Slashdot Mirror

← Back to Stories (view on slashdot.org)

International Exploit Kit Angler Thwarted By Cisco Security Team

Posted by ryuzaki0 on from the prison's-too-good dept.

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.

7 of 36 comments (clear)

  1. Fraud detection? by Anonymous Coward · · Score: 2, Informative

    "The servers had been hired by cybercriminals using stolen payment details."

    Regardless of what was hosted on those servers, how did Limestone allow that many fraudulent accounts to get through? (rhetorical question btw...revenue is revenue if you know what I mean, wink wink)

    Btw, here's a very good in-depth description of Angler (i.e. yet another Microsoft Windows exploit):
    https://blogs.sophos.com/2015/...

  2. Blocking the Japanese ministry of agriculture? by Halo1 · · Score: 3, Interesting

    The published Angler nginx proxy server configuration contains

    deny 150.26.0.0/16;

    That block belongs to the Japanese "Ministry of Agriculture,Forestry and Fisheries - Agriculture,Forestry and Fisheries Research Council". I wonder what the story is behind that.

    --
    Donate free food here
    1. Re:Blocking the Japanese ministry of agriculture? by kbonin · · Score: 2

      Its common for intelligence organizations to label their IP block with other gov org names. Many of the SSH brute force scans I bothered to look up a few years ago originated from IP blocks owned by "China Railway Telecommunications Center".

    2. Re:Blocking the Japanese ministry of agriculture? by kassay · · Score: 2

      Not sure what the story is, but it sounds kind of fishy to me.

  3. obvious question by Gravis+Zero · · Score: 5, Funny

    yes, it was interrupted but was this a non-maskable interrupt? ;)

    --
    Anons need not reply. Questions end with a question mark.
  4. Re:Law enforcement? by MagickalMyst · · Score: 3, Insightful

    "vigilante justice is kind of frowned upon here."

    Understandable.

    But what is the alternative? File a police report and wait for them to do something about it?

    --
    Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
  5. Re:Law enforcement? by Anonymous Coward · · Score: 2, Informative

    Exactly what kind of 'vigilante justice' are you talking about? There was no such thing in the articles. Cisco informed a service provider they were hosting proxy servers that were part of a malware distribution scheme. Service provider shut down the servers and handed logs to Cisco. Totally their right to do so, and nothing out of the ordinary here.