Re: Russian Business Network: Shadowy Firm Seen as Conduit for Cybercrime

["Dennis Brown" <dennis.brown () gmail com>]

Not so much by greping, since they seem to be a a bit distributed
across the internet, but Spamhaus maintains a list of IPs and networks
they use.

http://www.spamhaus.org/rokso/sbl_listings.lasso?spammer=Russian%20Business%20Network&rokso_id=ROK

The rbnetwork.com IPs stand out quite a bit though, so it's probably
worth looking at those networks a bit more and making a decision from
there.

-db

On 10/13/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
> On 10/13/07, Paul Ferguson <fergdawg () netzero net> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Most excellent.
> >
> > Brian Krebs writes in The Washington Post:
> >
> > [snip]
> <Map if IP's>
> http://blog.washingtonpost.com/securityfix/rbn.html
>
> Does anyone know what the color coding is representative of? I assume
> RBN is the red ovoids, but would like to validate that.
>
> <sorry for the uninformed question but..> Is it easy to grep whois for
> RBN? Is the way this reporter found out which IP's they are using
> being kept secret due to some evasion technique?
>
> I would be willing to block them from 3 and 1/2 class B's if the
> information was verifiable and reliable. Its a very large
> representation of the Internet, but its a start.
>
> -JP<the cheesy>
> > Law enforcement agencies say these kinds of Internet companies are able to
> > thrive in countries where the rule of law is poorly established. "It is
> > clear that organized cybercrime has taken root in countries that don't have
> > response mechanisms, laws, infrastructure and investigative support set up
> > to respond to the threat quickly," said Ronald K. Noble, secretary general
> > of Interpol, an organization that facilitates transnational law enforcement
> > cooperation. He declined to discuss the Russian Business Network
> > specifically.
> >
> > The company isn't a mainstream Internet service provider, as Comcast and
> > Verizon are. Rather, it specializes in offering Web sites that will remain
> > reachable on the Internet regardless of efforts to shut them down by law
> > enforcement officials -- so-called bulletproof hosting.
> >
> > Though there are thousands of Web sites that bear the Russian Business
> > Network name on registration records, the company is unchartered and has no
> > legal identity, computer security firms say.
> >
> > [snip]
> >
> > More:
> > http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR200710120
> > 2461.html
> >
> > Also:
> > "Taking on the Russian Business Network"
> > http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_bu
> > siness.html
> >
> > "Mapping the Russian Business Network"
> > http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_busi
> > ness_n.html
> >
> > Kudos to Brian on this in-depth exposé.
> >
> > - - ferg
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP Desktop 9.6.3 (Build 3017)
> >
> > wj8DBQFHEERIq1pz9mNUZTMRAsS/AJ9ZNT6kFuRClhybU9lse/foEGALigCeJc6x
> > pLjb1z5wS45+uD7E/CJo9bY=
> > =dFC1
> > -----END PGP SIGNATURE-----
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  Engineering Architecture for the Internet
> >  fergdawg(at)netzero.net
> >  ferg's tech blog: http://fergdawg.blogspot.com/
> >
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.