ISP’s can help stop CryptoLocker Virus

Another very large bot net was used last night to send out invoice scam emails, with a crypto locker attachment, and while good spam protection should catch most of these, it is a shame that ISP’s aren’t doing more to protect the world.

Most of these emails are generated on compromised home computers, CPE equipment, and other devices in the IoT (Internet of Things), and while many RBL operators (SpamHaus, SpamRats, SorbsDUL et al) are designed to block emails coming from dynamic IP space, not every one is protected.

And even if they are marked as spam or blocked, email servers around the world have to process and handle all these attempts, and all it takes is one person to accidentally click on one of these messages, to create a world of hurt.

And as long as the ransom ware operators continue to keep make money, this problem will only get larger. And the virus definitions keep changing, making this a challenge even for the best anti-virus softwares out there, trying to keep up.  When millions of copies of a virus can be sent over night, even a 24 hour delay in identifying the new virus results in a major worldwide risk.

And the solution is very simple. Some of the world’s largest ISP’s and operators simply need to block all traffic destined to Port 25 from dynamic IP Address space before it leaves their networks.

2.83.126.132 1 bl22-126-132.dsl.telepac.pt
2.87.153.131 1 ppp-2-87-153-131.home.otenet.gr
2.153.7.74 1 2.153.7.74.dyn.user.ono.com
2.220.109.24 1 02dc6d18.bb.sky.com
2.243.228.23 1 x2f3e417.dyn.telefonica.de
5.64.178.247 1 0540b2f7.skybroadband.com
24.41.216.233 1 dynamic.libertypr.net
31.50.22.58 1 host31-50-22-58.range31-50.btcentralplus.com
37.7.21.81 1 apn-37-7-21-81.dynamic.gprs.plus.pl
37.47.41.217 1 public-gprs361112.centertel.pl
37.239.132.174 1 earthlinkiq.com
37.239.135.32 1 earthlinkiq.com
46.169.127.13 1 apn-46-169-127-13.dynamic.gprs.plus.pl
46.177.13.13 1 ppp046177013013.access.hol.gr
46.204.247.235 1 46.204.247.235.dsl.dynamic.t-mobile.pl
47.72.171.99 1 47-72-171-99.dsl.dyn.ihug.co.nz
61.247.8.185 1 fm-dyn-61-247-8-185.fast.net.id
70.215.213.237 2 237.sub-70-215-213.myvzw.com
71.72.196.170 2 cpe-71-72-196-170.cinci.res.rr.com
75.89.141.94 1 h94.141.89.75.dynamic.ip.windstream.net
77.10.222.254 1 x4d0adefe.dyn.telefonica.de
77.177.215.197 1 x4db1d7c5.dyn.telefonica.de
77.178.165.29 1 x4db2a51d.dyn.telefonica.de
77.181.69.228 1 x4db545e4.dyn.telefonica.de
78.52.70.154 1 x4e34469a.dyn.telefonica.de
79.35.174.82 1 host82-174-dynamic.35-79-r.retail.telecomitalia.it
79.68.225.158 1 79-68-225-158.dynamic.dsl.as9105.com
79.77.118.60 1 79-77-118-60.dynamic.dsl.as9105.com
79.158.225.17 1 17.red-79-158-225.dynamicip.rima-tde.net
80.110.109.153 1 80-110-109-153.cgn.dynamic.surfer.at
80.189.247.173 1 173.247.189.80.dyn.plus.net
81.107.59.7 1 cpc93332-hers8-2-0-cust774.6-3.cable.virginm.net
81.129.96.28 1 host81-129-96-28.range81-129.btcentralplus.com
83.38.154.128 1 128.red-83-38-154.dynamicip.rima-tde.net
