[ISN] ICANN cast as online scam enabler

From: InfoSec News <alerts_at_private>
Date: Wed, 3 Sep 2008 01:06:02 -0500 (CDT)
http://www.theregister.co.uk/2008/09/03/cyber_crime_reports/

By Dan Goodin in San Francisco
The Register
3rd September 2008 

Two recently issued reports portray the Internet Corporation for 
Assigned Names and Numbers (ICANN) as a bureaucracy that enables cyber 
criminals.

In one report [1] (PDF), researchers Jart Armin, James McQuaid and Matt 
Jonkman detail how a one of ICANN's prized sponsors has ties to one of 
the net's more prolific sources of malware and illegal online 
pharmacies. It's called LogicBoxes, and over the past two years, ICANN 
has listed it as a sponsor for meetings that took place in Los Angeles 
and Delhi, India.

It turns out LogicBoxes has an association with Atrivo, a network 
provider that also goes by the name of Intercage. According to the 
study, a random sampling of 2,600 addresses hosted by Atrivo revealed 
7,340 malicious web links, 910 infected websites, 310 malicious 
binaries, and 113 botnet command and control servers. As an autonomous 
systems (AS) provider, the Concord, California-based company controls a 
large number of IP addresses.

The report details how Atrivo works with a rogue's gallery of other 
companies to enable anonymous sites that punt scareware, malware and 
online sites pushing Viagra and other sites. Other companies include 
Hostfresh, EstHost, EstDomains and PrivacyProtect.

In an email to The Register, Atrivo principal Emil Kacperski declined to 
comment.

[1] http://hostexploit.com/downloads/Atrivo%20white%20paper%20082808ac.pdf

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Tue Sep 02 2008 - 23:06:02 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 02 2008 - 23:13:13 PDT