SEARCH RESULTS
 
Showing 1-10 of 41 records
 
Expand article

Wired.com and History.com Getting RBN-ed

The Article has images
2008-03-10 14:20:33 by HASH0x8aeaaa0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN introducing a new malware, in between the pharmaceutical scams that they serve on the basis of an affiliation model . So, after " CNET stops IFRAME site attacks - who's next? " in terms of high-profile sites, that is Wired.com and History.com Key summary points the same malicious parties behind the CNET and TorrentReactor's IFRAME...
 
Tags: malware, vbs malware, malware attack, rbn, media malware gang, iframe injection attack, iframe injection, malware research, high-profile sites
 
 
 
 
Expand article

Rogue RBN Software Pushed Through Blackhat SEO

The Article has images
2008-03-05 08:19:46 by HASH0x8b39d2c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN's rogue XP AntiVirus are relying on a much more diverse set of domains loading the IFRAME. One factor remains the same, both campaigns continue pushing the rogue XP AntiVirus. XP AntiVirus's pitch, note the downloads success rate mentioned and how they forgot to change the template used in the campaign by putting the rogue's name XP...
 
Tags: rbn, huge iframe campaign, iframe campaign, iframe, rbn coverage, single rbn, russian business network, campaign, antivirus
 
 
 
 
Expand article

RBN's Fake Account Suspended Notices

The Article has images
2008-01-15 19:07:34 by HASH0x8b4a7ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN started faking the removal of malicious domains from its network by placing fake account suspended notices, but continuing the malware and exploit serving campaigns on them. And since I constantly monitor RBN activity, in particular their relationship with the New Media Malware Gang and Storm Worm, a relationship that I've in fact...
 
Tags: media malware gang, malware gang, malware, rbn, exe, russian business network, actual operational department, fake account, network
 
 
 
 
Expand article

HACKED BY THE RBN!

The Article has images
2008-04-01 15:52:09 by HASH0x8b24a94 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN 0wnZ 7th1$ Bl0g! April 1st, 2008, St.Petersburg, Russia. The Russian Business Network, an internationally renowned cyber crime powerhouse is proud to present its very latest malware cocktail by embedding live exploit URLs within one of the top ten blogs to be malware embedded due to their overall negative attitude regarding the RBN's...
 
Tags: 42jdk7dx, 42jdk7dx pinch, 42jdk7dx system, 42jdk7dx ldig0031242, 42jdk7dx inst250, 42jdk7dx bhos, 42jdk7dx win32, exe, 42jdk7dx bho
 
 
 
 
Expand article

RBN's Phishing Activities

The Article has images
2008-02-27 13:20:49 by HASH0x8b05fb8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN's zombies trying to connect to their old netblocks , and botnets being used to host and send out phishing content , what looks like entirely isolated incidents in the present, is what has actually being going on on RBN's network during the summer of 2007. A picture is worth a thousand speculations, yes it is. As you can see in the...
 
Tags: rbn, html, historical screenshot, screenshot, rbn urls, network, russian business network, nuklus production speaks, nuklus
 
 
 
 
Expand article

RBN's Malware Puppets Need Their Master

The Article has images
2008-02-26 09:34:19 by HASH0x8b6b48c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN's main ASN got "withdrawn" from the Internet due the public pressure put on the Russian Business Network's malicious activities , hundreds of malware variants continue trying to access their C&Cs and update locations from RBN's old netblock . Malware puppets with no master to connect to despite their endless efforts - now these are the...
 
Tags: malware puppets, rbn, malware variants continue, russian business network, main asn, partnership network, malicious activities, rbns migration, endless efforts
 
 
 
 
Expand article

The Malicious ISPs You Rarely See in Any Report

The Article has images
2008-06-30 09:31:08 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN's split network. Since it's becoming increasingly common for any of these ISPs to provide standard abuse replies and make it look like there's a shutdown in process, the average time it takes to shut down a malware command and control, or a malicious domain used in a high-profile web malware attack is enough for the campaign to achieve...
 
Tags: malicious, malicious isps, isps, report, malicious doorways continue, infrastructure, malicious infrastructure, malicious domain, malware command
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN's well known netblock Who's behind it It's all a matter of perspective, if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN. However as I've once pointed out...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Geolocating Malicious ISPs

The Article has images
2008-02-18 00:25:38 by HASH0x8af87d8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...RBN and the New Media Malware Gang , a customer of the RBN or RBN's actual operational department. To clarify even further, these are what can be defined as malicious ecosystems that actually interact with other quite often Ukrtelegroup Ltd 85.255.112.0 - 85.255.127.255 UkrTeleGroup Ltd Mechnikova 58/5 65029 Odessa UKRAINE phone:...
 
Tags: malicious, hong kong, hong kong hostfresh, malicious ecosystems, high-profile malware, malicious activities, rbn, media malware gang, actual operational department