Cybercriminals Moving Over To TLD .su

Discussion in 'other security issues & news' started by Hungry Man, Feb 1, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    https://www.abuse.ch/?p=3581

     
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    So who's behind the Soviet Union/.su TLD operator RIPN.net(Russian Institute for Public Networks)?
    Anyone with russian speaking skills here? ('Google Translate' can sometimes unfortunately be completely unreliable).
    'REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER' link seems to be the ICANN registrar.
    Under their contact info link, the link 'Проект RBNet/Project RBNet' can be regarded as ominous (if Google Translate is right, that is).
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Sounds interesting, any useful .su sites out there?
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    anybody got their ip server names and/or ip number ranges?
     
  5. BrandiCandi

    BrandiCandi Guest

    edit- nevermind on my previous comment.

    From what I understand about botnets, it doesn't do much good over time to take them down. They're not centralized, that's what makes them so successful. When you disable a botnet, there are plenty of controllers elsewhere so they'll self-propagate & come back to life.
     
    Last edited by a moderator: Feb 8, 2012
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Botnets are not all equal. They get instructions from somewhere/ are not "fully automated." If you take down the ones at the top the others are at the least crippled.
     
  7. BrandiCandi

    BrandiCandi Guest

    Yeah, that's kind of what I was saying. The ones on top are the controllers, the ones being controlled are bots. You can cripple a botnet for a while by taking down the known controllers. But I think the ISPs have found that some of the remaining bots will convert themselves into controllers in the absence of the old one. And then you haven't removed the source of infection- that malware is still out there churning out new bots & controllers. I read a white paper on that, I'll see if I can find it again.
     
Loading...
Thread Status:
Not open for further replies.