Observing the Russian Business Network (RBN) this blog is pleased to introduce readers to a highly informative 70 page study of RBN by David Bizeul which you can download in PDF format in English (see links on article footer).
Figure 1 – RBN Offices
12 Levashovskiy Prospect.
197110 Saint-Petersburg, – Russia
The study provides extensive information and analysis on the background of the RBN; from its probable physical locations (see figure 1 for the RBN offices), Russian cybercrime, and one of the study’s conclusions is very telling, this blog wholeheartedly agrees with and also add international law enforcement.
“There are some countermeasures available but none makes sense for the home user or even companies. Only ISPs, IXPs and Internet regulators can help in mitigating the risks originating from RBN and other malicious groups.”
As with most investigation of RBN, including this blog, we are confined to retrospective analysis, however David’s RBN study is very important, as it provides a definitive image of the RBN just before they reorganized. This is crucial for authors of this blog and other researchers as it provides a comparative base for current analysis and RBN activity. For example within a very early article on this blog we described the Internet serving locations of a number of exploit and Rock phish, landing web sites. This can be seen in Figure 2 (click to enlarge) with the previous and current servers for these domains.
Interestingly AS36420 for the 75.125.89.178 IP address resolves to Everyones-Internet3 – for this and to show connection, this is the same route as shown on Castlecops for Lloyds TSB, Rock Phish (banking ID phishing).
The name servers shown for all in Figure 2, are our good friends, i.e. AS 27595 i.e. Atrivo, Intercage, Inhoster, Estdomains. With even more interest is the same name-server also hosts the following “fakes”.
e.g. – antispygolden.com, hitvirus.com, malwareburn.com, procodec.com, videohook.com, virusheal.com
These are purely a sample for this server, below are shown in Figures 3 and 4 the IP mapping as samples.
We hope this provides further examples of the RBN’s current well being, also to add we are pleased to announce in collaboration with David Bizeul we will provide an update for this RBN study, within the next few weeks.
Figure 3. Name Server Map example
Figure 4 – IP Map example
References and downloads:
David Bizeul – RBN Study here or here – Castlecops Rock Phish – Original RBN IP blog article
View full post on Russian Business Network (RBN)
Related Posts
- RUSSIAN BUSINESS NETWORK DEPLOYS IN THE IP SPACE OF THE ISLAMIC REPUBLIC
A Russian organized crime group involved in pornography, drug smuggling, and the distribution of malware has initiated operations from the IP address space of the Islamic Republic of Iran. It is unkn... - SMB Security: Eight Tips to Protect Your Business Network
From screen scrapers to scareware, there's no shortage of threats ready to compromise your business network, whether it's wired or wireless. But if you follow my eight steps for SMB security, you'll g... - PSN update now live across the U.S., go change your password now
In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ... - Sony says credit card details *were* encrypted, but questions still remain
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStati... - Sony PlayStationRNetwork under attack
After discovering an external intrusion, the persons in charge took the worldwide network and the Qriocity services offline on April 20th 2011. Since then, none of the games can be played online anymo... - Playstation Network users at risk (updated)
Update 27/04/2011 15:30 GMTA Spanish user tweet shows he has been charged in his card, his bank has called him after a suspicious charge to Netflix has been done (Netflix is not available in Spain):He... - Questions and Answers on the Sony PSN Hack
Q: What is PSN?A: It's the Sony PlayStation Network, an online gaming network.Q: What devices can access it?A: Sony PlayStation 3 (PS3) Sony PlayStation Portable (PSP). You can also use your PSN login... - Sony PlayStation Network and Qriocity Services Hacked – 77 Million Accounts at Risk
Not one to let Epsilon or Oak Ridge National Laboratories hog the media spotlight, Sony, a seasoned expert at security blunders such as the famous Sony rootkit, has taken the spotlight for one of the ... - Sony PlayStation data breach fiasco: what bugs me about it
I have been skimming the glut of news stories covering the PlayStation hack following Sony's statement yesterday.
The issues that keeps coming back to me are these:
1. Sony, like any company who ke...
Posted on 08 May 2010. Tags: Business, network, Russian
