AOH :: ISNQ7028.HTM

Ruskie gang hijacks Microsoft network to push penis pills




Ruskie gang hijacks Microsoft network to push penis pills
Ruskie gang hijacks Microsoft network to push penis pills



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1192406208-1286946208=:3336
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ 

By Dan Goodin in San Francisco
The Register
12th October 2010

For the past three weeks, internet addresses belonging to Microsoft have 
been used to route traffic to more than 1,000 fraudulent websites 
maintained by a notorious group of Russian criminals, publicly 
accessible internet data indicates.

The 1,025 unique websites -- which include seizemed.com, yourrulers.com, 
and crashcoursecomputing.com -- push Viagra, Human Growth Hormone, and 
other pharmaceuticals though the Canadian Health&Care Mall. They use one 
of two IP addresses belonging to Microsoft to host their official domain 
name system servers, search results from Microsoft=E2=80=99s own servers show. 
The authoritative name servers have been hosted on the Microsoft 
addresses since at least September 22, according to Ronald F. Guilmette, 
a researcher who first uncovered the hijacking.

The Register independently verified his findings with other security 
experts who specialize in DNS and the take-down of criminal websites and 
botnets. By examining results used with an internet lookup tool known as 
Dig, short for the Domain Information Groper, they were able to 
determine that 131.107.202.197 and 131.107.202.198 -- which are both 
registered to Microsoft - are housing dozens of DNS servers that help 
convert the pharmacy domain names into the numerical IP addresses that 
host the sites.

The most likely explanation, they say, is that a machine on Microsoft's 
campus has been programmed to do so, probably after it became infected 
with malware.

[...]


--1457021584-1192406208-1286946208=:3336
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/ 
--1457021584-1192406208-1286946208=:3336--

Site design & layout copyright © 1986-2014 CodeGods