Web Threats

November 29, 2011 Previous day Next day

What exactly is the Russian Business Network, and what activities is it involved in?


For an answer see http://en.wikipedia.org/wiki/Russian_Business_Network and the list of site links at http://www.spamhaus.org/rokso/listing.lasso?file=1071


Noted for continuously hosting child pornography, malware, phishing and cybercrime. Provides "bulletproof hosting" but is probably involved in the crime, too. Said to pay well for upstream connectivity. Also known as, or closely related to, "SBT Telecom Network", "Russian Business Network", "Aki Mon Telecom", "Rusouvenirs Ltd.", "Too coin Software Limited", and "TcS Network". (Spamhaus)

The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year. Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month.  (Wikipedia entry)


This list is a snapshot of sites serving malware or strongly suspected of being involved with malware. It dates from June 1st 2011 and can be found at

http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RBN_IP_List_Updat e_6-1-2011.txt


If for any reason the site is unavailable a copy of the list is appended here. If you come across a url or IP address that appears to be linked to a PC infection, look here to see if it is listed - some of the entries contain additional information about the type of malware exploit that the site delivers. See the excerpt below for a few examples.


virusprotection24.com                                                                                      fake anti-virus          IP address previously listed, Zeusv2














symantecantispywareupdate.com                                                         fake anti-virus

75ea.com          trojan




forbidden-erotica.com                                                                                      Blackhat Domains


The list and above link are taken from a post by Brian Krebs, whose security blogs can be found at http://krebsonsecurity.com/

Filter Blog

By date:
By tag: