Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: InfoSec News (alertsinfosecnews.org)
Date: Wed Oct 13 2010 - 01:36:36 CDT
By Dan Goodin in San Francisco
12th October 2010
For the past three weeks, internet addresses belonging to Microsoft have
been used to route traffic to more than 1,000 fraudulent websites
maintained by a notorious group of Russian criminals, publicly
accessible internet data indicates.
The 1,025 unique websites -- which include seizemed.com, yourrulers.com,
and crashcoursecomputing.com -- push Viagra, Human Growth Hormone, and
other pharmaceuticals though the Canadian Health&Care Mall. They use one
of two IP addresses belonging to Microsoft to host their official domain
name system servers, search results from Microsoft’s own servers show.
The authoritative name servers have been hosted on the Microsoft
addresses since at least September 22, according to Ronald F. Guilmette,
a researcher who first uncovered the hijacking.
The Register independently verified his findings with other security
experts who specialize in DNS and the take-down of criminal websites and
botnets. By examining results used with an internet lookup tool known as
Dig, short for the Domain Information Groper, they were able to
determine that 18.104.22.168 and 22.214.171.124 -- which are both
registered to Microsoft - are housing dozens of DNS servers that help
convert the pharmacy domain names into the numerical IP addresses that
host the sites.
The most likely explanation, they say, is that a machine on Microsoft's
campus has been programmed to do so, probably after it became infected
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.