Advertisement
Promo

Security threats Toolkit

Infamous Russian malware gang vanishes

Tom Espiner ZDNet.co.uk

Published: 09 Nov 2007 18:08 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An alleged Russian malware hosting gang has abruptly disappeared, according to Trend Micro.

The Russian Business Network (RBN), which was allegedly heavily involved in hosting malware packing kits — development suites for malware — suddenly dropped off the internet on Tuesday, said the security company.

"It feels like their upstream providers put them on a black list, and terminated services to this problematic customer," said Raimund Genes, chief technology officer for Trend Micro's antivirus division, on Friday.

Researchers from internet security company VeriSign said that RBN has been able to offer "bullet-proof hosting" for malware by means of links to the Russian government.

Genes claimed it is likely that whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cybercrime was on RBN sites, but recently they've become too greedy," said Genes. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. [The site] was rented to multiple malware gangs."

Watch this

Video: Frank Abagnale caught on camera at RSA
Video Story Video Control Panel

Genes added that some US government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL injection attacks to make them point to other RBN sites compromised with malware. "Maybe some government was upset by [RBN] activity," said Genes.

Although Trend Micro says it cannot be 100 percent sure, the company believes that the gang has shifted operations to Asia. Sites hosted in Taiwan and China are now hosting malware packing kits and malware which had been commonly hosted on RBN sites.

"Sites in Taiwan and China are now hosting malware with the same behaviour," said Genes. "MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits."

MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking vulnerabilities in the way they handle Iframe HTML tags.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
12 out of 12 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Ektron CMS400 Developer - Contract - to 250pd

Purchasing Administrator (Hardware / Software Procurement)

Network Engineer

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

3 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters