Uncooperative Russian ISP Prevents Cisco From Shutting Down Cybercriminal Gang

An anonymous reader writes: Cisco's Talos research team has managed to identify and partially shut down a cyber-criminal group that is using the RIG exploit kit to infect users with spambots via a malvertising campaign. Their investigation led them back to Russian ISP Eurobyte, who didn't bother answering critical emails and allowed the campaign to go on even today. In October 2015, Cisco's researchers also thwarted the activity of another group of cyber-criminals that made around $30 million from distributing ransomware.

Block all traffic to/from Russia and China.

I'm pretty sure I would never even notice, and the internet would be a safer place.

who made cisco police, judge, and jury?

[sittingnut]

cisco is not responsible for policing the net, nor is it legally able to interpret law, and has no power whatsoever to enforce it. this seems to be pure vigilantism at best , and no different from actions of a criminal gang at worst.
let legitimate law enforcement do their job following due process. if they are behind the times that a function of freedom and speed of progress.

should any one trust cisco? same that allows and cooperates with the illegal surveillance by nsa etc?

 

Adblock folks

[Billly+Gates]

I tell everyone I know to use them.

Advertisers either fix your shit or loose out? If you can't regulate yourselves in regards to 3rd party networks and ethical ads then you will be out of business.

Fact of the matter is it is too dangerous to run without one. That should go right up there with browsing the net as administrator or root and using IE 6 these days.

Also for those who say they are safe as long as they don't click or run anything, all I can say is told you so! Open a page with flash and your 0wned. Simple

Good luck with that

[mrsam]

Bet a hundred quatloos that this so-called "ISP" are the malware peddlers themselves. Either that, or they know fully well who their customers are, and they interpret Cisco's communications as nothing more than a request to shut down a well paying customer.

This is not a unique phenomenon. This is a fairly common reaction to abuse and spam complaints. You want us to shut down a paying customer? Why would we want to do that?

The key to effectively deal with network abuse is to make the responsible party understand that it's in their best interest to do that. Otherwise they stand to lose more than they are profiting from network abuse. As long as effective public email blacklist exist, network providers will have to reluctantly terminate their spambags, else their entire network gets blacklisted and they lose more, as their other, non-spamming pissed off customers flee to other providers, in order to be able to send mail.

The same thing here. Presuming that this is a bone-fide provider, and not a sock puppet for the malware peddlers, the appropriate step of action is to escalate to their upstream, and attempt to get their cooperation, and have them agree to terminate the circuit to their rogue downstream provider, unless they get rid of the spamware peddlers. And keep escalating upstream, as far as necessary. Now, we're talking Cisco here, right? Well, it shouldn't take long before Cisco ends up talking to someone that uses their hardware in their core business. At this point, it's now going to be up to Cisco to put up and shut up, and inform their customer that unless this is dealt with, they will respectfully decline to renew their own customer's support contracts.

Could this sequence of events actually come to fruition? Extremely unlikely, but this is the only way to effectively deal with network abuse.

Re:Good luck with that

[turbidostato]

"This is not a unique phenomenon. This is a fairly common reaction to abuse and spam complaints. You want us to shut down a paying customer? Why would we want to do that?"

Why should it be any other way? Note the requestor is another company, not a legal authority, and it comes from a different country.

We should, in fact, be very much worried if it happened any different.

"As long as effective public email blacklist exist, network providers will have to reluctantly terminate their spambags"

Of course yes, why the hell go throw the worries of having a legal system and legal forces to enact it when we can have some random vigilante telling apart what can and cannot be done.

Email - or spam?

[petes_PoV]

who didn't bother answering critical emails

I don't answer critical emails either. However, if you send me nice ones, or polite ones I might even read them.

You'd think that if this was something SERIOUS for Cisco, they'd at least bother to pick up the phone - maybe even go to the effort of finding someone who spoke russian. As it is, this outfit, like everyone else on the planet probably gets spammed senseless. Especially through public email addresses. Who can blame someone for ignoring emails from unsolicited sources?

To sum up, this sounds like the lazy excuse of an indolent individual: Why haven't you done X? asks the boss. "Well I sent them an email, but they never replied" whines the guy who just wants to get back to playing Facebook.