Considering that most spam and malware is coming from Russia and China, wouldn’t it be possible to turn off access to Russian and Chinese hosts, domains, servers, by default and only open connections by requesting your own ISP? I guess that only a small percentage of Internet users are visiting Russian and Chinese sites and servers, so this should not be a big problem.
Botnet operators have found a home in Russia after server access became too difficult in China says insecurity company M86 Security.
Chinese cyber sleuths have been driving malware operators from the country’s telecommunications infrastructrue and Russia – always somewhat lax in policing online criminals – has become the refuge for botnet spam campaigns from dodgy porn websites, online casinos and pharmacies.
M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware botnet.
“It used to be Chinese registrars and now it has been a pretty dramatic shift. Back in Russia it is kind of the same old names. These registrars have been around for a while.,” said Bradley Anstis, VP of technology strategy at M86 Security.
The shift to the former Soviet Union follows a clampdown on cyber crime operations in central Europe and Asia. Authorities in Europe have sought to drive cyber criminals out of the region, but it seems like they and other parallel efforts elsewhere have just driven them somewhat to the east, into Russia.