funsec mailing list archives
Re: Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware
From: Matt Jonkman <jonkman () jonkmans com>
Date: Thu, 28 Aug 2008 21:20:51 -0400
Them's some smart mo-fo's! Seriously, we all know this info, we had to put numbers to it to get it in the media. Any bets as to whether they declare bankruptcy and get "bought" by a new firm with the same management, or whether they scatter like cockroaches and reconstitute in panama? Matt Paul Ferguson wrote:
Brian Krebs writes on Security Fix: [snip] Last week, I examined a series of Web services that make profiting from cyber crime a point-and-click exercise that even the most novice hackers can master. Today, I'd like to highlight the activities of Atrivo, a Concord, Calif., based network provider that hosts some of these services. Several noted security researchers are releasing a report today that stems from many months of investigating malicious activity emanating from Atrivo's customers. Security experts say that Atrivo, also known as "Intercage," has long been a major source of spyware, adware, viruses and fake anti-virus products. The report is an exhaustive and well-researched analysis of Atrivo and its operations. Some of the statistics on active exploits cited in that report come from data sets I commissioned during my own investigation of Atrivo and later shared with Jart Armin, the principal author of the report and curator of the blog hostexploit.com. Looking back several years, Atrivo's various networks were used heavily by the Russian Business Network, an ISP formerly based in St. Petersburg, Russia. RBN had gained notoriety for providing Web hosting services catering exclusively to cyber criminals. But after increased media attention, RBN dispersed its operations to other, less conspicuous corners of the Internet. [snip] Much more here: http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_a s_major.html - ferg
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Paul Ferguson (Aug 28)
- Re: Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Matt Jonkman (Aug 28)
- Re: Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Rich Kulawiec (Aug 29)