Cybercriminals Building New, Stealthier Networks

ancientribe writes "Cybercriminals are adopting a new method of hiding and sustaining their malicious Websites and botnet infrastructures so they'll be harder to detect, called "fast-flux," according to an article in Dark Reading. Criminal organizations behind two infamous malware families — Warezov/Stration and Storm — in the past few months have separately moved their infrastructures to so-called fast-flux service networks. The article says bad guys like fast-flux not only because it keeps them up and running, but also because it's more efficient than traditional methods of infecting victims' machines." I'm not exactly sure why this is new/different than the more well known open relay proxy networks.

Block TCP Port 80

[quanticle]

What can be done about fast flux? ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; "blackhole" DNS and BGP route-injection; and monitor DNS, the report says.

The bit about blocking TCP port 80 is troubling. I run a small web-site for learning purposes and to share info with family and friends. I don't especially like the possibility of having to ask or pay extra to have port 80 opened on my end.

Re:Block TCP Port 80

[brunes69]

So run it on port 8080 or something else. There is nothing magical about port 80 that you have to run a website on it.

Re:Block TCP Port 80

[Otis2222222]

That sounds great, I am sure it would be no problem whatsoever to tell your friends "My website is at dub-dub-dub dot mywebsite dot com, colon eighty eighty. And if you don't type the 'eighty eighty' you won't get there. Don't forget to type colon eighty eighty, grandma".

And what the other guy said about proxies is valid too. It's very common for outbound corporate firewalls to block non-port-80 traffic for web browsing.

Re:Block TCP Port 80

[utopianfiat]

This is what Slashdot has become.
Two years ago there would have been a frosty piss and a two-page discussion on how this douchebag OP was wrong to use the word "cybercriminals" (or cyberfoo for that matter), and how his article reads like a page out of the script to this flaming piece of shit. [imdb.com] Where did we go? Since when did Slashdot become Eternal September?
That's right point-bearing masses, mod me flamebait because nobody else has the balls to stand up to this kind of terrible quality news. FFS look at the damn article! It says nothing! It literally states something that was true ten years ago when the botnet was invented! News for NERDS? more like News for NEWBS.
Christ alfuckingmighty.

Re:Block TCP Port 80

[utopianfiat]

I'm waiting for a worm that exploits STUN and invalidates the whole "block any port you don't use" rule.

JUST SAY IT! "Home PCs" = Windows OS

[Jerry]

ALL of these zombies are computers running a Windows OS.

There. I've said it. Why hide the truth?

Are journalist thinking "everyone knows it is Windows that is so vulnerable to mere emails, so there's no use in embarrassing Microsoft"? I don't think so... any more than they "just happened" to get Ferrari laptops for writing good articles about VISTA.