[ISN] Researchers Map Multi-Network Cybercrime Infrastructure

From: InfoSec News <alerts_at_private>
Date: Thu, 18 Mar 2010 00:52:00 -0600 (CST)

By Brian Krebs
Krebs on Security
March 17th, 2010

Last week, security experts launched a sneak attack to disconnect 
Troyak, an Internet service provider in Eastern Europe that served as a 
global gateway to a nest of cyber crime activity. For the past seven 
days, unnamed members of the security community reportedly have been 
playing Whac-a-Mole with Troyak, which has bounced from one legitimate 
ISP to the next in a bid to reconnect to the wider Internet.

But experts say Troyak's apparent hopscotching is expected behavior from 
what is in fact a carefully architected, round-robin network of backup 
and redundant carriers, all designed to keep a massive organized 
criminal operation online should a disaster like the Troyak 
disconnection strike.

Security firm RSA believes Troyak is but one of five upstream providers 
that encircle a nest of eight so-called "bulletproof networks" - Web 
hosting providers considered impervious to takedown by local law 
enforcement (pictured in red in the graphic below). RSA said this group 
of eight hosts some of the Internet's largest concentrations of 
malicious software, including password stealing banking Trojans like 
ZeuS and Gozi, as well as huge repositories of personal and financial 
data stolen by these Trojans and a notorious Russian phishing operation 
known as RockPhish.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Wed Mar 17 2010 - 23:52:00 PDT

This archive was generated by hypermail 2.2.0 : Thu Mar 18 2010 - 00:03:00 PDT