Botnet administrators have begun setting up their own
virtual data centres to counter coppers who have been shutting down their ISPs.
According to
Threat Post criminals have been bypassing internet controls by going
through local Internet registries (LIR) or by taking advantage of RIRs that
don't have the resources to investigate every application as fully as they'd
like. Security researchers say they are buying servers and
place them in a large data centre and then submit an application for a large
block of IP space. In some cases, the applicants are asked for nothing more
than a letter explaining why they need the IP space.
Alex Lanstein, senior security researcher at FireEye, an
antimalware and anti-botnet vendor said that the bad guys are going to some
local registries in Europe and getting massive amounts of IP space and then
they just go to a hosting provider and set up their own data centres. This makes them their own ISP which makes them a lot
harder to take down.
The problem is that it is impossible for the Internet
authorities to work out that a company is involved in illegal activity. The set up process has become a useful tactic for the
criminals running botnets and large spam and carding operations. Attackers who own their own large blocks of IP space have
a much easier time hiding their activities than do criminals who have to go
through legitimate ISPs or hosting providers.