Author Topic: Crimeware friendly ISPs: StarNet  (Read 2114 times)

0 Members and 1 Guest are viewing this topic.

June 18, 2010, 03:57:14 am
Read 2114 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Crimeware friendly ISPs: StarNet (AS31252 195.206.246.0/23 STARNET-AS StarNet Moldova)

Quote
Moldova based ISP, StarNet (AS31252) has been on every security researchers radar for a considerable amount of time now, and this isn't looking to change any time soon.

StarNet is just one of several ISPs in Moldova, that's a haven for criminals spreading a multitude of malicious content, and the largest portion of this, is rogues. Monitoring one of the MITMs they're using, you can see new domains popping up every hour or so, this time though, the domain itself doesn't actually resolve, presumably this is an attempt to stop blacklist operators from being able to pinpoint the domains to blacklist. I say that because they're actually using wildcards, so for example, baddomain.com won't resolve but somerandomstring.baddomain.com will resolve. This means there's an impossibly large number of potential strings that can be used, and they know we can't possibly know all of them.

Read more
http://hphosts.blogspot.com/2010/06/crimeware-friendly-isps-starnet-as31252.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net