Randel said CERT has "constantly" notified Compic about malware they've hosted. Compic will take action to remove the sites depending "on how loud we scream," Randel said. Compic usually reacts fast when CERT sends a complaint e-mail -- and copies the Estonian Criminal Police, Randel said.

On Thursday, Compic's upstream provider, , sent an e-mail to the Estonian ISP community that said they are planning to cut off Compic, Randal said.

Linxtelecom sells IP transit services that connect local ISPs and telecommunications operators with larger data carriers. Linxtelecom said in the e-mail that 99 percent of the complaints that it receives over abuse are related to Compic, Randel said.

A Linxtelecom official said he did not know about the e-mail. Compic does respond to complaints within two days or so, but Linxtelecom in the past cut off connectivity to Web sites hosted by Compic after complaints, the official said.

Computer security experts say there are a handful of ISPs and domain name registrars that work closely with cybercriminals to support spam operations, Web sites that sell fake software and other scams.