January 14, 2008 (TechWorld.com) -- One of the best ways to fight the criminal malware networks that now populate the Internet might actually be the simplest -- publicize their existence.
That is one conclusion that could be drawn from a white paper (download PDF) published by a volunteer group, the Shadowserver Foundation, which assesses the activities of the Russian Business Network (RBN), a major crimeware hub that abruptly disappeared from the Internet in November after its existence received worldwide publicity.
The authors suggest that what drove the hub out of existence was not the activity of the many small groups of antimalware volunteers, but the simple fact that the RBN's notoriety had grown to embarrassing proportions.
"On reflection, it is disconcerting that it seems to have taken the visibility from The Washington Post and Wired articles to bring the necessary pressure to bear on this network to affect its disappearance," says the paper, which delves into the technical details of some of the hub's activities.
Before its demise, the RBN was blamed for hosting a wide range of malware activities -- including Trojan horses, spam, child pornography and specific hacking incidents -- under the shield of an apparently legitimate business in Russia. Targeted by a number of antimalware organizations such as U.K.-based Spamhaus.org, the network was able to continue without hindrance until its notoriety reached the mainstream press. Particularly significant were a number of articles run in The Washington Post in October.
-----------------------
You know what they say, "Sunlight is the best disinfectant."
Whew!
ReplyDeleteBoy am I glad RBN is gone and doesn't exist anymore...
NOT!
I don't believe anyone said that RBN doesn't exist anymore...
ReplyDeleteYou and I know that they had to re-group and start operations at another location. Are they gone? Of course not. Did they have to waste time and money to move their operations to another location? I would like to think so.
RBN is in it for the money, and anything that causes them to take a step back and regroup is a good thing. This means wasted time and money on re-grouping and re-org'in.
The war is still ongoing, but any action that might cause them to drop and run is a win as far as I am concerned.
This sure is misleading then:
ReplyDelete"That is one conclusion that could be drawn from a white paper (download PDF) published by a volunteer group, the Shadowserver Foundation, which assesses the activities of the Russian Business Network (RBN), a major crimeware hub that abruptly disappeared from the Internet in November after its existence received worldwide publicity.
The authors suggest that what drove the hub out of existence was not the activity of the many small groups of antimalware volunteers, but the simple fact that the RBN's notoriety had grown to embarrassing proportions."
The use of "hub" appears to suggest that RBN went out of existence when in fact it means that only a small subset of RBN was turned off. Several other major components of RBN still exist. rbnexploit.blogspot.com still shows that some of the original sites and systems are still in play.
What exactly about RBN "abruptly disappeared"?
The PDF is a good paper, but the article isn't a good recap. Unfortunately PHBs only read the recap and not the PDF. They will see "RBN abruptly disappeared".
RBN was, and is still using sites all over the world, including many hosting facilities for it's malware and sales of it's software systems.
I tracked one (vbris) from October of 2006 thru February of 2007 and it wasn't just at RBN (though some of it was there), it was gobal, and that was in 2006.
I agree with you, but I just didn't like the misleading tone of the ComputerWorld article.
PS: Most people don't get my satire either.
I agree with you that the CW article is a bit misleading when read PHBs or other that are commonly to high level views.
ReplyDeleteIt is my understand that most of the activity that was originally in Russia was pushed to other nations, like China. I assume that RBN has always had some activities running in other nations, but all the public attention and "bad press" forced them to find another "hiding spot" - if you will.
Luckily, I did get your satire..lol