Safe Netting

All of our preaching for the complete dismantling and restructuring of ICANN is now being validated and reinforced by activities from several other internet crime-fighting agencies. We’ve reported the investigative work by KnujOn.com many, many times. A second agency has now entered the fray to provide yet more substantial evidence that ICANN is at the root of the cybercrime problem.

Consider if you received a malicious telephone call from the same criminal cartel every eight minutes around the clock. You would have grounds for legal action, and law enforcement would take swift criminal action. This is the frequency of spam we’ve been receiving from the SAME cybercrime block owners for some time. This is staggaring when compared to junk faxes and telemarketing laws — yet law enforcement says there’s nothing we can do about it. Reports and complaints have been filed with ICANN, but no action is taken.

Cybercrime via Rogue Registrars

Anyone who investigates spam has known that ICANN is the agency responsible for allowing criminal cartels to become registrars and use thousands of domains at no cost. These domains are then used in the perpetuation of spam, phishing, botnets, exploits, and all kinds of malware on the web.

Undeniable Proof

A new report from HostExploit now illustrates our point beyond a shadow of a doubt.

HostExploit has been tracking and investigating the firm Atrivo & Intercage & Co. and just a portion of more than 2,600 rogue IP addresses the company owns and controls. (This is actually a potential of 26,000 different malware web sites!) HostExploit uses an automated intelligent agent which visits each domain and downloads all content from each domain. In this exercise, Hostexploit discovered:

* 31 known malware binaries
* 91 infected websites
* 113 botnet C&C controllers
* 734 malicious web links, including links to products like XPDefender
* 145 fake porn redirectors using a DNS-hijacking rootkit.

Based on 465 random samples, Hostexploit found that 78 percent of Atrivo domains and mail servers are rated hostile.

Here’s how hostile web sites work : WATCH THIS VIDEO

Badware

Brian Krebs, Computer Security reporter for the Washington Post wrote:

Matt Jonkman, founder of EmergingThreats.net, scanned that list of 2,600 domains with the latest threat signatures from Snort, an open-source intrusion detection and prevention system. Among other results, Jonkman found 113 Atrivo addresses being used as “command and control” servers directing the operations of separate botnets, or agglomerations of thousands of hacked PCs that are used for everything from spamming to phishing to attacking others online. Keep in mind, that’s 113 botnet C&Cs found in just 10 percent of Atrivo’s address space.

Then further…

Then, I checked out Atrivo’s reputation as measured by StopBadware, whose Google-fed database listed 35,449 mostly legitimate, hacked Web sites that were pulling down malicious software from addresses on Atrivo’s IP space. On just one of dozens of blocks of Internet addresses routed through Atrivo (a set of 256 IPs belonging to Hostfresh), Google found more than 221,000 Trojan horse programs, 9,773 Web browser exploits, and nine computer worms.

Read Brian’s article: Report Slams U.S. Host as Major Source of Badware

Seriously, folks: how can this be allowed to go on? If these were crimes in the “real” world, they would have been put under the jail before they got anywhere near this well entrenched.

The HostExploit report examins the US-based ISP Atrivo to discover an alleged willingness to ally itself with ongoing criminal enterprises.

It has become increasingly apparent the malware, spam, phishing and other BadWare distributors are now engaged in automated domain generation, 100’s to 1,000’s per week, which is proving a serious difficulty for major domain / IP ‘blocklist’ and ‘blacklist’ providers to simply keep up .

You can download the HostExploit Report in its entirety by downloading this PDF file: Atrivo white paper 082808ac.pdf

hostexploit.com:

We now believe the general situation on the Internet calls for an alternative and added open source approach to deal with this head on, i.e. the web hosts and Internet carriers. Every one of the IP’s, web sites or domains are hosted or carried by someone, we feel it is time to break the taboo and name, list and expose the ones that host the malware that infects us all. This approach is not to replace existing methods, but we hope it will add to the security community’s and PC user’s array of possible tools to reduce the threat.

Ask the question :

When will action be taken against this real and present danger?