after having contacted the FCCU (cybercrime police in Belgium) when I saw the first of probably a series of new .be domains that were being used in a fastflux botnet monitored by Arbor Networks (thanks for the access by the way :)) the Belgian police and judiciary and dns operator of the .be domainname took immediately action.
They have put them in quarantaine and these are out of order. No DNS resolution.
THis is in fact not a definitive solution because the ballgame will change once these botnetmasters start setting up their own dns infrastructure or mechanism. Some say this is impossible or hard to do but that has been said about many things that have become normal in cybercrime. And there is more money, resources and knowledge in cybercrime than we can imagine. THe only thing that is for the moment going for us is that the cybergangs don't work together and at the other side that the white economy is far more important and promising than the black online economy so that owners of infrastructure can be put under enormous pressure to cut their ties to the cybergangs or be cut off the web and lose everything. The community did it already a few times last year and they probably will have to do it a few times more.
Meanwhile while waiting for the promised CERT in Belgium, this little guy tries to do some things to keep the .be domain safe. Any information is always welcome. As is access to databases or network monitors in which there is Belgian information. As you see we try to do useful things with it.
This is the THIRD .be botnet or phishing operation that has been killed effectively in a matter of hours after detection since the beginning of 2009. I thank the FCCU and Arbor Networks for the trust. I personally think this is worth it.
Volunteers for the belsec operation are always welcome. Some writing or just updating or indexing or researchers. I only have so many hours a day.
This one popped up today in the botnetlistings but too late it is already quarantined by DNS.be