#CyberFLASH: How shifting and rotating IP addresses help cyber attackers

keyboardLaw enforcement agencies around the world are mounting an increased effort against cyber criminals, but they don’t seem to get very far. Two recent reports explain why: Gangs are using technology to rapidly and regularly change Internet addresses.

Security reporter Brian Krebbs writes today of a botnet of hacked computers around the world that is effectively a criminal cloud hosting environment for a wide range of activity including hosting stolen credit card shops.

Tipped off by security vendor RiskAnalytics, the system changes the Internet address, or domain name server (DNS) of each Web site roughly every three minutes. In a test Krebbs did of one site, in a 12-hour period the DNS of one site spat out more than 1,000 unique addresses.

Krebbs quotes a RiskAnalytics official estimates there are over 2,000 infected endpoints, mostly in Europe, behind the botnet. It feels, he said, “like a black market version of Amazon Web Services.” That official says the malware that runs the botnet assigns infected hosts different roles — for example, more powerful systems might be used as DNS servers, while infected systems behind home routers may be infected with a “reverse proxy,” which lets the attackers control the system remotely.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.