Infamous Russian malware gang vanishes

Summary:Trend Micro claims the Russian Business Network has suddenly dropped off the internet, but the group may have resurfaced in Asia

An alleged Russian malware hosting gang has abruptly disappeared, according to Trend Micro.

The Russian Business Network (RBN), which was allegedly heavily involved in hosting malware packing kits — development suites for malware — suddenly dropped off the internet on Tuesday, said the security company.

"It feels like their upstream providers put them on a black list, and terminated services to this problematic customer," said Raimund Genes, chief technology officer for Trend Micro's antivirus division, on Friday.

Researchers from internet security company VeriSign said that RBN has been able to offer "bullet-proof hosting" for malware by means of links to the Russian government.

Genes claimed it is likely that whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cybercrime was on RBN sites, but recently they've become too greedy," said Genes. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. [The site] was rented to multiple malware gangs."

Genes added that some US government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL injection attacks to make them point to other RBN sites compromised with malware. "Maybe some government was upset by [RBN] activity," said Genes.

Although Trend Micro says it cannot be 100 percent sure, the company believes that the gang has shifted operations to Asia. Sites hosted in Taiwan and China are now hosting malware packing kits and malware which had been commonly hosted on RBN sites.

"Sites in Taiwan and China are now hosting malware with the same behaviour," said Genes. "MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits."

MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking vulnerabilities in the way they handle Iframe HTML tags.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.