Malware Writers Take to Buying Their Own Data Centers
Malware Writers Take to Buying Their Own Data Centers
Posted 12/22/2009 at 5:15pm
| by Ryan Whitwam
11
Comments
Print
Traditionally, the lowlifes running botnets have made due with shared hosting provided by shady ISPs. As these crimes become higher profile, enforcement has stepped up resulting in many of these ISPs going offline. To address this dilemma it looks like some purveyors of malware have started buying their own data centers.
It’s actually depressingly easy to do. The people running a botnet need only acquire a block of IP addresses from one of the Regional Internet Registries (RIR) or Local Internet Registries (LIR). These regulatory bodies are only supposed to be handing out IP blocks to large companies, ISPs, and telecoms. Turns out the RIRs aren’t doing their due diligence in investigating applications. Once the bad guys get the IP addresses, they buy some servers in a data center, and they become their own ISP.
This effectively takes away the best point of attack for authorities. “If there's a problem, who are you going to talk to? It's a different ball game now. These guys are buying their own data centers. These LIRs and RIRs aren't going to push back if you say you need a /24 or /16. They're not the Internet police," said Alex Lanstein of FireEye Research. The process is becoming common is places like Europe and the Caribbean. What’s worse, getting the IP addresses back can take a lot of time and effort. The procedures just don’t exist. The solution? Well, there isn’t one right now, but if you have an idea, we’d love to hear it in the comments.
More like this
Biceps
December 28, 2009 at 12:56pm
Just turn off the internet in Europe and the Carribean. Duh... problem solved.
eleck
December 23, 2009 at 6:38pm
EMP IT! its for the better good ^_^ hmm will edit if a better idea comes up..
nekollx
December 23, 2009 at 9:09am
Nuke the site from orbit...
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
RavenStandsAlone
December 23, 2009 at 7:43am
I want to say, "Take them out and shoot them in the CPU" but, my wife says that is a bad thing to do. She's pretty smart so I am sure that will not be allowed anyway.
These are the InterWebs? Where's the bicycles, babes and beer?
JDorfler
December 23, 2009 at 4:05am
Just let their physical location be known. Things will work themselves out.
Phenom II 955 BE/8G DDR3 1600/ATI 4870 x2/SB X-Fi xtremegamer
JiMiZnHB
December 23, 2009 at 12:24am
Use the Windows HOSTS file to BLOCK Their ENTIRE Block of IP Addresses
It WORKS!!!!
RavenStandsAlone
December 23, 2009 at 7:45am
Uh, would you tell me how to do that please? I'm over at hotmail.
These are the InterWebs? Where's the bicycles, babes and beer?
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Here's what the @horse_ebooks bookmarklet (http://t.co/brE6898A) does to Maximum PC: http://t.co/Y6OhO6zk12 hours 3 min ago
- maximumpc: Microsoft on Patents: Can't We All Just Get Along? http://t.co/g0vginvG14 hours 24 min ago
- maximumpc: Google Drive Cloud Storage: Is Google Preparing To Muscle In On Dropbox? http://t.co/lCWzeYmS14 hours 49 min ago
