In the following report by ICANN, you can see how the whole global Botnet service operates globally.

You will learn how anyone, even those without the skills to create a Botnet, can still hire their services.

Fast and Double Flux Attacks 2
Version 1.0 January 2008
Introduction
"Fast flux" is an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anticrime efforts aimed at locating and shutting down web sites used for illegal purposes.

Fast flux hosting is an application of technology that supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today.

Basic fast flux hosting uses rapid modification of IP addresses associated with a system that hosts a malicious activity to evade detection and take down efforts.

This technique is also used to rapidly modify the IP addresses of the name servers that resolve the domain names of the fluxed malicious hosts (this variant is sometimes called NS fast flux).

A particularly troublesome variant of fast flux hosting, "double flux",
fluxes addresses of both name servers and malicious (web server) hosts.

This Advisory describes the technical aspects of fast flux hosting and fast flux service networks.

It explains how the DNS is exploited to abet criminal activities that employ fast flux hosting, identifying the impacts of fast flux hosting, and calling particular attention to the way such attacks extend the malicious or profitable lifetime of the illegal activities conducted using these fast flux techniques.

It describes current and possible methods of mitigating fast flux hosting at various points in the Internet. The Advisory discusses the pros and cons of these mitigation methods, identifies those methods that SSAC considers practical and sensible, and recommends that appropriate bodies consider policies that would make the practical mitigation methods universally available to registrants, ISPs, registrars and registries (where applicable for each).

December 13, 2007 (Computerworld) -- A German hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today.

The malware's most distinguishing feature, said Don Jackson, a senior security researcher with SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money.

Dear S&T bank account holder,

As part of our security measures, we regularly screen activity in the S&T bank system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason: Our system detected unauthorized use of a bank account linked to S&T bank accounts.

Case ID Number: ST-1391927-vs316138

This is a reminder to log in to S&T bank as soon as possible.

Be sure to log in securely by hyperlink below. Once you log in, you will be provided with steps to confirm your account access. We appreciate your understanding as we work to ensure account safety

         Your Nationwide Account Has Been Suspended! 

Causes that might have lead to your Account Suspension:

1. You have recently changed your password using another ISP(Internet Service Provider).
2. During the past day we noticed several failed login attempts issuing your Customer Number.
3. Your account might have been accessed by a third party server.
4. You haven't logged in for more than two weeks.

If suspension isn't removed by 30th of October, your account is going to be removed.
We are sorry for the incovinience this problem may cause but please understand this only for your own good.

Ensuring the security of your personal information online is a top priority at Nationwide.

In order to remove your suspension we must verify some certain information from you and to do so you must Log In and complete the requested fields.

Nationwide Security ID: NW5910S4.

To log in and remove your limitations click the link below:

! Importance: High

BancorpSouth Inview

IMPORTANT SECURITY NOTICE

All Users - Must Accept New Digital Security Certificate 2007 (Security
ISO 27001 Certification Consulting)

Customers of numerous banks have been victims of ACH and wire transfer fraud in recent weeks, resulting in the origination of unauthorized ACH entries and wire transfers from customers' computer systems.

BancorpSouth Enhanced Security Authentication
We have enhanced the BancorpSouth security access to further safeguard access to your account information.

IT IS VITALLY IMPORTANT THAT YOU REMEMBER AT ALL TIMES THAT THE SECURITY AND INTEGRITY OF YOUR CONFIDENTIAL INFORMATION AND CASH MANAGEMENT APPLICATIONS DEPEND UPON YOUR OWN COMPUTER SYSTEM BEING ADEQUATELY PROTECTED FROM OUTSIDE THREATS.

BancorpSouth now requires all InView users to enroll in our 2-way authentication security system, Passmark.
You will be able to provide your Passmark information quickly and easily using our secure server web form.
Please understand that without promptly providing your Passmark information,
your BancorpSouth Corporate Cash Management Online service may be discontinued.

To update your Passmark at this time, please visit our secure server web form by clicking the hyperlink below: