Cybercriminals Moving Over To TLD .su

https://www.abuse.ch/?p=3581

 

So who's behind the Soviet Union/.su TLD operator RIPN.net(Russian Institute for Public Networks)?
Anyone with russian speaking skills here? ('Google Translate' can sometimes unfortunately be completely unreliable).
'REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER' link seems to be the ICANN registrar.
Under their contact info link, the link 'Проект RBNet/Project RBNet' can be regarded as ominous (if Google Translate is right, that is).

 

Sounds interesting, any useful .su sites out there?

 

anybody got their ip server names and/or ip number ranges?

 

edit- nevermind on my previous comment.

From what I understand about botnets, it doesn't do much good over time to take them down. They're not centralized, that's what makes them so successful. When you disable a botnet, there are plenty of controllers elsewhere so they'll self-propagate & come back to life.

 

Botnets are not all equal. They get instructions from somewhere/ are not "fully automated." If you take down the ones at the top the others are at the least crippled.

 

Yeah, that's kind of what I was saying. The ones on top are the controllers, the ones being controlled are bots. You can cripple a botnet for a while by taking down the known controllers. But I think the ISPs have found that some of the remaining bots will convert themselves into controllers in the absence of the old one. And then you haven't removed the source of infection- that malware is still out there churning out new bots & controllers. I read a white paper on that, I'll see if I can find it again.