The notorious Russian Business Network has suddenly picked up from its St. Petersburg digs and diversified, spreading its unwholesome activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses, according to security company Trend Micro. The Internet presence for the RBN—a Russian ISP that's infamous for hosting shady and criminal businesses—blinked off at about 7 p.m. PST on Nov. 6, security researchers at Trend Micro reported the following day. For a few moments, Trend Micro researchers imagined the Internet had become, even fleetingly, a tad safer. That hope didn't last long, however. Paul Ferguson, a network architect for the company, told eWEEK that Trend Micro has noticed RBN-like activity on blocks of IP addresses that were registered in China and other locations shortly before the RBN closed down the routes to its St. Petersburg addresses.
The RBN is a highly segmented, loosely affiliated criminal organization that specializes in virtually every aspect of online crime, with specialized work being handed out piecemeal to guns for hire, whether it's money laundering, money mule activity, child porn site hosting, search engine optimization for raising page rankings, bulletproof hosting, credit card information theft or raiding of bank accounts. Ferguson has tracked RBN foot soldiers worldwide, to locations such as the West Coast of the United States and to southern India.
View: Full Story on eWeek