There are serious tools and services such as Google Safe Browsing for malicious

Question

There are serious tools and services such as Google Safe Browsing for malicious and phishing websites, and others fully dedicated to phishing websites such as Phishing.org.

What is done against these websites (especially the ones that distribute malware, with drive-by download attack, for instance) once they are publicly flagged so ? Are they blocked later or something like that ? For example there has been a multi-national action against the GameOver Zeus Botnet. Is there something like that against the malicious websites ?

Explanation / Answer

Okay, personal anecdote time.

I'm a sysadmin in real life, working for an ISP that primarily caters to small to medium businesses.

One of our larger customers operates, among other things, an exceptionally cheap and completely automated shared webhosting service. You sign up, pay a couple of bucks via credit card, and plonk your site down. No human interaction required of any sort.

As the AS that controls their IP block, we used to get phishing site complaints regarding that server like clockwork. We immediately forward those to the NOC of the company, who then investigate and delete the site... But by the time that's done the phishing site is already being hosted somewhere else entirely.

The credit card numbers used to pay usually turn out to be stolen (of course) and the registration request rarely comes from the same IP address more than once.

So what do you propose should be done about this? Laws?

Whose laws?

The law of the country the server is in? Neither us (the ISP) or the company that runs the webhosting service is doing anything wrong. We're providing a perfectly legitimate service and respond as fast as reasonable when someone abuses said service for criminal purposes. I hate phishing and scammers as much as the next sysadmin who's had to deal with one dozen spambots too many, but we're already doing all we can and passing laws won't really change that.

The law of the country the scammer is in? Chances are, that country already has laws that deal with this. The only problem is, which country? Like I said, the origin IP is rarely the same twice and likely a proxy running on another compromised host, most likely someone's bot-infected desktop computer. ISPs don't exactly keep logs of every connection going in or out of all systems in their IP range, so even if we could get everyone's cooperation by the time we'd start looking the trail has gone cold.

You're also laboring under the mistaken impression that it's single site or easily isolated group of culprits. It isn't; between the myriad cheap registrars and webhosting services -- both of which are ultimately good things -- it's more like a crazy multiplayer game of Whack-A-Mole.

Terrestrial law enforcement can sometimes catch a break, but they do that by following the money, not the IP traffic.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.