ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Understanding Fast Flux Fraud

  • To: <gaaron@xxxxxxxxxxxx>
  • Subject: Re: [gnso-ff-pdp-may08] Understanding Fast Flux Fraud
  • From: Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 18 Jul 2008 07:55:55 -0700
Add botnet c&c/dns infrastructure and 419 scam "support" sites to that list of non-spamming uses of flux techniques. In the former case, nameservers and other content servers may be moved around that support the infrastructure of a botnet network or malware distribution system so that they are not dependent upon fixed IPs whose deletion can lead to a single point of failure in their operation. In the latter case, a lot of 419 scammers initially send out a series of e-mails to lure their victim, and only later provide information on the "website" of their bogus bank or organization in order to support their claims. These "hidden" sites are quite valuable to the 419 scammer and they don't want to be detected by blasting out spamvertising them. 

Rod

Rod Rasmussen
President and CTO
Internet Identity
1 (253) 590-4088

On Jul 18, 2008, at 7:35 AM, Greg Aaron wrote:
Most flux-enabled abuses/crimes/frauds have a spam component. But not all, and it can depend upon the type of crime or abuse involved. An example are child pr)nogrphy sites that are hosted on fast-flux networks. (There are 
some such sites active right now.)  The operators of such sites do not
advertise via spam, because it is a sure-fire way for them to attract the public attention they wish to avoid. This is why such domains do not show 
up on spam blacklists.
So spam is an excellent indicator, but it will not point to or be applicable 
to all fast-flux domains.

All best,
--Greg


-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Marc Perkel
Sent: Friday, July 18, 2008 10:10 AM
To: gnso-ff-pdp-May08@xxxxxxxxx
Subject: [gnso-ff-pdp-may08] Understanding Fast Flux Fraud


Tell me if this is accurate. Whenever there is fraud based fast flux
there is also a spam component that is spreading the word that links to the fast flux domain. That's what gets people interested in the fluxing 
domain. Fast Flux scams have a spam component.

Is this an accurate assumption?
<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy