Fast Flux Beating Security Industry

[Ehtyar]

Hackers are employing a new technique to keep their malicious sites one server ahead of law enforcement.

In the continuing computer security arms race, a technique called fast flux is the bad guys' latest way of thwarting attempts to shut down phishing scams and other Web nasties.

Fast flux was first seen around two years ago, according to Derek Manky, security researcher with Fortinet Inc. in Vancouver. Around a year ago it became popular with operators of botnets - networks of computers belonging to unsuspecting users and infected with bots, allowing them to be controlled remotely and used for phishing and other scams.

Full Story

Ehtyar.

[Deozaan]

What is a fast flux?

The idea is to move the criminal sites around so fast that it's next to impossible to catch up with them.

In its simplest form, this means that the name server controlling the domain constantly changes its response to attempts to look up the Web page. Before anyone can identify the IP address of an offending site and take it offline, the URL will be pointing to a different IP address.