Russian Malware Hosting Association Probably Shifting To China
The St. Petersburg, Russia, based renowned cyber-terrorist and malware-hosting association, Russian Business Network (RBN), has stopped operations, alleged security investigators on November 7, 2007.
However, after one day, RBN let go its power over the Internet that had hosted countless domains involved in innumerable scams spanning ages.
By releasing authority over its assigned IP blocks, RBN basically severed its links to the cyberspace and made it inconceivable for its over thousand domains - to log in to the Internet or for people to visit those domains. According to report published by COMPUTERWORLD.com in its November 7, 2007 edition, Trend Micro's Network Architect Paul Ferguson alleged that though previously there might have been 22 viable paths for information to reach their IP blocks, currently there are no such path available.
Furthermore, Ferguson stated that this wasn't the outcome of ISPs, trying to obstruct or blackhole the visitors. Rather this was done willingly.
Although RBN may seem to have been ousted, specialists at Spamhaus, the anti-spam organization, think there are firm possibilities that a newly established vast bandwidth of cyberspace in China, may shortly develop as the next avatar of the Russian Business Network. In case Spamhaus's theories are right, RBN's new abode would comprise much greater Web hosting power than its earlier site in Russia.
However, so far, not everybody is ready to allocate the new Chinese address registrations to RBN. Matthew Richard, Director of iDefense's Rapid Response Team, maintained that it's still early to forge that link confidently, indicated a report issued by the November 7, 2007 edition of washingtonpost.com .
As per security specialists, RBN's aim is to give hackers a support for their unlawful actions. Several computers in the RBN hold exploits that infect surfer's computers or collect malware acquired, for instance, by downloaders of Trojan horses. The malevolent softwares then carry the information seized from the infected computers to RBN's server.
Besides, RBN also gives unassailable domains that can be enrolled in total secrecy and are very hard to closedown. The most recent exploit focused on connections in specifically designed PDF documents which connect back to RBN right away to carry back malware from there. The Storm worm is another instance of malware that is installed by the RBN network frequently.
Related article: Russian Hackers Break into NOAA to Push Pills
» SPAMfighter News - 22-11-2007