Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Previous Next

Web Threats

November 29, 2011
0

What exactly is the Russian Business Network, and what activities is it involved in?

 

For an answer see http://en.wikipedia.org/wiki/Russian_Business_Network and the list of site links at http://www.spamhaus.org/rokso/listing.lasso?file=1071

 

Noted for continuously hosting child pornography, malware, phishing and cybercrime. Provides "bulletproof hosting" but is probably involved in the crime, too. Said to pay well for upstream connectivity. Also known as, or closely related to, "SBT Telecom Network", "Russian Business Network", "Aki Mon Telecom", "Rusouvenirs Ltd.", "Too coin Software Limited", and "TcS Network". (Spamhaus)


The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year. Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month.  (Wikipedia entry)

 

This list is a snapshot of sites serving malware or strongly suspected of being involved with malware. It dates from June 1st 2011 and can be found at

http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RBN_IP_List_Updat e_6-1-2011.txt

 

If for any reason the site is unavailable a copy of the list is appended here. If you come across a url or IP address that appears to be linked to a PC infection, look here to see if it is listed - some of the entries contain additional information about the type of malware exploit that the site delivers. See the excerpt below for a few examples.

 

109.235.249.3

amav-ltd.com

virusprotection24.com                                                                                      fake anti-virus

 

113.53.251.236          IP address previously listed, Zeusv2

adventurewaspos.com

best-chipfull3d-mantosh3d.com

blackfuril.ru

consoleencydd.com

datacricketuf.ru

funswarmsag.ru

greensinkod.com

mail.umt.ac.th

ns1.bitschoonerop.com

ns2.bitschoonerop.com

update-panasonicdrv-3dtv.com

updatem-panasonicdrv-3dtv.com

upl.kz

 

119.110.103.221

symantecantispywareupdate.com                                                         fake anti-virus

 

124.237.77.232

75ea.com          trojan

 

173.192.58.150

*.estrategiavirtual.com

*.forbidden-erotica.com

estrategiavirtual.com

forbidden-erotica.com                                                                                      Blackhat Domains

 

The list and above link are taken from a post by Brian Krebs, whose security blogs can be found at http://krebsonsecurity.com/