InterCage suspends thousands of malware related sites

Only a few days after an article in the Washington Post and a detailed report by HostExploit [PDF] [Video] they (InterCage) have suspended thousands of malware related sites. Which is good news … but it makes you wonder if these sites will simply be transfered elsewhere, or the criminals will just register thousands of new sites and continue with their activities … since these culprits depend on the revenue generated by their illegal activities, I predict they will pop-up elsewhere very soon.

I happened to notice this myself (amount of suspended domains) when running a program I use to validate the DNS of each entry in the HOSTS file. Usually it returns a hundred or so sites that have either expired or suspended, Parked, etc. … (since the last update) however this time the amount was huge!

Although the “comments” (must read) to the article by “Emil Kacperski” appear to be nothing more than the usual spin … mainly complaining why other hosting domains are not mentioned … it seems that exposing the activities by InterCage has produced some results … for now. It will be interesting to see the outcome of Brian Krebs other scheduled related articles …



4 Responses to “InterCage suspends thousands of malware related sites”

  1. Hi. I would be very interested to hear from you what the difference was in the current hosts file you have and what was observed as suspended from that list?

    I can be reached at brian.krebs@washingtonpost dot com. If you send me an email there, I will reply from that address.

    Thanks.

    Bk

  2. > when running a program I use to validate the DNS of each entry in the HOSTS file

    Hi Mike,

    Just curious… which program do you use for this?

  3. Dean,
    To validate I use CIP
    http://www.snapfiles.com/get/cipfree.html

  4. WVFiber just said it plans to drop connectivity to Atrivo/Intercage this week. Also, nLayer is demanding some 7,400 IP addresses back from Atrivo.

    See the updates at:

    http://voices.washingtonpost.com/securityfix/2008/09/scam-heavy_us_isp_grows_more_i.html