Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Atrivo/Intercage: down but not yet out…

September 22nd 2008 in Uncategorized

Don’t we love the online press?   I’ve been watching the fall-out and online reports of Atrivo’s short lived disappearance off the net, and I think this is one of the more … misinformed … articles that I have seen so far:

US-Based Malware Network Shuts Down Source: Dark Reading

The article says (my comments in bold):

An Internet service provider (ISP) that was widely used by hackers and criminals for the exchange of data and malware is no longer operating, observers say.”    They were only “no longer operating” insofar as they were without an upstream peer for a short period of time – they haven’t actually gone out of business or anything like that…

Yesterday, however, several observers reported that the Atrivo network is no longer operating. The service appears to have shut down, and attempts to contact its operators by email have received no reply, the observers say.”  Actually, Atrivo/Intercage representatives (Emil Kacperski and Russell Mitchell) were quite vocal on the Nanog mailing list after the de-peering…

“I’d be interested to find out why they shut down,” said Robert Graham, CEO and founder of Errata Security, a security research firm. “They’ve actually been down for a while. My guess would be either a network failure or they’ve been raided by somebody [in law enforcement].”  I haven’t heard about any raids, I haven’t seen any reports of a network failure, and as far as I know, they weren’t knocked completely offline until dropped by PIE (Pacific Internet Exchange) – that didn’t happen until last Sunday.

But whether it was shut down by other ISPs, law enforcement, or network failure, Atrivo’s apparent demise probably won’t have much long-term impact on the flow of malware or other exploits, Graham says. “I expect the people who were using Atrivo will just go elsewhere,” he says. “It’s like a gigantic game of whack-a-mole. You shut one down, and the [exploits] pop up elsewhere.”  Well, at least this “guesstimate” was more accurate it seems Atrivo/Intercage may already be back online with a new upstream peer, Unitedlayer (AS23342)


2 comments to...
“Atrivo/Intercage: down but not yet out…”

Lucian Constantin
wrote on September 25th, 2008      

“They were only “no longer operating” insofar as they were without an upstream peer for a short period of time – they haven’t actually gone out of business or anything like that…”

When your entire business is based on server hosting solutions and domain registration and you’re left without an upstream peer, you’re out of business. As short as it lasted, they were out of business. Personal opinion.



sandi
wrote on September 25th, 2008      

@Lucian,

True, *but* Dark Reading were also claiming that emails were not being returned and that the service itself had shut down, and quoting Robert Graham’s theories. The tone of the article made it seem that Atrivo had gone out of business completely, which has proven to be untrue.

Sandi


I’ve wanted to do this for ages … never did get around to it … ;o) Steve has put together a chart listing the default settings for each Internet Explorer security level (IE7 on Vista SP1) – you can find it here:http://blogs.technet.com/steriley/archive/2008/09/16/internet-explorer-security-levels-compared.aspx

Previous Entry

Surprise surprise.  Screenshot taken just a few minutes ago…
http://www.cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
 

Next Entry

Archives