Home » Computer Security

Brief: Malware makers colocate servers, grab IPv4 address blocks

Computer infected with Trojans, Spyware or Virus? Are you getting many fake security pop-ups and warnings? Computer working really slow? Not to worry. Our website provides you with free virus removal steps and free malware removal tools to remove spyware, trojans and virus. Search this site for removal instructions and Free Spyware Removal tools.

                                

 

Download Spyware Doctor To Remove This Virus "Spyware Doctor delivers powerful protection against spyware and adware threats. Spyware Doctor is honored by many of the world’s leading PC mags, including PC World, PC Magazine, and CNET."

Download Spyware Doctor

Brief: Malware makers colocate servers, grab IPv4 address blocks

22 December 2009

Malware distributors, apparently tired of facing the constant threats of disconnection, are taking advantage of lax background checks in the system for distributing IP address blocks and buying them directly. Address blocks, which cover a contiguous range of IP addresses, are typically reserved for legitimate institutions and businesses that can demonstrate a need for that sort of allocation. But, at the top level, there are only five regional registries, most of which cover large and culturally diverse geographic regions. That makes it difficult to confirm whether a given request comes from a legitimate organization, a problem that malware makers are using to their advantage.

These allegations against spammers and other online criminals were made in a recent article on Kaspersky Lab’s Threat Post. According to its author, online crime is big enough business that it now makes financial sense for its perpetrators to colocalize hardware at server farms, set up a legitimate looking business address, and apply for blocks of IP addresses via a cooperative or indifferent local registry. When the application is received by the regional organization, it often lacks the ability to carefully vet them, or even understand the local business laws where the request originated.

It’s still possible for ISPs to block access to a given allocation, but there are several ways to make that step more difficult, including mixing in some legitimate hosting within an address block and rotating among different allocations, among others. It also relies on the legitimate ISPs expending the time and effort to identify and block traffic. In any case, the practice chews through the increasingly scarce pool of unallocated IPv4 addresses.

The article is a bit confused in spots; it suggests that the malware authors are acting as their own ISPs (they’re not) and suggests it’s useful for botnet herders (they count on other peoples’ computers to do the heavy lifting). But it does provide yet another example of how, since various forms of malware have become big sources of income, the line between that and legitimate business has become increasingly blurry.

What is a “Brief” post?”



More Details

 

Share/Save/Bookmark

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

Spam Protection by WP-SpamFree

website statistics