Tracking the Russian Business Network Part 2

There has been a lot to read about the Russian Business Network lately. When visiting Taosecurity, I discovered a blog -- -- that is focussed exclusively on the RBN. In their latest post "RBN - The Good, Bad and the Ugly" they focus on the RBN Autonomous System.

The problem is the RBN's Autonomous System is integrated within the whole of the Russian , Eastern European, and Eastern Scandinavian internet system overall.

Routing enumeration from Richard Bejtlich shows us how to find the routes to a certain network.

Bonus: Uncovering Online Fraud Rings: The Russian Business Network (idefence webcast)
The Russian Business Network (RBN) developed into its current incarnation as "the baddest of the bad" Internet service provider (ISP) in June 2006. Before then, much of the malicious code currently hosted on RBN servers was located on the IP block of another St. Petersburg ISP, the now-defunct ValueDot. Like ValueDot before it, but unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. VeriSign iDefense research identified phishing, malicious code, botnet command-and-control (C&C), and denial of service (DoS) attacks on every single server owned and operated by RBN.

No comments: