Srizbi Botnet Servers Flee To EstoniaGet shut down by Estonia's largest ISP anyway... ( old news - 09:12AM Friday Nov 28 2008) tags: business · securityAfter recent hosting provider and scum hub McColo was shut down, scammers and spammers quickly scattered to differed hosts. The Srizbi botnet, whose control servers were hosted by McColo, was recently resurrected, finding a new home with Starline Web Services, based in the Estonian capital of Tallinn. However, the good (if not very uphill) fight continues, with Estonian ISP Linxtelecom taking Staline offline, and Srizbi control servers with it. That should help for about a day or two -- the rootkit that makes Srizbi hum uses an algorithm that periodically generates new domain names -- allowing the malware to receive new instructions.
Related:- PA Man Charged With Selling Hacked Cable Modems
- Wednesday Evening Links
- Uh, Mom? The Air Force Just Attacked Our PC
- T-Mobile Systems Hacked?
- No, Obama Isn't Taking Over The Internets
- Comcast Employs New Botnet Alert System
- Time Warner Cable Security Flaw Exposes 65,000
- Hackable Time Warner Cable Modems Still Hackable?
|
 |  | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
 ·Comcast
·Comcast Formerly ..
| Re: Domain registration process needs revamping It would do nothing but help the proliferation of identity theft.
these folks are not stupid. We need to have the isps keep pulling the plugs. And it would be nice if we could get the isps hosting the pcs with bots to join in as well.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | moonpuppy
join:2000-08-21
Glen Burnie, MD
 ·Verizon Online DSL
| Re: Domain registration process needs revamping said by BosstonesOwn  :It would do nothing but help the proliferation of identity theft. these folks are not stupid. We need to have the isps keep pulling the plugs. And it would be nice if we could get the isps hosting the pcs with bots to join in as well. Maybe what we need to do is start pulling entire countries off line. | |
| | | | 
Dogfather
Premium
join:2007-12-26
Laguna Hills, CA
2 edits | Re: Domain registration process needs revamping Start with China, the Pentagon would probably appreciate the help. | |
| | | | | 
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
| Re: Domain registration process needs revamping said by Dogfather :That would be like gun control. It would only hamper legit users while malware goons will find an easy way around it. I don't think there would be an easy way around it. They could find some ways, but it would raise the bar significantly. There are bogus drivers licenses and passports, but they are relatively very few now with the toughened identity provisions. And even if they got a bogus domain thru, it would become easier to track down those obtaining bogus credentials.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
| | | |
Dogfather
Premium
join:2007-12-26
Laguna Hills, CA | Re: Domain registration process needs revamping They'll get around it while causing many headaches and delays for legit users and ask any doorman at a bar or business owner if fake IDs and gov't docs are rare. As a business owner I can tell you they're certainly not. | |
| | | | | 
Corehhi
join:2002-01-28
Bluffton, SC
| Re: Domain registration process needs revamping said by Dogfather :They'll get around it while causing many headaches and delays for legit users and ask any doorman at a bar or business owner if fake IDs and gov't docs are rare. As a business owner I can tell you they're certainly not. Fake ID's everywhere. Around here $200 will get you a SS card and $1200 will get you a passport. | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by GOLFnSUN :... No one should be able to create a new domain without providing a street address and proof of identity - like you do when getting a passport or drivers license. Failure to do that should result in denial of a domain. ......... .
Part of the problem is that ICANN has allowed criminlas to infiltrate up the ladder, and become registrars themselves. ESTDOMAINS was allowed to operate for years as a crime magnet. That led to blatent bogus registrations by known criminals, such as these two credit card fraud laundering operations domains registered to "Richard Nixon", and "Sharon Stone" by a multi-year organized criminal enterprise:
»UNOPIC.NET
.
ICANN Registrar: ESTDOMAINS, INC
.
Results returned from whois.estdomains.com:
.
Registration Service Provided By: RESELLERCLUB
Contact: +1.4152361970
.
Domain Name: UNOPIC.NET
.
Registrant:
Concrete Industries Ltd
Richard Nixon (pg@hightechmail.biz)
12 avenue, 22-41
Washington
District of Columbia,109882
US
Tel. +001.9843323329
.
Creation Date: 30-Jul-2008
Expiration Date: 30-Jul-2009
.
Domain servers in listed order:
ns2.unopic.net
ns1.unopic.net
.
.
.
»24GRAPH.NET
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: »www.estdomains.com
.
Domain Name: 24GRAPH.NET
.
Registrant:
Direct Access Inc
Sharon Stone (steve.parcell@ibm-london.com)
London, Bukingham Palace, 92-12
London
London,37238
GB
Tel. +004.4339293384
.
Creation Date: 30-Jul-2008
Expiration Date: 30-Jul-2009
.
Domain servers in listed order:
ns2.24graph.net
ns1.24graph.net
.
.
It will take considerable work in order to root out the criminal entities the have embedded themselves in both registration, hosting, and the entire system. It has been laisez faire for far too long.
.
McColo corp was a wolf in sheep's clothing, that was masquerading as a US corp. The only thing within the US was their servers. The people who set McColo up and operate/d it, are thousands of miles away in Russia. You can set up a US corp or LLC from anywhere in the world via online registration. There is no requirement that you be here.
Planting your servers here anonymously, then operating within US IP space, offers criminals a stragetic advantage for nefarious activities.
MGD | |
| kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| Possible defense? If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you. | |
| | 
fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
 ·Skype
| Re: Possible defense? said by kpatz :If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems. Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:
»www.theregister.co.uk/2008/11/26···om_dead/
"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com | |
| | | 
RARPSL
join:1999-12-08
Suffern, NY
| Re: Possible defense? said by fireflier :"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains." There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight). | |
| 
phoneboy3
@shawcable.net
| What took them so long? I STILL don't understand what took them so long to shut down McScum in the US. It's not like they can't trace where all this junk comes from. I can understand if it's coming from some backwards country somewhere but not the US.
I know these scum merchants also tried to cover their tracks with VPN's from McScum to elsewhere but that would be trivial to trace with enough authority to get the IP information from the ISPs. | |
| VerizonCynic
join:2006-10-25
Lakewood, CA
 ·Verizon FIOS
| wmd's? Does anyone not see the real terrorism threat here? I really do not know why the US govt is not doing more. Today viagra tomorrow al queda recruiting tools or phishing or who knows what else could be delivered via bots.
»www.latimes.com/news/nationworld···40.story
80% of people using the net have no clue as to what a bot is. If I even tried to explain this to my parents they would just say "oh will you take care of that for us" | |
| | |
John Lennin
@gaoland.net | Sorry but... The Estonian should have shut down staline a long time ago... the cold war being the ideal time to do that  | |
|
Randy Mc
@qwest.net
| Spammers and Haters How about alittle personal responsibility. Yea i know to some it,s a "Dirty" word--What me take the time and alittle money if any to run a good antivirus and malware detector. I use mostly freeware antivirus one of the best i have used. I do pay for a good malware scanner. Come on people take the time and responsibility to keep your own computer safe. That's the problem alot of times to many people looking for someone else to bail them out. Whether it be the government or microsoft or anyone else---Steep up people and do what you can---it will go a long way to keeping the internet safer---Or do we want Government control of it---Yea we have seen in alot of cases how that goes. As for me i don't want Uncle Sam trying to run the internet. | |
| | | |
|
|
Domain registration process needs revamping
·