Comments on: Long Lived Malware Distribution Sites http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/ A weblog dedicated to educating the community on security threats that matter Fri, 21 Nov 2008 13:12:01 +0000 http://wordpress.org/?v=abc By: Anuj http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-333 Anuj Fri, 07 Jul 2006 05:52:54 +0000 http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-333 Hi Jose, I read your blog and was really amazed to find that such a site has not been banned till now. But, its true that the Internet is a huge place and how ever huge number of people work to find such things, its still a tough job to do. Maybe common people like us can make a difference here. Why don't you publish the URLs of all such malicious sites which you have? In fact, all of us can do that here and prevent people from even visiting such sites. Hi Jose,

I read your blog and was really amazed to find that such a site has not been banned till now. But, its true that the Internet is a huge place and how ever huge number of people work to find such things, its still a tough job to do. Maybe common people like us can make a difference here. Why don’t you publish the URLs of all such malicious sites which you have? In fact, all of us can do that here and prevent people from even visiting such sites.

]]> By: Bleeping Malware http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-280 Bleeping Malware Tue, 27 Jun 2006 21:28:45 +0000 http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-280 [...] After reading an article written by Jose Nazario, a security expert for Arbor Networks about a particular long lived malware distribution site located on the 217.73.66.0 network I thought it would be interesting to document what this malware does when you install it. It should be noted that I do not have a modem installed, so the results will be different on a computer with one installed. [...] [...] After reading an article written by Jose Nazario, a security expert for Arbor Networks about a particular long lived malware distribution site located on the 217.73.66.0 network I thought it would be interesting to document what this malware does when you install it. It should be noted that I do not have a modem installed, so the results will be different on a computer with one installed. [...]

]]> By: Paul Laudanski http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-271 Paul Laudanski Sun, 25 Jun 2006 16:01:00 +0000 http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-271 <strong>Malware from long lived distrubution sites...</strong> A colleague at Arbor Networks, Jose Nazario, presents on the malware coming from a United Kingdom based host. Jose has put out a call to action against AS16238 which is responsible for the malware ridden network: 217.73.64.0/20. Block it in your host... Malware from long lived distrubution sites…

A colleague at Arbor Networks, Jose Nazario, presents on the malware coming from a United Kingdom based host. Jose has put out a call to action against AS16238 which is responsible for the malware ridden network: 217.73.64.0/20. Block it in your host…

]]> By: Suzi Turner http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-261 Suzi Turner Sat, 24 Jun 2006 04:12:58 +0000 http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/#comment-261 [...] In the course of my work, I see or hear about a lot of sites used for phishing and for distrubution malware. There are teams of people working constantly toward getting these shut down, but some just keep distributing malware even after the ISP/hosting company is notified. Security expert Jose Nazario of Arbor Networks blogged about one such site today. This site has been in operation since at least 2002 and is based in the UK.  The site in question lives at IP address 217.73.66.1 (link to whois at domaintools.com). Nazario has a screenshot of a directory listing at the site, showing malware files with dates ranging from 11-Feb-2002 to 19-June 2006. Nazario states there are a "few thousand" files and explains: [...] [...] In the course of my work, I see or hear about a lot of sites used for phishing and for distrubution malware. There are teams of people working constantly toward getting these shut down, but some just keep distributing malware even after the ISP/hosting company is notified. Security expert Jose Nazario of Arbor Networks blogged about one such site today. This site has been in operation since at least 2002 and is based in the UK.  The site in question lives at IP address 217.73.66.1 (link to whois at domaintools.com). Nazario has a screenshot of a directory listing at the site, showing malware files with dates ranging from 11-Feb-2002 to 19-June 2006. Nazario states there are a "few thousand" files and explains: [...]

]]>