One of the most famous providers of abuse of “BulletProof” web hosting for cybercriminals started routing the networks run by Rustian antivirus and security firm Kaspersky LabKrobsonse knows.
Security experts say Russia-based services in Russia service Prospero ooo (Triple or is the Russian version of “LLC”) long time a steady source of malicious software, botnet controller, and a stream of phishing websites. Last year, the French Security Firm Intrinsic detail Prospero’s connections to Bullulproof services advertised in Russian cybercrime forums under names Secureshost and Bunganong.
The bulletproof hosting provider bearhost. This screenshot has been translated into machine from Russian. Image: Kabangi.com.
Bulletproof hosts are named when they get or cultivate a reputation for ignoring legal needs and abuse of complaints. And bearhosts target reputation from at least 2019.
“If you need a server for a botnet, for malware, broke, scan, phishes and any other tasks, please contact us,” the bear ad in a forum advises. “We treated all abuses without exceptions, including spamhaus and other organizations.”
Intrinsecec finds the prospero some of the raging cybercrime groups, host the host control servers for many ransomware gangs in the past two years. Intrinsecec says the analysis shown in the prospero often hosts malware operations such as Socghrolish and Gootloaderwhich spreads the first browner update on the hacked websites and always put the basis for the most intense cyber interference – including ransomware.
A fake update browser update pushes mobile malware. Picture: Intrinsec.
Self-sustained ability to avoid blocking the SpamhausAn organization of many internet service providers around the world who rely on helping identify and disrupt the sources of malware and spam. In the past this week, Spamhaus said it THE audience That prospera suddenly connects the internet by routing the networks run by Kaspersky Lab in Moscow.
Update, March 1, 9:43 A. In a written statement, Kaspersky says the public is known about the company that says providing a “bulletproof” web hosting provider. Here are their perfect statement:
“Kaspersky rejects these claims while the company does not work and has not worked with the service provider’s service not by default defaults to the telecom services of telecoms of DDOS services.”
“Kasonpersky gives great attention to conducting the behavior business and ensure that its solutions are used for the company to inform a” bulletproof “web hosting provider.”
Kaspersky began selling antivirus and security software in the United States in 2005, and the company’s Malware Poverds obtained security communities for many important discoveries for many years. But in September 2017, the Department of Homeland Security (DHS) puts us federal agencies from using Kaspersky software, ordered to delete within 90 days.
Cybersecity Reporter Kim Zetter The DHS notes not mentioned any specific justification for the ban on 2017, but media reports quoting the government officials announcing two incidents. Zetter wrote:
According to a story, a NSA contractor develops Spy hacking items for Kaspersky software installed on his computer with his computer and removes the source software. A second story claims Israel’s spies captured Russian government hackers using Kasperseky software to seek customer systems consisting of US Secrets.
Kaspersky denies with used software to search for secrets information on Customer’s machines and say that all NSIVIRUS items suffered identifications and then questions or obtaining them for analysis. If Kaspersky knows that the antivirus software code is found in the NSA Worker’s engine harmless programs for government hacking hacking workers to hack workers to delete code removal.
Last year, the US Commerce Department The US Kaspersky Software Sale is forbidden Effective on July 20, 2024. US officials argue that the prohibition is necessary because Russian law requires official companies to cooperate with all official investigations for the benefit of its name.
Phishing data gathered last year by Deal with the consulting group ranked hosting networks in their size and concentration of Spambot Host, and found Papaperer has a higher spam score than any other distant distance.
The AS209030, owned by Kasperseky Lab, gives the BulletProof host prospero connection (AS2005933). Image: cidr-report.org.
It remains unclear why Kaspersky gives transit to prospero. Doug Madorydirector of internet analysis of Centikosaid rout records showing the relationship between prospero and Kaspersky began at the beginning of December 2024.
Madyy says the Kaspersky network is found Hosting many financial institutionsincluding Russia’s largest – Alpha Bank. Kaspersky sells services to help customers from distributing attack-to-service attacks (DDOS) that can only be the prospero purchased protection from Kasspersky.
But if that’s the case, it doesn’t make the situation better, as Zach EdwardsA senior researcher in the security firm Silent push.
“In some way, the DDO protection to a famous bulletproof host provider is more likely to connect to the rest of the internet with your infrastructure,” Edwards said.
2025-02-28 23:15:00
