NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0378 Study Gives Insight to Russian Business Network Activities:


A white paper published by the nonprofit botnet-trracker Shadowserver Foundation analyzes a group of interconnected networks on the Russian Business Network (RBN). Shadowserver looked at malware associated with the so-called AS40989 group of interconnected IP networks on the RBN, gathering nearly 3,000 samples of the Gozi, Goldun, Hupigon, Nurech, Nuklus, Pinch, Sinowal, Tibs, and Xorpix Trojans, as well as dialers downloaders, worms, adware, page hijackers, and proxies that communicated with the AS40989 network via HTTP connections. The paper made the following observations:

  1. RBN's business model was based on distributing software for spamming and stealing personal data.
  2. RBN malware hosts appeared to be professionally managed, meaning that the malware back-ends were rarely misconfigured or open to inspection, and rarely generated errors or moved from host to host.
  3. Shadowserver also made a case for going public sooner about "known rogue networks, ISPs, and ASPs" such as RBN. "The initial audience of the paper knew about RBN and its practices long before any effective action was taken to remove the general threat it posed," said Shadowserver.

(www.darkreading.com 11JAN08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 12:02:52 EST