Russian Business Network

The Russian Business Network (commonly abbreviated as RBN) is a Russian Internet Service Provider based in St. Petersburg which is notorious for its hosting of illegal and dubious businesses, including; child pornography, phishing and malware distribution sites.^[1]

Activities

The RBN has been described as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and immoral activities, with individual activies earning up to $150m in one year. Businesses that take active stands against such attacks are sometimes targetted by denial of service attacks originating in the RBN network.^[2] RBN sells its services to these operations for $600 per month.^[1]

The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.^[2]

There is one increasingly known activity of the RBN which is an exploit delivery method by applying fake anti-spyware and anti-malware for the purpose of PC hijacking and personal identity (ID) theft.[1] According to McAfee’s SiteAdvisor, MalwareAlarm is a dangerous fake anti-spyware software and is an updated version of Malware Wiper. They tested 279 “bad” downloads from this one site.[2] The methodology is to entice the user to use a “free download” to test for spyware or malware on their PC, MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. Along with MalwareAlarm, numerous other rogue software are linked to and hosted by the RBN.[3]

According to Spamhaus RBN is “Among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks. Provides "bulletproof hosting", but is probably involved in the crime too”.[4] RBN was the subject of an article in the Washington Post on October 13, 2007, where Symantec and other security firms claim RBN provides hosting for many illegal activities, including identity theft and phishing. The article quotes a spokesman for Kaspersky Labs that the owners of RBN might not have directly violated the law as they primarily provide hosting services; their customers are apparently the ones violating laws.

Organization

The RBN also operates under the guise of several other different names or what even could conventionally be regarded as international business or operating divisions. These core operations apparently have no geographical base with a few showing a physical location, however again the validity of these is doubtful. [5][6]

File:Rbn wikipedia.jpg

RBN Autonomous System

RBNet,
RBNetwork,
RBusinessNetwork,
iFrame Cash,
SBT Telecom Network (Seychelles),
Aki Mon Telecom,
4Stat
Eexhost
Rusouvenirs Ltd.,
TcS Network (Panama),
Nevcon Ltd. (Panama),
Micronnet Ltd. (St. Petersburg Russia),
Too coin Software (UK)
76service
MalwareAlarm

Political Connections

It has recently been aledged that the founder and leader of the organisation, known as 'Flyman', is related to a "powerful and well-connected" Russian politician. [7] In light of this, it is entirely possible that recent cyber-terrorism activities, such as the May 2007 denial of service attacks in Estonia [8], may have been co-ordinated by or out-sourced to such an organisation. Although this is currently unproven, intelligent estimates suggest this may be the case.

References

^ ^a ^b Brian Krebs (2007-10-13). "Shadowy Russian Firm Seen as Conduit for Cybercrime". Washington Post. {{cite web}}: Check date values in: |date= (help)
^ ^a ^b "A walk on the dark side". The Economist. 2007-09-30. {{cite web}}: Check date values in: |date= (help)

External links

RBNexploit - The RBN watch-blog that provides detailed information on the RBN [7]
Spamhaus – Rosko listing and description of RBN activities [8]
StopBadWare - RBN User's Guide [9]
Verisign / iDefense - Uncovering Online Fraud Rings: The Russian Business Network [10]
Bleeding Edge Threats- Snort Signatures for RBN Networks [11]
RBN Study - PDF [12]

News

Aug 17 2007 Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy from CIO
Aug 30 2007 A walk on the dark side from Economist
Sep 04 2007 Infamous Russian ISP behind Bank of India hack from ZDNet
Oct 13 2007 Mapping the Russian Business Network from Washington Post, Brian Krebs
Oct 13 2007 Taking on the Russian Business Network from Washington Post, Brian Krebs
Oct 15 2007 Russian Hosting Firm Denies Criminal Ties, Says It May Sue Blacklister from Wired, Ryan Singel
Nov 07 2007 Major Russian Malware Site Goes Offline from PC World John E. Dunn.
Nov 08 2007 The Register: Controversial RBN drops offline from The Register
Nov 08 2007 Major Russian crime site suddenly dies from Network World
Nov 10 2007 Infamous Russian Business Network may be breaking into smaller bitsComputerworld Security Gregg Keizer
Nov 13 2007 'Mother of all cybercrime' vanishes from the web from Times Online
Nov 15 2007 'Hunt for Russia's Web Criminals' from The Guardian: Technology
Nov 20 2007 'Hackers jack Monster.com' Computerworld Security

Internet comments

Mar 02 2007 Dusting my brain Go Away, Russian Business Network!
Jun 20 2007 ISC Sans - MPack Analysis and it derivation from the RBN
Oct 18 2007 Dancho Danchev Russian busness network
Nov 08 2007 Trend Micro - Reported the RBN going offline
Nov 16 2007 Spamhaus - RBN as Chinese as Caviar & Borscht

[wp20071013-1] Brian Krebs (2007-10-13). "Shadowy Russian Firm Seen as Conduit for Cybercrime". Washington Post. {{cite web}}: Check date values in: |date= (help)

[econ20070930-2] "A walk on the dark side". The Economist. 2007-09-30. {{cite web}}: Check date values in: |date= (help)

[1]

[2]