83.55.21.41 1 41.red-83-55-21.dynamicip.rima-tde.net
84.72.135.85 1 84-72-135-85.dclient.hispeed.ch
84.115.215.229 1 84-115-215-229.cable.dynamic.surfer.at
85.52.106.243 1 243.pool85-52-106.dynamic.orange.es
85.210.155.253 1 85-210-155-253.dynamic.dsl.as9105.com
85.245.139.128 1 bl12-139-128.dsl.telepac.pt
86.5.126.160 1 cpc91568-seac25-2-0-cust671.7-2.cable.virginm.net
86.6.162.139 1 cpc72665-nmal21-2-0-cust650.19-2.cable.virginm.net
86.26.0.61 1 cpc98256-walt21-2-0-cust60.13-2.cable.virginm.net
86.143.235.1 1 host86-143-235-1.range86-143.btcentralplus.com
86.158.246.93 1 host86-158-246-93.range86-158.btcentralplus.com
86.167.210.110 1 host86-167-210-110.range86-167.btcentralplus.com
86.185.66.244 1 host86-185-66-244.range86-185.btcentralplus.com
88.108.48.162 1 88-108-48-162.dynamic.dsl.as9105.com
89.12.186.230 1 x590cbae6.dyn.telefonica.de
90.203.126.81 1 5acb7e51.bb.sky.com
90.217.72.239 1 5ad948ef.bb.sky.com
92.22.211.4 1 host-92-22-211-4.as13285.net
92.195.69.44 1 port-92-195-69-44.dynamic.qsc.de
92.224.20.4 1 x5ce01404.dyn.telefonica.de
93.126.152.247 1 DSL-pool247.sodetel.net.lb
94.11.125.234 1 5e0b7dea.bb.sky.com
94.34.101.248 1 dynamic-adsl-94-34-101-248.clienti.tiscali.it
95.20.231.210 1 210.231.20.95.dynamic.jazztel.es
95.41.68.49 1 apn-95-41-68-49.dynamic.gprs.plus.pl
95.160.159.208 1 095160159208.dynamic-ra-12.vectranet.pl
105.227.158.229 1 105-227-158-229.east.dsl.telkomsa.net
109.153.127.95 1 host109-153-127-95.range109-153.btcentralplus.com
110.227.135.214 1 telemedia-ap-dynamic-214.135.227.110.airtelbroadband.in
110.227.234.29 1 abts-tn-dynamic-29.234.227.110.airtelbroadband.in
118.137.162.57 1 fm-dyn-118-137-162-57.fast.net.id
122.170.137.251 1 abts-mum-dynamic-251.137.170.122-airtelbroadband.in
122.170.174.221 1 abts-mum-dynamic-221.174.170.122-airtelbroadband.in
122.170.189.12 1 abts-mum-dynamic-12.189.170.122-airtelbroadband.in
122.170.190.0 1 abts-mum-dynamic-0.190.170.122-airtelbroadband.in
122.170.238.130 1 telemedia-ap-dynamic-130.238.170.122.airtelbroadband.in
122.180.186.247 1 abts-north-dynamic-247.186.180.122.airtelbroadband.in
151.228.230.55 1 97e4e637.skybroadband.com
165.255.173.60 1 165-255-173-60.ip.adsl.co.za
167.57.138.133 1 r167-57-138-133.dialup.adsl.anteldata.net.uy
167.62.125.86 1 r167-62-125-86.dialup.adsl.anteldata.net.uy
173.185.129.194 1 h194.129.185.173.dynamic.ip.windstream.net
177.17.222.74 1 177.17.222.74.dynamic.adsl.gvt.net.br
177.18.7.19 1 177.18.7.19.dynamic.adsl.gvt.net.br
177.44.123.20 1 177-44-123-20.uni-wr.mastercabo.com.br
177.95.133.51 1 177-95-133-51.dsl.telesp.net.br
177.247.30.3 1 customer-TEPIC-30-3.megared.net.mx
177.247.179.90 1 customer-NOG-179-90.megared.net.mx
178.82.217.9 1 178-82-217-9.dynamic.hispeed.ch
178.128.187.208 1 178.128.187.208.dsl.dyn.forthnet.gr
181.62.128.128 1 Dynamic-IP-18161128128.cable.net.co
181.90.13.135 1 host135.181-90-13.telecom.net.ar
182.69.136.54 1 abts-north-dynamic-054.136.69.182.airtelbroadband.in
182.77.91.58 1 abts-mum-dynamic-58.91.77.182.airtelbroadband.in
184.5.82.140 1 tx-184-5-82-140.dhcp.embarqhsd.net
186.49.220.94 1 r186-49-220-94.dialup.adsl.anteldata.net.uy
186.50.125.125 1 r186-50-125-125.dialup.adsl.anteldata.net.uy
186.80.248.23 1 Dynamic-IP-1868024823.cable.net.co
186.81.74.205 1 Dynamic-IP-1868174205.cable.net.co
186.86.177.89 1 Dynamic-IP-1868617789.cable.net.co
186.86.231.201 1 Dynamic-IP-18686231201.cable.net.co
186.216.78.49 1 186-216-78-49.uni-cb.mastercabo.com.br
187.55.0.110 1 187-55-0-110.fnses700.dsl.brasiltelecom.net.br
187.75.237.136 1 187-75-237-136.dsl.telesp.net.br
187.132.178.31 1 dsl-187-132-178-31-dyn.prod-infinitum.com.mx
187.133.164.252 1 dsl-187-133-164-252-dyn.prod-infinitum.com.mx
187.134.58.1 1 dsl-187-134-58-1-dyn.prod-infinitum.com.mx
187.154.243.20 1 dsl-187-154-243-20-dyn.prod-infinitum.com.mx
187.172.255.79 1 dsl-187-172-255-79-dyn.prod-infinitum.com.mx
187.178.129.79 1 187-178-129-79.dynamic.axtel.net
187.194.138.127 1 dsl-187-194-138-127-dyn.prod-infinitum.com.mx
187.194.173.225 1 dsl-187-194-173-225-dyn.prod-infinitum.com.mx
187.194.200.139 1 dsl-187-194-200-139-dyn.prod-infinitum.com.mx
187.195.235.112 1 dsl-187-195-235-112-dyn.prod-infinitum.com.mx
187.204.223.167 1 dsl-187-204-223-167-dyn.prod-infinitum.com.mx
187.208.23.252 1 dsl-187-208-23-252-dyn.prod-infinitum.com.mx
187.209.28.36 1 dsl-187-209-28-36-dyn.prod-infinitum.com.mx
187.209.91.224 1 dsl-187-209-91-224-dyn.prod-infinitum.com.mx
187.230.57.18 1 dsl-187-230-57-18-dyn.prod-infinitum.com.mx
187.235.128.79 1 dsl-187-235-128-79-dyn.prod-infinitum.com.mx
187.235.217.148 1 dsl-187-235-217-148-dyn.prod-infinitum.com.mx
187.244.130.79 1 customer-GDL-130-79.megared.net.mx
187.244.197.204 1 customer-COL-197-204.megared.net.mx
187.246.175.175 1 customer-GDL-175-175.megared.net.mx
187.253.121.96 1 187.253.121.96.cable.dyn.cableonline.com.mx
188.77.222.250 1 250.222.77.188.dynamic.jazztel.es
188.98.198.122 1 dslb-188-098-198-122.188.098.pools.vodafone-ip.de
188.105.10.160 1 dslb-188-105-010-160.188.105.pools.vodafone-ip.de
188.107.246.232 1 dslb-188-107-246-232.188.107.pools.vodafone-ip.de
188.110.92.110 1 dslb-188-110-092-110.188.110.pools.vodafone-ip.de
189.128.36.4 1 dsl-189-128-36-4-dyn.prod-infinitum.com.mx
189.128.233.177 1 dsl-189-128-233-177-dyn.prod-infinitum.com.mx
189.130.29.24 1 dsl-189-130-29-24-dyn.prod-infinitum.com.mx
189.130.118.124 1 dsl-189-130-118-124-dyn.prod-infinitum.com.mx
189.130.142.153 1 dsl-189-130-142-153-dyn.prod-infinitum.com.mx
189.137.23.8 1 dsl-189-137-23-8-dyn.prod-infinitum.com.mx
189.138.84.125 1 dsl-189-138-84-125-dyn.prod-infinitum.com.mx
189.140.160.70 1 dsl-189-140-160-70-dyn.prod-infinitum.com.mx
189.144.45.14 1 dsl-189-144-45-14-dyn.prod-infinitum.com.mx
189.151.94.61 1 dsl-189-151-94-61-dyn.prod-infinitum.com.mx
189.151.128.26 1 dsl-189-151-128-26-dyn.prod-infinitum.com.mx
189.155.6.247 1 dsl-189-155-6-247-dyn.prod-infinitum.com.mx
189.173.217.68 1 dsl-189-173-217-68-dyn.prod-infinitum.com.mx
189.178.6.155 1 dsl-189-178-6-155-dyn.prod-infinitum.com.mx
189.182.255.139 1 dsl-189-182-255-139-dyn.prod-infinitum.com.mx
