Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Building New, Stealthier Networks

Posted by CmdrTaco on from the hey-wait-a-minute dept.

ancientribe writes "Cybercriminals are adopting a new method of hiding and sustaining their malicious Websites and botnet infrastructures so they'll be harder to detect, called "fast-flux," according to an article in Dark Reading. Criminal organizations behind two infamous malware families — Warezov/Stration and Storm — in the past few months have separately moved their infrastructures to so-called fast-flux service networks. The article says bad guys like fast-flux not only because it keeps them up and running, but also because it's more efficient than traditional methods of infecting victims' machines." I'm not exactly sure why this is new/different than the more well known open relay proxy networks.

6 of 107 comments (clear)

  1. Block TCP Port 80 by quanticle · · Score: 4, Insightful

    What can be done about fast flux? ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; "blackhole" DNS and BGP route-injection; and monitor DNS, the report says.

    The bit about blocking TCP port 80 is troubling. I run a small web-site for learning purposes and to share info with family and friends. I don't especially like the possibility of having to ask or pay extra to have port 80 opened on my end.

    --
    We all know what to do, but we don't know how to get re-elected once we have done it
    1. Re:Block TCP Port 80 by brunes69 · · Score: 2, Insightful

      So run it on port 8080 or something else. There is nothing magical about port 80 that you have to run a website on it.

    2. Re:Block TCP Port 80 by Otis2222222 · · Score: 3, Insightful

      That sounds great, I am sure it would be no problem whatsoever to tell your friends "My website is at dub-dub-dub dot mywebsite dot com, colon eighty eighty. And if you don't type the 'eighty eighty' you won't get there. Don't forget to type colon eighty eighty, grandma".

      And what the other guy said about proxies is valid too. It's very common for outbound corporate firewalls to block non-port-80 traffic for web browsing.

    3. Re:Block TCP Port 80 by utopianfiat · · Score: 4, Insightful

      This is what Slashdot has become.
      Two years ago there would have been a frosty piss and a two-page discussion on how this douchebag OP was wrong to use the word "cybercriminals" (or cyberfoo for that matter), and how his article reads like a page out of the script to this flaming piece of shit. Where did we go? Since when did Slashdot become Eternal September?
      That's right point-bearing masses, mod me flamebait because nobody else has the balls to stand up to this kind of terrible quality news. FFS look at the damn article! It says nothing! It literally states something that was true ten years ago when the botnet was invented! News for NERDS? more like News for NEWBS.
      Christ alfuckingmighty.

      --
      +5, Truth
    4. Re:Block TCP Port 80 by utopianfiat · · Score: 2, Insightful

      I'm waiting for a worm that exploits STUN and invalidates the whole "block any port you don't use" rule.

      --
      +5, Truth
  2. JUST SAY IT! "Home PCs" = Windows OS by Jerry · · Score: 3, Insightful

    ALL of these zombies are computers running a Windows OS.

    There. I've said it. Why hide the truth?

    Are journalist thinking "everyone knows it is Windows that is so vulnerable to mere emails, so there's no use in embarrassing Microsoft"? I don't think so... any more than they "just happened" to get Ferrari laptops for writing good articles about VISTA.

    --

    Running with Linux for over 20 years!