Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security IT

Cybercriminals Building New, Stealthier Networks 107

Posted by CmdrTaco from the hey-wait-a-minute dept.
ancientribe writes "Cybercriminals are adopting a new method of hiding and sustaining their malicious Websites and botnet infrastructures so they'll be harder to detect, called "fast-flux," according to an article in Dark Reading. Criminal organizations behind two infamous malware families — Warezov/Stration and Storm — in the past few months have separately moved their infrastructures to so-called fast-flux service networks. The article says bad guys like fast-flux not only because it keeps them up and running, but also because it's more efficient than traditional methods of infecting victims' machines." I'm not exactly sure why this is new/different than the more well known open relay proxy networks.
This discussion has been archived. No new comments can be posted.

Cybercriminals Building New, Stealthier Networks More

Cybercriminals Building New, Stealthier Networks

Comments Filter:

  • Know Your Enemy paper on Fast Flux just out (Score:5, Informative)

    by Anonymous Coward on Wednesday July 18, 2007 @10:17AM (#19900535)
    Has a lot more detail: http://www.honeynet.org/papers/ff/fast-flux.html [honeynet.org]

  • Re:What's special about port 80? (Score:2, Informative)

    by GnuDiff ( 705847 ) on Wednesday July 18, 2007 @10:19AM (#19900559) Journal
    AFAI have looked, port 80 is the one that is least likely to be stopped by firewalls.

    There are a number of small (and I mean tiny - think 100 clients max) ISPs around my city alone, whose networking expertise is close to nil. They go with default settings of the equipment they get. So even if they put up a firewall of sorts to protect their clients, it is left at default settings.

    The fact is there are not only tons of users out there without a clue, but a nice bunch of ISPs as well and sloppy network admins, sometimes even of large organizations.

  • Re:What's special about port 80? (Score:5, Informative)

    by orclevegam ( 940336 ) on Wednesday July 18, 2007 @10:21AM (#19900597) Journal
    The blocking of port 80 they suggest really isn't about stopping the fast flux network, but it's an attempt to make it harder (marginally) to use the systems on that network for phishing attacks. As I understand it one of the uses these networks are being put to is to duplicate a phishing site on a couple hundred zombie systems, then rotate a single phishing URL through all of them making it harder to bring down the phishing site because you'd have to take down every one of the zombies, or find some way of nuking the DNS entry (which apparently the registrars are hesitant to do, even though some recent events seem to show that they'll do it quite happily if a big enough company or corporation asks them to). Personally I think blocking port 80 is a dumb idea and barely constitutes a speed bump for the kinds of people that run these things, but hey, that's never stopped a company from adopting a stupid idea, or marginal positive value and substantial negative (to the customer, if it hurts their bottom line forget it).

  • Re:The word is "hacker". (Score:3, Informative)

    by Mathinker ( 909784 ) on Wednesday July 18, 2007 @10:42AM (#19900899) Journal
    > even most of the "white hat" hackers are "cybercriminals"

    Checking http://en.wikipedia.org/wiki/Hacker_definition_con troversy [wikipedia.org] gives Linus Torvalds as an example of a hacker of the "other definition"... in what way is he a cybercriminal?

    I hope whoever modded your pitifully binary views on the meaning of language terms as Insightful gets his due via meta-moderation... It is true that the new meaning of this term seems to be the more used one now, in what way does that make the old meaning obsolete, or the more exact and unambiguous term "cybercriminal" superfluous or undesirable?

  • Fast-flux networks aren't proxies (Score:4, Informative)

    by jbsoles ( 1129855 ) on Wednesday July 18, 2007 @02:27PM (#19904563)
    As the subject implies, fast-flux networks are not proxies. They HAVE proxies. The basic difference is that a proxy redirects incoming and outgoing traffic through a server or router some where else, thus "spoofing" your IP address. Fast-flux networks certainly use proxies, but there's one big difference; fast-flux networks allow you to host content this way. To host your own website (short of technical mastery) you used to need a static IP address that runs directly to one or more servers, making it very easy to catch you if you use a domain name for illegal purposes and even easier to shut you down. Fast-flux networks allow you to use many IP addresses to host content from one central server or set of servers. The IP's on the front end are disposable and more can be generated quickly. It also provides the web site administrator a proxy level to protect his identity while hosting just like the one Tor proxy provides me while surfing. In other words, the difference between fast-flux networks and proxies is that fast-flux networks can be used to host from one computer to many different IP addresses, in part by using proxies. A proxy just doesn't let you do that. Thanks for reading a rather long post. I'm a student and a paper on fast-flux networks just happened to be distributed where I do research for the summer:)

Slashdot Top Deals

After an instrument has been assembled, extra components will be found on the bench.

Close