funsec mailing list archives
Re: Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime
From: "Dennis Brown" <dennis.brown () gmail com>
Date: Sun, 14 Oct 2007 01:05:49 -0400
Not so much by greping, since they seem to be a a bit distributed across the internet, but Spamhaus maintains a list of IPs and networks they use. http://www.spamhaus.org/rokso/sbl_listings.lasso?spammer=Russian%20Business%20Network&rokso_id=ROK The rbnetwork.com IPs stand out quite a bit though, so it's probably worth looking at those networks a bit more and making a decision from there. -db On 10/13/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
On 10/13/07, Paul Ferguson <fergdawg () netzero net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Most excellent. Brian Krebs writes in The Washington Post: [snip]<Map if IP's> http://blog.washingtonpost.com/securityfix/rbn.html Does anyone know what the color coding is representative of? I assume RBN is the red ovoids, but would like to validate that. <sorry for the uninformed question but..> Is it easy to grep whois for RBN? Is the way this reporter found out which IP's they are using being kept secret due to some evasion technique? I would be willing to block them from 3 and 1/2 class B's if the information was verifiable and reliable. Its a very large representation of the Internet, but its a start. -JP<the cheesy>Law enforcement agencies say these kinds of Internet companies are able to thrive in countries where the rule of law is poorly established. "It is clear that organized cybercrime has taken root in countries that don't have response mechanisms, laws, infrastructure and investigative support set up to respond to the threat quickly," said Ronald K. Noble, secretary general of Interpol, an organization that facilitates transnational law enforcement cooperation. He declined to discuss the Russian Business Network specifically. The company isn't a mainstream Internet service provider, as Comcast and Verizon are. Rather, it specializes in offering Web sites that will remain reachable on the Internet regardless of efforts to shut them down by law enforcement officials -- so-called bulletproof hosting. Though there are thousands of Web sites that bear the Russian Business Network name on registration records, the company is unchartered and has no legal identity, computer security firms say. [snip] More: http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR200710120 2461.html Also: "Taking on the Russian Business Network" http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_bu siness.html "Mapping the Russian Business Network" http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_busi ness_n.html Kudos to Brian on this in-depth exposé. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHEERIq1pz9mNUZTMRAsS/AJ9ZNT6kFuRClhybU9lse/foEGALigCeJc6x pLjb1z5wS45+uD7E/CJo9bY= =dFC1 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime Paul Ferguson (Oct 12)
- Re: Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime Dude VanWinkle (Oct 13)
- Re: Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime Dennis Brown (Oct 13)
- Re: Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime Dude VanWinkle (Oct 13)