First, I want to acknowledge the work David Bizeul put in his 70-page paper last november. But soon after that, the Russion Business Network went into hiding. Some reports talked about them setting up shop in Taiwan, China and Turkey. Thanks to the folks at Shadowserver, we are getting a good update about the current whereabouts:
In the last few months, there has been a significant amount of press coverage given to insidious cyber activity associated with the segment of the Internet known as the “Russian Business Network,” or RBN. Previous studies have suggested that the RBN has ties to nearly every area of cybercrime, including: phishing, malware, DDOS activity, pornography, botnets, and anonymization.
In November 2007, media reporting indicated that a large portion of the RBN “went dark.” Since that time, the Shadowserver Foundation has been more closely analyzing outlying networks implicated as being associated with RBN. One of these suspected outliers is AS9121, known as TurkTelekom. SecurityZone.org reported in early December 2007 that while not everything in TurkTelekom appears to be malicious, there are some ranges that are “particularly bad” and analysis of Shadowserver Foundation data agrees. Several subranges quickly stand out as being deeply involved in malicious cyber activity: 88.255.90.0/24 and 88.255.94.0/24. IP registration indicates these ranges are listed under the name “ABDALLAH INTERNET HIZMETLERI” (AIH).
Download report (pdf).
In the last few months, there has been a significant amount of press coverage given to insidious cyber activity associated with the segment of the Internet known as the “Russian Business Network,” or RBN. Previous studies have suggested that the RBN has ties to nearly every area of cybercrime, including: phishing, malware, DDOS activity, pornography, botnets, and anonymization.
In November 2007, media reporting indicated that a large portion of the RBN “went dark.” Since that time, the Shadowserver Foundation has been more closely analyzing outlying networks implicated as being associated with RBN. One of these suspected outliers is AS9121, known as TurkTelekom. SecurityZone.org reported in early December 2007 that while not everything in TurkTelekom appears to be malicious, there are some ranges that are “particularly bad” and analysis of Shadowserver Foundation data agrees. Several subranges quickly stand out as being deeply involved in malicious cyber activity: 88.255.90.0/24 and 88.255.94.0/24. IP registration indicates these ranges are listed under the name “ABDALLAH INTERNET HIZMETLERI” (AIH).
Download report (pdf).
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment