Botnet administrators have begun setting up their own virtual data centres to counter coppers who have been shutting down their ISPs.

According to Threat Post criminals have been bypassing internet controls by going through local Internet registries (LIR) or by taking advantage of RIRs that don't have the resources to investigate every application as fully as they'd like. Security researchers say they are buying servers and place them in a large data centre and then submit an application for a large block of IP space. In some cases, the applicants are asked for nothing more than a letter explaining why they need the IP space.

Alex Lanstein, senior security researcher at FireEye, an antimalware and anti-botnet vendor said that the bad guys are going to some local registries in Europe and getting massive amounts of IP space and then they just go to a hosting provider and set up their own data centres. This makes them their own ISP which makes them a lot harder to take down.

The problem is that it is impossible for the Internet authorities to work out that a company is involved in illegal activity. The set up process has become a useful tactic for the criminals running botnets and large spam and carding operations. Attackers who own their own large blocks of IP space have a much easier time hiding their activities than do criminals who have to go through legitimate ISPs or hosting providers.