<<<
Thursday, December 13, 2007
>>>
 
Warezov Continues Posted by Toni @ 16:38 GMT

Regular readers might remember Halloween's Warezov post.

At that time we had located 2039 domains associated with Warezov (alias Stration) and of those 2039 domains a whopping 810 were then active.

Yesterday, we decided to iterate through the list again. Any clue as to what we found?

Warezov Domains

Yep, out of the 2039 domains there are 826 domains alive and kicking. About 600 of them were alive during October's test.

We also decided to poke the servers a bit. As you may or may not know, Warezov uses servers (infected computers) for three main purposes:

   To distribute new versions of their malware
   To distribute spam templates for their spam agents
   To host various "pharmacy" sites

Without digging any further into how we identified the servers — during our observation the Warezov gang had a whopping 506 domains that were hosting pharmacy sites la fast-flux. 320 sites were used to distribute either malware or spam templates. Those were also fast-flux.

It's long been clear that the Warezov gang rotate their domains to take some of the heat off and that the only way to really make a dent in their operations would be to take down all of the 2039 domains simultaneously.

The fact that most of the domains are under two different registrars would make it easy… but the fact that both registrars are in China and seem to be somewhat reluctant to act makes it a tad more difficult goal to achieve.

Download the Lists:

   Active Domains826
   Inactive Domains1213
   Malware Hosts320
   Spam Agents506






<<< Year-End Updates from Microsoft
|
Turkish Defacement >>>