Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uncooperative Russian ISP Prevents Cisco From Shutting Down Cybercriminal Gang

Posted by ryuzaki0 on from the money-is-involved dept.

An anonymous reader writes: Cisco's Talos research team has managed to identify and partially shut down a cyber-criminal group that is using the RIG exploit kit to infect users with spambots via a malvertising campaign. Their investigation led them back to Russian ISP Eurobyte, who didn't bother answering critical emails and allowed the campaign to go on even today. In October 2015, Cisco's researchers also thwarted the activity of another group of cyber-criminals that made around $30 million from distributing ransomware.

7 of 122 comments (clear)

  1. Block all traffic to/from Russia and China. by Anonymous Coward · · Score: 5, Insightful

    I'm pretty sure I would never even notice, and the internet would be a safer place.

    1. Re:Block all traffic to/from Russia and China. by Anonymous Coward · · Score: 5, Interesting

      I run my own firewall and I actually did block, among some other areas, everything East from my country, including Russia. Whole of Asia, Africa, South America and Australia. The average attack attempts to my web servers dropped from hundreds per week to a couple per week. It's also really nice how you can block inbound and outbound or just inbound traffic.

    2. Re:Block all traffic to/from Russia and China. by myowntrueself · · Score: 4, Interesting

      I run my own firewall and I actually did block, among some other areas, everything East from my country, including Russia. Whole of Asia, Africa, South America and Australia. The average attack attempts to my web servers dropped from hundreds per week to a couple per week. It's also really nice how you can block inbound and outbound or just inbound traffic.

      And yet you let through traffic from the USA? The number one source of internet attacks?

      http://www.statista.com/statis...

      --
      In the free world the media isn't government run; the government is media run.
  2. Holidays by Anonymous Coward · · Score: 4, Informative

    You won't find any Russian business that would respond to inquiries this week (with the exception of employees working from home even though they shouldn't). Reason: all Russians have official holidays that started on January 1 and will end on January 11.

  3. Adblock folks by Billly+Gates · · Score: 5, Insightful

    I tell everyone I know to use them.

    Advertisers either fix your shit or loose out? If you can't regulate yourselves in regards to 3rd party networks and ethical ads then you will be out of business.

    Fact of the matter is it is too dangerous to run without one. That should go right up there with browsing the net as administrator or root and using IE 6 these days.

    Also for those who say they are safe as long as they don't click or run anything, all I can say is told you so! Open a page with flash and your 0wned. Simple

    --
    http://saveie6.com/
  4. Come on by Hognoxious · · Score: 4, Funny

    Russia needs the money. Even the president can't afford a shirt.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  5. Good luck with that by mrsam · · Score: 4, Insightful

    Bet a hundred quatloos that this so-called "ISP" are the malware peddlers themselves. Either that, or they know fully well who their customers are, and they interpret Cisco's communications as nothing more than a request to shut down a well paying customer.

    This is not a unique phenomenon. This is a fairly common reaction to abuse and spam complaints. You want us to shut down a paying customer? Why would we want to do that?

    The key to effectively deal with network abuse is to make the responsible party understand that it's in their best interest to do that. Otherwise they stand to lose more than they are profiting from network abuse. As long as effective public email blacklist exist, network providers will have to reluctantly terminate their spambags, else their entire network gets blacklisted and they lose more, as their other, non-spamming pissed off customers flee to other providers, in order to be able to send mail.

    The same thing here. Presuming that this is a bone-fide provider, and not a sock puppet for the malware peddlers, the appropriate step of action is to escalate to their upstream, and attempt to get their cooperation, and have them agree to terminate the circuit to their rogue downstream provider, unless they get rid of the spamware peddlers. And keep escalating upstream, as far as necessary. Now, we're talking Cisco here, right? Well, it shouldn't take long before Cisco ends up talking to someone that uses their hardware in their core business. At this point, it's now going to be up to Cisco to put up and shut up, and inform their customer that unless this is dealt with, they will respectfully decline to renew their own customer's support contracts.

    Could this sequence of events actually come to fruition? Extremely unlikely, but this is the only way to effectively deal with network abuse.