BARCELONA--As in life, reputations on the Internet take time to build up. Attackers interested in making a quick buck aren't necessarily the most patient lot, so as the various repuation systems on the Web have gotten more sophisticated and accurate, the bad guys have had to adjust their tactics and find new ways to evade them and plant their command-and-control servers.

One of the consequences of the exhaustion of the IPV4 address space is that not only are legitimate companies having a hard time finding IP blocks to use, so are the attackers. The number of IP addresses required for large scale botnets to operate effectively can be considerable, and finding large IP blocks to use for them can be difficult. And if they do find them, the IP addresses often are blacklisted quickly by reputation systems and are then useless for the attackers.

Now, in one effort to get around these systems, some attackers are taking advantage of the lack of IPV4 space by either purchasing or renting blocks of IP space with good reputations that have been built up over the course of several years. A number of legitimate trading and auction sites have appeared as the IPV4 space became scarcer, and the attackers have gotten involved as well, getting their hands on known good IP blocks and using them for C&C or hosting malware.

"The bad guys can buy or rent these as well, getting inside known good IP blocks so that the reputation systems don't blacklist them as quickly," Gunter Ollmann, VP of research at Damballa, said in a presentation at the Virus Bulletin conference here Friday.

That technique can be a boon for the attackers, who get the advantage of having some time to use the domains and not having to hop around from block to block in order to evade detection. But it also can have consequences for the legitimate owners of the IP blocks, as the repuations of those IP addresses and domains will be damaged as the systems begin to pick up on the malicious activity. Once that happens, it can be quite difficult to recover a domain's good reputation and get it back in the good graces of the security companies.

Read More at ThreatPost.com

(ME) MailEdge.net | Email - Secured
(HC) HostCheetah.tv | Free Hosting Tutorials
(VG) VirtualGraffiti.com | Technology Solutions