Dozens of dormant networks in North America simultaneously resumed activity

Dormant networks resumed activity
Written by Emma Davis

More than fifty computer networks in North America that had been dormant for a long time suddenly resumed activity.

Last week, Spamhaus discovered that 52 inactive networks in the North American region had recently restored activity, each was announced by autonomous systems with different numbers (ASNs) that had also been inactive for extended periods.

In 48 cases these are /20 networks with 4096 IPv4 addresses, and in the remaining 4 cases these are /19 networks with 8192 addresses.Spamhaus said.

According to experts, the chances that 52 organizations suddenly simultaneously returned to online mode by coincidence are almost zero. However, experts have never been able to find a connection between these networks and the ASNs that announced them, except for the fact that both have been inactive for a long period of time.

Based on the traces and pings, can be concluded that all networks are located in and around New York. The investigation showed that the BGP paths connecting the networks to their hosting include Ukrainian ASNs, and these Ukrainian companies connect the networks to the main backbones.

Since it is unlikely that these routes are legitimate, we have placed almost all of them on our DROP (Do not Route or Peer) list until their owners clarify the situation.said Spamhaus.

Although some routes were withdrawn shortly after the sudden resumption of activity, many were still in operation by the end of last week.

DROP is a text file list of CIDR blocks that have been stolen or otherwise completely controlled by spammers.

CIDR (Classless Addressing) is an IP addressing method that allows flexible management of the IP address space without using a rigid classful addressing framework. Using this method allows economical exploitation of the limited resource of IP addresses, since it is possible to apply different subnet masks to different subnets.

Check Point experts also found that the Phorpiex botnet (aka Trik) has restored its activity. Researchers have recorded a sharp increase in attacks using Phorpiex, which currently distributes Avaddon malware using spam emails.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply