Infamous Russian malware gang vanishes

Trend Micro claims the Russian Business Network suddenly dropped off the Internet, but the group may have resurfaced in Asia.

A Russian gang allegedly hosting malicious software abruptly disappeared this week, according to Trend Micro.

The Russian Business Network, which allegedly was heavily involved in hosting packing kits--development suites for malicious software--suddenly dropped off the Internet on Tuesday, the Tokyo-based security company said.

"It feels like their upstream providers put them on a blacklist and terminated services to this problematic customer," Raimund Genes, chief technology officer of Trend Micro's antivirus division, said Friday.

Researchers from Internet security company VeriSign said RBN has been able to offer "bulletproof hosting" for malicious software by means of links to the Russian government.

Genes claimed it is likely that whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cybercrime was on RBN sites, but recently, they've become too greedy," Genes said. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. (The site) was rented to multiple malware gangs."

Genes added that some U.S. government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL (Structured Query Language) injection attacks to make them point to other RBN sites compromised with malicious software. "Maybe some government was upset by (RBN) activity," Genes said.

Although Trend Micro says it cannot be 100 percent sure, the company believes that the gang has shifted operations to Asia. Sites hosted in Taiwan and China are now hosting malicious-software packing kits and software that had been commonly hosted on RBN sites.

"Sites in Taiwan and China are now hosting malware with the same behavior," Genes said. "MPack (packer kit) and its IcePack add-on are being offered, as well as iframe exploits."

MPack is a PHP-based kit that allows its developers to sell modules of malicious code. So-called iframe is an HTML tag that allows the embedding of a Web page inside another document; iframe malicious software targets Web browsers by attacking vulnerabilities in the way they handle iframe HTML tags.

Tom Espiner of ZDNet UK reported from London.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Metal Gear Solid V gets a perfect 10

Jeff Bakalar talks with GameSpot's Peter Brown about his perfect 10 review score of Metal Gear Solid V: The Phantom Pain.

by Jeff Bakalar