategist for McAfee's Avert Labs, on Thurday.