Bulletproof Hosting of Malicious Cyber-infrastructure Exposed
Researchers from RSA, a security firm, have found a network infrastructure, which serves dedicated connections to botnets that are known to be the most notorious networks worldwide. These connections are so strong that they can hardly be snapped.
The infrastructure includes servers at its core which steer massive numbers of infected computers. Consequently, they keep on sending spam, disseminating malicious programs, and remaining up-to-date by adopting the most recent bot program. malware gangs that maintain several channels connecting these central servers with the external environment manage to build extremely superfluous networks that whitehats and authorities can barely shut them down.
RSA disclosed that the Troyak, an Internet Service Provider, is merely one among the 5 'main providers' that hosted 8 central bulletproof networks distributing the Zeus Trojan. Apparently, the results partly explain why the March 9, 2010 interruption in the service of Troyak-AS was responsible for simply slowing down Zeus traffic, and not blocking it.
Based on its discoveries, the security firm states that AS-Troyak appears to be a segment of a set of complicated networks performing malicious operations. These networks possibly aim to link up 8 malevolent, bulletproof malware supporting utilities with the Internet so that they continually exist online, RSA says speculatively.
Explaining further, RSA states that the manner in which these networks acquire takedown-resilient connectivity is via their complex connection schemes. While hosting the malware, the sturdy infrastructure links up with a genuine ISP through the 'main providers' that hide its origin. The firm assessed the cyber-crime infrastructure and found that it used the 5 'main providers' for masking its Internet connectivity.
RSA emphasized that all the providers managed to link up with several genuine ISPs. Those ISPs never got to know about the malicious servers, which somehow abused their services, the firm added.
Manager of the Identity Verification and Protection Team at RSA, Sean Brady, commented that it is very usual for an organized crime to reach at this particular level of extensive operating infrastructure. This is because of the complexity involved in an illegal operation to build itself to the said level, as per the news published by EWeek.com on March 17, 2010.
Related article: Bulletproof Hosts Spam Widely in China
» SPAMfighter News - 26-03-2010