Within the framework of the Agreement with Coordination Center on counteraction to unauthorized use of domains .RU and .РФ Company Group-IB reported on the results of activity as a competent organization for the period from January to June 2012. As a result of activity it was possible to neutralize 775 malicious domains and collect a significant amount of information which helped the police to dispose of 4 major groups of cybercriminals.
The area of competence of Group–IB includes counteraction to the use of domain names of the second and further levels of .RU and .РФ for the purpose of phishing, an unauthorized access to information systems of third parties, spread of malicious programs and operation of malicious programs (bot-nets). Besides tracking and neutralizing domains – abusers specialists of the company provide forensic investigation and detailed processing of data about intruders who once created and used malicious resources. From the side of Group–IB the processes of tracking and counteraction are carried out by CERT-GIB, a subdivision that handles information security incidents 24 hours a day.
For half a year that passed from the date of the Agreement signing CERT-GIB specialists managed to reveal 896 malicious domain names threatening the security of the users of the Russian segment of Internet. In parallel with monitoring domain zones .RU and .РФ there were mastered the procedures of interaction with accredited Russian registrars to speed up and improve the quality of response for the requests of the competent organization. On the whole, for the accounting period registrars by the request of CERT-GIB refused delegation of 86% of revealed malicious domain names including the managing center of bot-net Slenfbot consisting of 600 000 bot-infected computers . All bot-infected users were identified and cut off the bot-net without an opportunity to change the command center.
In should be separately noted that for the accounting period the CERT-GIB specialists not only performed the events to decrease the general level of malicious activity in the Russian segment of Internet but also constantly assisted as a competent organization to law enforcement bodies in collecting proof of illegal activity of a number of criminal groups. Company experts searched for information about intruders who used domain–abuser, recorded evidence of their illegal activity and made further comprehensive analytical processing. This data as well as the results of forensic investigations of used malicious programs were sent to law enforcement bodies. That all contributed to the liquidation of 4 major groups of fraudsters specialized on stealing money through Internet–banking.
“The initiative suggested by Coordination Center resulted in decreasing the general level of malicious activity and allowed to resist violations in Runet on a new quality level. Due to this initiative the Russian segment of Internet ceased being shelter for cybercriminals and the international community obtained an accessible interface for urgent applications concerning dangerous and malicious domain names in zones .RU and .РФ” , said CEO of Group-IB Iliya Sachkov. “Our common task is to make Internet cleaner and safer. The report of Group –IB shows how combined efforts help to address the problem effectively and increase the security of Russian domain zones”, noted CEO of Coordination Center Andrey Kolesnikov.
