This map is just a very small part of a bigger project called ILLBuster and was developed by PRA Lab to showcase some of the ILLBuster features: a specific module dedicated to fast-flux network detection.
The word “Fast-Flux” may be some fairly new “tech-jargon” but its story starts some years ago with IRC chats, botnets and the first web communities.
This map should work fine for all the modern browsers but we suggest you to use the latest versions of Firefox or Chrome for a better experience. If you have any suggestion, requests or if you find some bugs, please let us know! For more informations about fast-flux networks, botnets and this map, read the FAQ below.
A botnet is a group of computers, or similar devices, connected together in an effort to achieve some goal. Originally used to manage chat channels (IRC), today botnets are mostly used by cyber criminals for malicious purposes like stealing credit card numbers, selling illegal drugs and other nefarious things like sending spam emails. Botnets are made of common computers, and devices, infected by malware. Any such computer is referred to as zombie as is infected and under the control of its “master”.
Cyber criminals want to “stay on business” for as long as possible... this means they need to cover their tracks and hide themselves. But how can you hide a huge number of zombie computers working for you 24/7? here comes Fast-Flux! Fast-Flux is a technique used by botnets to hide sites and malicious web pages used to target the final victims. Using Fast-Flux cyber criminals can constantly “move” their malicious webpages used for criminal activities. Actually the REAL malicious web page is not moved but that's what happens from the perspective of the victim. A network of computers that uses this technique is called fast-flux network and is very hard to find and remove.
ILLBuster is a project funded by the European Commission (DG-HOME) within the programme "Prevention of and Fight against Crime". The goal of the project is to develop an integrated information system for the semi-automatic discovery of illegal activities over the Internet.
This map shows compromised hosts from all around the world. Each dot represents an infected computer that is part of a fast-flux network. Every website we visit is normally hosted on a single computer called server but what about malicious websites used by cyber criminals? Fast-flux networks are used to “move” this websites from one infected server to another. We may be visiting the same malicious website but sometimes 3 minutes are just enough to have it moved to another infected computer that belongs to the same fast-flux network... and the victims don't even notice this!
Every day our system automatically analyse traffic data provided by our partners and using some fancy super cool algorithms discovers botnets. Technically this is done by analyzing DNS traffic looking for some evidence. We do our best to find fast-flux networks and this map shows you some of the data we collected. Data can change after a time and we will do our best to show always new information.