Malicious ISP Drained Out of Cyber World

The Federal Trade Commission reported on June 4, 2009 that a San Jose, California-based Internet service provider Pricewert LLC, linked to Eastern Europe, was shut down due to its suspected involvement in the intrusions in the computer systems at NASA and large-scale circulation of malicious spam.

Pricewert concealed its criminal trade by overlooking take-down requests, which were issued by the Internet security community or by relocating its own criminal elements to some other IP addresses that it controlled to avoid being detected, stated FTC.

The court papers reveal that the orders of shutting down Pricewert, which according to an expert at FTC is the "worst ISP in the United States in terms of hosting malicious content," were issued on June 2, 2009.

Ethan Arenson from Bureau of Consumer Protection, FTC, stated that Pricewert was unplugged on June 3, 2009.

NASA, in its complaint lodged with the US District Court located in Northern District of California, stated that a total of 22 distinct assaults had been detected on NASA by Pricewert computers, which includes the one launched in April 2009. The complaint alleged that many of these assaults were aimed at transforming NASA's computers into a botnet.

As per the court documents, supporting provisional restraining order, Gary Warner, Director of computer forensics research, University of Alabama (Birmingham), thinks that after the closure of Atrivo/Intercage and McColo in 2008, Pricewert emerged as the nastiest ISP in the US, as far as hosting malicious content is considered, as reported by InformationWeek on June 4, 2009.

Meanwhile, Symantec Security Response has informed that the firm had given the information collected from its worldwide Internet sensor network on the malicious software that news was served by Pricewert.

Interestingly, Pricewert acquired the names of APS Telecom and Triple Fiber Network (3FN) as a part of its business operations.

According to court papers, Symantec detected in excess of 600 IP addresses that triggered malicious attacks and were under the control of 3FN. The FTC has claimed to identify over 4,500 malware which were instructed by command-and-control servers hosted by 3FN. The malware was capable of password stealing, keystroke logging, and data stealing.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 6/9/2009