"The malware writers and criminals who run botnets for years
have been using shared hosting platforms and so-called bulletproof
hosting providers as bases of operations for their online crimes.
But, as law enforcement agencies and security experts have moved to
take these providers offline, the criminals have taken the next
step and begun setting up their own virtual data centers.
"IP address space allocation is handled by five regional
Internet registries (RIR), each of which is responsible for a
particular group of countries. The RIRs work with large
enterprises, ISPs, telecoms and other organizations that need large
blocks of IP space. These organizations typically have to go
through an application and screening process in order to get these
allocations, including providing legal documentation listing the
officers of the company, its business and why the address space is
needed.
"And that's the way it's supposed to work everywhere. Applicants
who can't show a need for the IP space are told politely to take a
walk. But in some cases, criminals have found a way around this by
going through local Internet registries (LIR) or by taking
advantage of RIRs that don't have the resources to investigate
every application as fully as they'd like."