189.194.73.233 1 customer-XAL-73-233.megared.net.mx
189.195.66.18 1 customer-TOLU-66-18.megared.net.mx
189.235.125.235 1 dsl-189-235-125-235-dyn.prod-infinitum.com.mx
189.241.72.4 1 dsl-189-241-72-4-dyn.prod-infinitum.com.mx
189.249.11.194 1 dsl-189-249-11-194-dyn.prod-infinitum.com.mx
189.249.35.17 1 dsl-189-249-35-17-dyn.prod-infinitum.com.mx
189.251.163.79 1 dsl-189-251-163-79-dyn.prod-infinitum.com.mx
189.251.178.1 1 dsl-189-251-178-1-dyn.prod-infinitum.com.mx
190.31.102.137 1 host137.190-31-102.telecom.net.ar
190.36.84.87 1 190-36-84-87.dyn.dsl.cantv.net
190.39.20.111 1 190-39-20-111.dyn.dsl.cantv.net
190.39.63.177 1 190-39-63-177.dyn.dsl.cantv.net
190.75.120.246 1 190.75-120-246.dyn.dsl.cantv.net
190.77.102.142 1 190-77-102-142.dyn.dsl.cantv.net
190.79.84.4 1 190-79-84-4.dyn.dsl.cantv.net
190.162.156.247 1 pc-247-156-162-190.cm.vtr.net
190.163.31.187 1 pc-187-31-163-190.cm.vtr.net
190.201.137.2 1 190-201-137-2.dyn.dsl.cantv.net
190.203.131.129 1 190-203-131-129.dyn.dsl.cantv.net
190.203.137.198 1 190-203-137-198.dyn.dsl.cantv.net
190.207.254.74 1 190-207-254-74.dyn.dsl.cantv.net
190.227.16.123 1 host123.190-227-16.telecom.net.ar
190.230.45.91 1 host91.190-230-45.telecom.net.ar
200.61.183.36 1 customer-static-183-36.iplannetworks.net
200.77.20.164 1 customer-JOJU-20-164.megared.net.mx
200.92.165.112 1 customer-MZT-165-112.megared.net.mx
200.120.209.250 1 pc-250-209-120-200.cm.vtr.net
200.161.238.75 1 200-161-238-75.dsl.telesp.net.br
200.188.142.50 1 CableLink-200-188-142-50.Hosts.Cablevision.com.mx
201.124.108.63 1 dsl-201-124-108-63-dyn.prod-infinitum.com.mx
201.124.111.36 1 dsl-201-124-111-36-dyn.prod-infinitum.com.mx
201.124.195.24 1 dsl-201-124-195-24-dyn.prod-infinitum.com.mx
201.146.150.110 1 dsl-201-146-150-110-dyn.prod-infinitum.com.mx
201.216.58.61 1 Dynamic-IP-cr2012165861.cable.net.co
201.252.238.66 1 host66.201-252-238.telecom.net.ar
202.142.116.117 1 dynamic-117.116.142.202.sitibroadband.in
217.39.206.65 1 host217-39-206-65.range217-39.btcentralplus.com
217.42.217.201 1 host217-42-217-201.range217-42.btcentralplus.com

This entry was posted in Informative and tagged , , , , , , . Bookmark the permalink.

One Response to ISP’s can help stop CryptoLocker Virus

  1. elbmw says:

    Agree that this is a huge problem. I have had 2 clients call me in the past year to say they have been infected with ransomware. Despite Spam and Virus filters at the mail gateway and Endpoint Security on their local PCs.

    But blocking port 25 wont fix the issue as the spammers can just change the port. However, blocking ANY email server with a Dynamic IP may give some hope.

    Moreover, there appears to be little motivation on the part of the authorities to tackle this problem. It makes me wonder if some cell withing the “authorities” has created this to raise money for clandestine ops. Hence why they always seem to be one step ahead.

    Remember the “lovebug” virus from 2000? The FBI were onto him (in Manila) within 48 hours. So why cant they nail this guy? Unless they don’t want to!

Leave a Reply