Why is there a route from my ISP to the infamous Russian domain. How trivially easy would it be for TWC here in San Antonio to simply delete the ability for any packet to arrive at said domain. They know where it is, the exact IP range, and adding extra IP addresses where packets end up at this big bit bucket in the sky (/dev/null on some gateway) astounds me.
It isn't rocket surgery, it could eliminate the profit motive and decimate the malware revenue stream in literally days, wiping it out.
Come on TWC, take a chance, use one of your engineers and $128 in labor and simply remove these nasty IP addresses from being accessible.
TripleII
Malware researchers at BitDefender are reporting on a newly discovered malware (Trojan.PWS.ChromeInject.B) that when once dropped in Firefox’s add-ons directory starts operating as such, and attempts to steal accounting data from a predefined list of over a hundred E-banking sites. Once the accounting data is obtained, it’s forwarded to a free web space hosting provider in Russia. Earlier this year, a more severe incident took place when the Vietnamese Language Pack hosted at Mozilla’s official list was infected with malware.
“It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively. It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials. It is the first malware that targets Firefox. The filtering is done by a JavaScript file running in Firefox’s chrome environment.”
Despite the novel approach used, the malware would have made a huge impact if it were released several years ago when E-banking authentication was still in its infancy since plain simple keylogging is one part of the session hijacking tactics used. And while they will indeed obtain the accounting data, this is no longer sufficient for a successful compromise of a bank account. In comparison, the techniques used by sophisticated crimeware like Zeus, Sinowal and Wsnpoem undermine the majority of two-factor authentication mechanisms used by E-banking providers, since once you start doing E-banking from a compromised environment nothing’s really what it seems to be anymore.
