Jump to content

Bot Nets in the news


rconner

Recommended Posts

Posted

Two citations from Yahoo! News and Yahoo! Tech regarding the FBI's "Operation Bot Roast." The former ties in the Bob Soloway prosecution (a direct link I wasn't aware of), while the second (an "expert" blogger) advises people to check their 'sent messages' spool to see whether their machines sent any spam (which is not helpful, since the bot software doesn't make use of users' mail programs, and such advice could give people a false feeling of security).

-- rick

Posted
<snip> while the second (an "expert" blogger) advises people to check their 'sent messages' spool to see whether their machines sent any spam (which is not helpful, since the bot software doesn't make use of users' mail programs, and such advice could give people a false feeling of security).

-- rick

Quite right - as if a zombie SMTP engine is going to leave a copy of its spam in the OE Sent Items folder! I suppose the guy's knowledge is pretty good for Yahoo tech, (kingdom of the blind & all that...). It used to be next to impossible to get the Yahoo abuse teams to comprehend how a 419er could use a Yahoo response address without sending his spam via Yahoo webmail, and as for getting criminal fraud domains removed from their botnet lookalike 'Small Business Network'.......
Posted
... as for getting criminal fraud domains removed from their botnet lookalike 'Small Business Network'.......

Hmm, that must be why I used to get a lot of spam for child porn tracing to private domains and Yahoo servers, n'est ce pas? I always wondered how stupid Yahoo! had to be in order to keep selling hosting to the same international criminals.

-- rick

Posted

Hmm, that must be why I used to get a lot of spam for child porn tracing to private domains and Yahoo servers, n'est ce pas? I always wondered how stupid Yahoo! had to be in order to keep selling hosting to the same international criminals.

-- rick

More than likely - this is the sort of network I've come across quite a few times:

==============Server===========DNS 'A' Record Response (Site host IPs)====

yns1.yahoo.com [66.218.71.205] 69.147.83.150 69.147.83.151 69.147.83.152 69.147.83.153 69.147.83.154 69.147.83.155

yns2.yahoo.com [216.109.116.20] 69.147.83.146 69.147.83.159 69.147.83.176 69.147.83.177 69.147.83.178 69.147.83.179

The network uses a set of 34 Yahoo/Geocities IPs from 69.147.83.146 to 69.147.83.179 to host domains on a fast rotating basis controlled by Yahoo nameservers yns1.yahoo.com [66.218.71.205] & yns2.yahoo.com [216.109.116.20]

When I've looked up the domains hosted on that network, (which seems to use the same sort of software as a zombie botnet controller, only rotating much faster), there seem to be an appreciable number of very dubious domains hosted, including the money laundering fraud ones I got removed.... It seems to be Yahoo's idea of a "Small Business Network", (no questions asked.....).

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...