Tag Archive for 'AS49365'

And another Bulletproof Hoster goes Offline…

A friend over MDL just informed me today that another bulletproof hoster called GR-VERTICAL-AS Group Vertical Ltd (AS49365) has gone offline this night. Back in october 2009 I wrote a blog post about this ISP (see Source of badness: Group Vertical Ltd (AS49365)) and described how bad this ISP is. A few days later, Groupe Vertical has been disconnected from the internet. Unfortunately, the bad guys just managed to get online again.

Now it seems that this night their upstream provider VLineTelecom LLC Moscow (AS39150) just cut their peering with Group Vertical:

GR-VERTICAL-AS Group Vertical Ltd
NOT Announced

This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.

Prefixes added and withdrawn by this origin AS in the past 7 days.
– 91.212.220.0/24 Withdrawn

As of yesterday, this ISP has hosted 20 ZeuS C&C servers in their subnet:

Due to the fact that Group Vertical is offline again, the number of active ZeuS C&C server will just drop again today! But there is even more work left to do:

Let’s see how long these ISPs will stay online….

Well known ZeuS hosting ISP “Group Vertical” offline

A week ago I wrote a post about the well known rogue ISP Group Vertical (see “Source of badness: Group Vertical Ltd (AS49365)”) which was top ZeuS hosting ISP over several month.

Today I took a look at the ZeuS statistics on the ZeuS Tracker and I was really suprised:

Number of ZeuS hosts after cut off AS49365

As you can see on the statistic above the number of active ZeuS Command&Control servers (C&C) had a big decreas on the 26th october 2009. My first thought was that there maybe was a problem with the ZeuS Tracker script. But after I tooked a look at the top ZeuS hosting ISPs on the ZeuS Tracker, I saw that all ZeuS Command&Control servers in the subnet of Group Vertical (AS49365) are offline. Finally I took a look at the CIDR Report for AS49365 and I was happy to see that this rogue AS is no longer being announced in the global BGP table:

Report for AS49365
Name GR-VERTICAL-AS Group Vertical Ltd

NOT Announced

This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.
Prefixes added and withdrawn by this origin AS in the past 7 days.

– 91.212.220.0/24 Withdrawn

Source: CIDR report for AS49365

So I guess that the Russian upstream provider Fiord has cut off their peers to the rogue ISP Group Vertical on 26th october 2009. As e result of this, Group Vertical lost their internet connection and the number of active ZeuS Command&Control servers (C&C) dropped rapidly from 190 down to 148 world wide – That’s more than 40 ZeuS Command&Control server which are now no longer reachable from the internet!

McColo… Ural Industrial Company… Real Host… Group Vertical… Who’s next? :P




economics-recluse
Scene
Urgent!