RSS Alerts

Share

More services

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Trojan/Badlib identified as malware distribution network
    A Symantec research team have revealed that a new trojan – Trojan-Badlib – is being used as a malware distribution network by unknown hackers.
  • Digging Up the Hacking Underground
    The hacking underground is driven by three things: money, information, and reputation. Danny Bradbury takes a walk through its dark tunnels
  • Digging up the hacking underground
    The hacking underground is driven by three things: money, information, and reputation. Danny Bradbury takes a walk through its dark tunnels

Top 5 Stories

News

Ukrainian ISP servers shut down

04 February 2009

UkrTeleGroup, an infamous internet service provider in the Ukraine, has had its primary IP connection "depeered" by FiberNet, the Miami-based uplink provider.

The ISP's servers were reportedly at the centre of a set of botnets operated by the Zlob (aka DNSChanger) family of Trojans.
Tim Fitzpatrick, a spokesperson for the FPL Group, FiberNet's parent operation, is quoted by the Washington Post as saying that UkrTeleGroup's peering connections were terminated due to its violation of the company's terms of agreement.
The DNSChanger Trojan usually consists of 1.5 kilobytes file that is designed to change the 'NameServer' Registry key value to a custom IP address.
This IP address, Infosecurity understands, is usually encrypted in the body of a Trojan. As a result of this change a victim's PC will contact the newly assigned DNS server to resolve names of different web servers.
The web server IP addresses are generally found to be fake, and are really web sites designed to capture personal data that includes payment card details and social security numbers.
This is not the first time that an Eastern European ISP has had its internet connection revoked.
Last year saw estDomains, the infamous McColo ISP, which served as a home for the command and control servers for multiple botnets, was disconnected from the internet.
 

This article is featured in:
Data Loss  • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012