Russian Business Network (RBN): atrivo

Not the end, not the beginning of the end, but perhaps the end of the beginning.

As from today the Internet is a little safer, as Atrivo goes dark.

It is pleasing to report the last remaining peer routing Atrivo (AS 27595 Atrivo/ Intercage), ‘Pacific Internet Exchange’ (PIE) see Spamhaus ref below, was withdrawn at 2:35am EST Sunday Sept 21st 2008.

This is an excellent example of community effort involving a wide cross section of anti-spammers, malware and botnet researchers, journalists, and Internet network operators.

Although this is good news we should not relax too much, some of the bad stuff has migrated elsewhere, similar to the self re-distribution of AS40989 RBN Network last year. However, we look forward to the forthcoming ‘Atrivo – Cyber Crime USA’ report version 2.0 from HostExploit which may cast some light on this re-distribution and other bad actors.

Magnanimous in victory we should give the last word to the vanquished as Emil Kacperski long time spokesman and apologist for Atrivo / Intercage said,

“I just put my fate into companies I shouldn't have.”

For the record the CIDR report - RIP

Refs:

Spamhaus - PIE - Lasso

Atrivo: Cyber Crime USA Report - Hostexploit.com

Cidr Report - Atrivo / Intercage

In a new study entitled "Atrivo - Cyber Crime USA", the authors have extensively tracked and documented ongoing cyber criminal activity from within the Internet servers controlled by the California-based Atrivo, and other associated entities. Atrivo is one of the Internet's Autonomous Systems and controls a large number of IP addresses, which web sites must use to reach consumers.

Produced by cyber crime researcher Jart Armin, in association with Matt Jonkman and James McQuaid, the first of its kind Open Source Security study set out to quantify and continuously track cyber crime using numerous methods of measurement. It focuses specifically on the notorious Atrivo, which has been seen by many over several years as a main conduit for financial scams, identity theft, spam and malware. This study although fully self contained is the first of a series of reports, on a monthly basis there will be a follow up to report on the community response, the efforts of the cyber criminals to evade exposure, listings to assist in blocking the risks to Internet users, and hopefully efforts to stop them.

In addition to original quantitative research conducted by Armin, Jonkman and McQuaid, the study draws upon the findings of other research efforts, including StopBadware, EmergingThreats, Knujon, Sunbelt, CastleCops, Spamhaus, and many others. What emerges is a picture of a front for ruthless cyber criminals, who have specifically targeted consumers in the United States and elsewhere. The study provides hard data regarding specific current activity within Atrivo, explains how consumers are targeted, describes Atrivo's virtual network structure, organizational modeling, and cites Atrivo's collusive failure to respond to abuse complaints from 2004 to the present. The study includes three dimensional charts, diagrams, and a YouTube video which make it easy to grasp the statistics or processes discussed.