Latvian Rogue Hosting Provider Disconnected

On Monday, Real Host Ltd., a hosting provider operating from Latvia, was cut off from the Internet by its uplink provider Junik. The company's assigned address space had previously been linked to the Zeus botnet and other illegal online activities.

Due to reports from various security researchers, Swedish telecommunications provider TeliaSonera, which delivers services in the Nordic and Baltic countries, the emerging markets of Eurasia, including Russia and Turkey, and in Spain, has pressured one of its clients, Riga-based provider Junik, to depeer Real Host for illegal activities.

Real Host Ltd. is a Web-hosting company registered to one Alex Spiridonov residing in Almaty, Kazakhstan. The company's servers were leased from and hosted on the network of a Latvian ISP called Junik. On Monday, Junik cut off Real Host from the Internet, after its own upstream provider, TeliaSonera, threatened it with sanctions.

According to security experts, Real Host has been serving as a hub to cybercrime, hosting many command and control servers for Zeus, a notorious botnet used for phishing. Additionally, websites hosted on its servers were being used to load exploits for zero-day vulnerabilities, such as the recent Flash one, during drive-by attacks.

Malicious host-tracking outfit HostExploit advises that other nastiness housed by Real Host includes fake codecs, banking trojans, spambots, downloaders, money mule recruitment sites, warez and illegal adult content. Some Real Host websites, mostly with Russian content, are used for botnet rental, botnet loading, IFrame exploit affiliation or credit card trading.

"This may not be a reincarnation of the RBN, but [they are] clearly Russian organized cyber criminals, in the same vein and at least headed by someone from the old school of RBN," HostExploit notes.

Three similar ISP takedowns were registered in the past twelve months, Atrivo, McColo and 3FN but all of them were based in the US. This marks the first depeering of a bullet-proof Eastern European hosting provider and sets a very welcomed precedent. UkrTeleGroup, a notorious Ukraine-based ISP, was knocked offline for a limited time too but it was because of the decision of a US upstream provider.