Forgot your password?

Close
typodupeerror
Networking Security The Internet

Legitimate ISP a Cover-up For a Cybercrime Network 68

Posted by Soulskill
from the e-front-affront dept.
ezabi writes "TrendWatch, the malware research arm of TrendMicro, has posted a white paper titled 'A Cybercrime Hub' (PDF, summary here) describing the activities of an Estonian ISP acting as a cover-up for a large cybercrime network. It's involved with malware distribution and DNS hijacking, which leads to credit card fraud. The story's interesting, and a typical internet user would be exposed in such a situation. What security measures should be taken to prevent normal users from falling victim to such malicious bodies? Note that they are represented legitimately and are offering real services like any other internet company."
This discussion has been archived. No new comments can be posted.

Legitimate ISP a Cover-up For a Cybercrime Network More

Legitimate ISP a Cover-up For a Cybercrime Network

Comments Filter:

  • DNSSEC and ubiquitous SSL. (Score:5, Informative)

    by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Wednesday August 26 2009, @01:07PM (#29204179) Homepage Journal

    ...and DNS hijacking .... The story's interesting, and a typical internet user would be exposed in such a situation. What security measures should be taken to prevent normal users from falling victim to such malicious bodies?

    DNSSEC so they can't do anything to your DNS queries (not even by directing you to an evil resolver), and SSL or similar for everything else so your connections can't be edited or sniffed. Then there's not really much the can do, besides just dropping all your connections.

  • Re:Adware (Score:4, Informative)

    by Zocalo (252965) on Wednesday August 26 2009, @01:50PM (#29204807) Homepage
    Give me a break! Frankly, I'm not sure why they've even bothered to obscure the identity of the company concerned since it's pretty much obvious to anyone who follows IT security news that they are talking about EstDomains and Vladimir Tsastsin. Try punching those into Google or whatever and you'll see this goes way beyond being just an "adware company".

  • Re:DNSSEC and ubiquitous SSL. (Score:3, Informative)

    by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Wednesday August 26 2009, @04:43PM (#29207811) Homepage Journal

    DNSSEC only helps you if you run your own DNS resolver. 99% of the population uses their ISP's resolver. The exception are corporate networks, etc. DNSSEC does nothing to protect or help the end-user know that queries are good. The data from the resolver to client isn't signed or authenticated in any way, so even if you ask for the +adflag, etc., if someone has a way to mess with your DNS queries with MitM, they can add the "ad" (authenticated data) flag so your client would thing the data had been verified by DNSSEC.

    No, you can demand that the ISP's resolver forward all the records you need in order to verify the signatures yourself. The first thing google comes back with is this, from 2007 [circleid.com]:

    The current DNSSEC standards define a security-aware (stub) resolver that would be located at the users PC and which can indicate to a security-aware intermediate nameserver that it will perform its own DNSSEC validation by setting the Checking Disabled (CD) flag in the DNS query Header. This has the effect of inhibiting DNSSEC at the security-aware nameserver causing all necessary records to be supplied to the resolver to enable it to perform the security validation. The net result is we have achieved end-to-end security.

If you're not very clever you should be conciliatory. -- Benjamin Disraeli