Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: MysteryFCM on June 18, 2010, 03:57:14 am

Title: Crimeware friendly ISPs: StarNet
Post by: MysteryFCM on June 18, 2010, 03:57:14 am
Crimeware friendly ISPs: StarNet (AS31252 195.206.246.0/23 STARNET-AS StarNet Moldova)

Quote
Moldova based ISP, StarNet (AS31252) has been on every security researchers radar for a considerable amount of time now, and this isn't looking to change any time soon.

StarNet is just one of several ISPs in Moldova, that's a haven for criminals spreading a multitude of malicious content, and the largest portion of this, is rogues. Monitoring one of the MITMs they're using, you can see new domains popping up every hour or so, this time though, the domain itself doesn't actually resolve, presumably this is an attempt to stop blacklist operators from being able to pinpoint the domains to blacklist. I say that because they're actually using wildcards, so for example, baddomain.com won't resolve but somerandomstring.baddomain.com will resolve. This means there's an impossibly large number of potential strings that can be used, and they know we can't possibly know all of them.

Read more
http://hphosts.blogspot.com/2010/06/crimeware-friendly-isps-starnet-as31252.html