SANS referred to a whitepaper from David Bizeul on the RBN. He spent the past three months researching the Russian Business Network (RBN). The 70-page paper is on David's web site, or you can use the SANS mirror.
The paper describes the complete netwerk setup, their affiliates, their customers. It also provides an analysis of some real life cases of MPACK, the Bank of India intrusion all pointing back to the RBN. He even mentions the names of the persons involved in the organisation.
In the last part, filtering and blocking solutions are provided for ISP's to help mitigate the risks. Also Idefense asked their customer to also block these ranges and several UK ISPs implemented them. This all might explain the faked death of the RBN and plans to relocate to china two weeks ago.
I would say, read the paper if you want all the juicy details. The RBN has not been sitting idle these last weeks. Spreading malware through false False Codecs downloads or by Banner-Ads infections on Major Web Portals. They even took a bite out of Monster.com.
As they say, reports of their demise have been greatly exaggerated.
Friday
Whitepaper on Russian Business Network and more updates
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
1 comments:
Very interesting paper; a lot of information I didn't know yet, despite my interest in the network. Thanks for sharing.
Post a Comment