Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 29 March 2009

RBN Domains Fleeing HostFresh

After receiving information that the RBN malware bastion, HostFresh (aut-num: AS23898 as-name: HOSTFRESH-AS-AP), was in the process of being depeered, I decided to track fleeing malware domains.

During the takedowns of Atrivo, McColo and UkrTelegroup, we observed domains being migrated to other IP ranges, as the owners sought to keep their criminal enterprises alive.

As of Sunday morning 29 March 2009, 61% of the 18 malware domains that I sampled had been migrated:

Read more

No comments: