Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security EU The Internet

Bots Still Trying To Reach Cyberbunker 2.0 Addresses 9 Months After Raid (sans.edu) 13

Long-time Slashdot reader UnderAttack writes: In September last year, German police raided what was known as "Cyberbunker 2.0", a former cold war nuclear bunker turned into a "bulletproof" hosting facility. A student of the internet security-training company SANS Technology Institute analyzed traffic reaching out for the former Cyberbunker's IP address space.

Over two weeks, thousands of bots called "home" still looking for a command and control server. They also observed a number of phishing sites, as well as an odd ad network still directing users to the Cyberbunker's IPs. You can find the summary here.

This discussion has been archived. No new comments can be posted.

Bots Still Trying To Reach Cyberbunker 2.0 Addresses 9 Months After Raid

Comments Filter:
  • by Way Smarter Than You ( 6157664 ) on Saturday June 27, 2020 @12:11PM (#60234968)
    The command n control center going offline has nothing at all to do with how people maintain their computers.

    Grandma got her computer infected. It calls home. Home goes away due to raid. It still tries to call home. No one told grandma to clean up her computer. She doesn't even know anything bad is on it. How could she?

    We can't expect the average user to have any idea how their computers work and they shouldn't have to know. These are sold as consumer electronics. I don't know how my toaster oven works. If it had a toaster oven virus I wouldn't know anything about it. Although fortunately my toaster oven doesn't have an IP yet but the next one probably will without an option to disable. It'll need to call the manufacturer to check my toaster oven subscription status before I re-heat my pizza.
  • by darkain ( 749283 ) on Saturday June 27, 2020 @02:13PM (#60235370) Homepage

    File this under the "no shit" category. There are only ~4bil IPv4 addresses possible. EVERY... SINGLE... ONE... of them is being probed 24/7 at this point. Just open up a device with a visible firewall log on any public IP address, and watch the craziness go!

  • Why would some fire and forget malware in some clueless user's system suddenly "realize" the server is gone, and "decide" to stop trying?

    Did you drink too much cyber-AI Kool-Aid and now think aLgOrYtHmS are people?

    Don't write about software, if you never wrote any, please.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...