funsec mailing list archives
Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 28 Aug 2008 22:10:22 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Krebs writes on Security Fix: [snip] Last week, I examined a series of Web services that make profiting from cyber crime a point-and-click exercise that even the most novice hackers can master. Today, I'd like to highlight the activities of Atrivo, a Concord, Calif., based network provider that hosts some of these services. Several noted security researchers are releasing a report today that stems from many months of investigating malicious activity emanating from Atrivo's customers. Security experts say that Atrivo, also known as "Intercage," has long been a major source of spyware, adware, viruses and fake anti-virus products. The report is an exhaustive and well-researched analysis of Atrivo and its operations. Some of the statistics on active exploits cited in that report come from data sets I commissioned during my own investigation of Atrivo and later shared with Jart Armin, the principal author of the report and curator of the blog hostexploit.com. Looking back several years, Atrivo's various networks were used heavily by the Russian Business Network, an ISP formerly based in St. Petersburg, Russia. RBN had gained notoriety for providing Web hosting services catering exclusively to cyber criminals. But after increased media attention, RBN dispersed its operations to other, less conspicuous corners of the Internet. [snip] Much more here: http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_a s_major.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFItyJAq1pz9mNUZTMRAt8UAKDgA29rLU3g9/pVJO2IgomFgmqguQCgy4V1 TlrWrUBl+gFDTKjYN0AN76U= =1Nh5 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Paul Ferguson (Aug 28)
- Re: Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Matt Jonkman (Aug 28)
- Re: Atrivo/Intercage: Report Slams U.S. Host as Major Source of Badware Rich Kulawiec (Aug 29)