Legitimate ISP a Cover-up For a Cybercrime Network
ezabi writes "TrendWatch, the malware research arm of TrendMicro, has posted a white paper titled 'A Cybercrime Hub' (PDF, summary here) describing the activities of an Estonian ISP acting as a cover-up for a large cybercrime network. It's involved with malware distribution and DNS hijacking, which leads to credit card fraud. The story's interesting, and a typical internet user would be exposed in such a situation. What security measures should be taken to prevent normal users from falling victim to such malicious bodies? Note that they are represented legitimately and are offering real services like any other internet company."
The summary is hugely incorrect. This is not a malware or cybercrime network, but "normal" adware. Yes adware is bad too, but its legal and calling adware companies cybercriminals is going to bring some lawsuits.
It's involved with malware distribution and DNS hijacking, which leads to credit card fraud.
I did find it funny that they say this; just because it's *possible* doesn't mean they'd do such. Surprisingly Comcast and other ISP's have been starting to do dns hijacking, so does it mean they are doing credit card fraud?
If you read the actual white paper you see it's just usual not-so-scary adware. It replaces ads you see with their own. Thats of course allowed and legal when the user gives consent to it.
I hate adware as much as everyone else here, but instead of going for huge headlines and dramatic stories, just tell the real facts and dont make assumptions. In this case this is a legal (adware) company with 50+ workers that follows Estonian laws. Maybe the summary writer would even like to read the actual white paper too, theres no mention of credit card fraud.
If you want to fight adware, do it properly, not with assumptions or lies.
Your posts get more and more useless every day. What you describe is totally useless against trojans. These are not man-in-the-middle attacks. These are rootkits and DNS highjackers.
"I find the use of a good filtered DNS service that blacklists malware URL's upon discovery goes a long way towards limiting my exposure to this. Open DNS or Scrub IT works well. The only down side is they are often the target of DOS attacks, so their uptimes are limited. Be prepared to switch DNS settings when the "Internet" goes down. Most of my frequent sites, I keep in my local hosts file, so even if DNS goes down or DNS is hijacked, the link to my banking is still valid. Ruining as a normal user I can't be tricked into editing my hosts file. I don't have the privileges. Links; Open DNS http://www.opendns.com/ ScrubIT http://www.scrubit.com/ " - by Technician (215283) on Wednesday August 26, @01:53PM (#29204855)
See my subject-line, & this URL (especially points #'s 2 thru 5, because they cover a great deal of exactly what you state works, because, those points DO):
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):
http://www.tcmagazine.com/forums/index.php?s=555c0485c3ad66d4020d3aa92778a1b2&showtopic=2662&st=0&start=0
----
IT WORKS...
How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3
----
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com
----
That's 'how well'... For going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!
APK
P.S.=> AND, what is a MAJOR portion of that guide (as far as "the beyond" part, above CIS Tool Guidance)? HOSTS FILES, & OpenDNS or ScrubIT DNS... & you think just like I do, & it does work, for all that you noted, plus more - think about THIS one:
Like IPSecurity Policies (also covered in my guide, acting as "layered security")? HOSTS files can LIMIT what even an already "taken in" malware can do online - because, IF/WHEN you block KNOWN "bogus servers" or bad adbanners (or even malicious websites)??
Well, if YOU cannot get to them, guess what? NEITHER CAN THE MALWARE... sure, some of you might say "but the malware could just use a static IP address vs. using HOST names or URL's to communicate back to 'home base/the mothership'" but, they can't do that, because ISP/BSP's "take down" KNOWN bad servers fairly quickly once they're discovered... & thus, using an IP address would be, self-defeating - where using URLs or DOMAIN NAMES allows malware makers/botnet masters etc. et al the ability to QUICKLY re-register said domain name once more, albeit, on a diff. server next rou
"Are you being treated for some condition that we should know about?" - by Anonymous Coward on Wednesday August 26, @04:03PM (#29207137)
No - but, do see my subject-line, & by the way: Care to show us your PHD in Psychiatry, or Medicine, etc. et al with your name on it?
(I say that, simply because w/out it (and a license to practice, as well as performing a formal examination of myself), you rather childishly transparent & stupid "insinuations/inneundos" mean, squat...)
Get it?
(Have a nice day)
APK
P.S.=> You're OFF TOPIC as well, by the way - So, go away now, little troll... apk