Arbor Networks: Security to the Core

Enough has been written about the Loads.CC team to probably give you enough of a picture that you need to know. Some reports suggested they went away, but they didn’t. They’re still active. See these reports by RBN exploit, CIO magazine, 2-viruses.com, this PC Week article by Scott B, and Adam T for a good background. The team is still quite active.

They came up in some analysis earlier this week when we looked at an infection chain. I started digging and found that they’re still churning out new malware install sites with great regularity:

Loads.CC URLs (manda.php) since Jan 1, 2008

They’re spreading their efforts around the world, which makes sense. Some of these countries have become hotbeds of malicious website activity, as they have lax controls and ISPs don’t respond to takedown requests.

Loads.CC activity by website hosting country

Here’s the kicker: someone really wants these guys out of business. Still. Even though the Loads.CC domain name now points to nowhere. Here’s DDoS attacks we’ve been tracking against their domain name this year alone.

DDoS attacks targeting Loads.CC this year so far

It’s interesting to watch these ’skirmishes’ in the malware communities.

This entry was posted on Thursday, April 17th, 2008 at 4:42 pm and is filed under ATLAS, Botnets, Malware, Trojan Horses. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.