Whilst I'm waiting for the test machine to process results regarding trojans in MessengerPlus (more on that when the test machine has finished with the results), I thought we'd do another Crimeware friendly article. This time, it's Interactive3D.
Interactive3D have connections to various nefarious networks, such as root eSolutions (aka root SA), ServerBoost and KABELFOON, but one of their customers in particular, seems to love playing with malware, and as you're reading this, you've guessed they're doing bugger all about it.
The customer in question, is AltusHost (altushost.com), a host that's 100% malicious, and into everything from phishing to rootkits, with a little of everything else inbetween. AltusHost have 18.104.22.168/21 on the Interactive3D range.
Of course, it wouldn't be complete with just one cybercrime friendly ISP involved now would it? Which is why AltusHost made sure they've got at least three ISPs to play with - the others being root eSolutions, an ISP I've written about before (AltusHost have IPs all across 22.214.171.124/22, and all domains housed there are involved in malicious activity), and "Afraid.org", a DNS provider that also has a history of serving criminals.
Malicious content identified on Interactive3D ranges over the past few months includes (and yep, there's a whole load more);
They only came 36th on the HostExploit Top 50 Bad Hosts Q2 report, so obviously they're using AltusHost to ensure they get a little higher next quarter. It should be noted of course, that i3D themselves aren't actually criminals - they're just allowing criminals to use their network (feel free to shout at them for that).