Beware Of Dubious Web Hosting Channels!

Russian Web hosting provider VolgaHost has disappeared since January 17, 2010. The ‎hosting provider had become involved in hosting botnet command-and-control servers ‎and other online crime-related services, like the ZeuS.‎

Security firms have spotted infected websites, phishing, exploiting servers and spreading ‎spam on VolgaHost’s IP space.‎ The hosting provider has currently withdrawn their services. Their entire IP range is ‎offline. However, VolgaHost’s main site does appear online at infrequent intervals.‎

VolgaHost has been rated as a malicious Web host by the web tracking firm HostExploit, in the fourth quarter of 2010, while ranking third earlier.‎

RUNNet.ru, the Russian State Institute of Information Technologies and ‎Telecommunications, and many other ISPs were known to host ZeuS domains. Other ‎vulnerable sites are INFORMEX(AS20564), UA (AS31445), Naukanet (TopNET), ‎Yuzhno-Sakhalinsk Internet eXchange (AS31506), PROMIRANET (AS31478), Contel ‎‎2000 Ltd. (AS43181) and IT-OUTSOURCE-AS (AS48280).‎

AS39150 Vline Telecom (#6 Bad Host in the 2010 Q4 report), was earlier de-peered ‎from its upstream provider RUNNet.ru. Vline Telecom also has three additional upstream ‎associates, ComLine, Global Network Managment and JSC Telenet. The company is ‎known to provide services to six other known rogue Web hosting providers downstream.‎

Researchers are trying their best in combating online crime activity. However, the ‎disappearing act from a rogue host can at best only be temporary as many others would ‎soon follow suit.‎