back to article Controversial Russian Business Network drops offline

Russian Business Network (RBN) - the Controversial hosting firm fingered by many as a nexus of malware exploits and cybercrime more generally - has suddenly dropped offline. Trend Micro reports that the infamous network dropped off the net at around 0200 GMT on Wednesday, possibly after its upstream service providers pulled …

COMMENTS

This topic is closed for new posts.
  1. Sam

    Demand

    IP range please.

  2. Brian Miller

    Upstream ISPs should act quicker

    The upstream ISPs shouldn't have waited until the Washington Post started running articles about the problem. One would hope that ISPs would be more dilligent about ditching offenders like RBN.

    Of course, if RBN moves to China, the ISPs there could fall foul of Beijing's head-rolling policy. This year the Chinese authorities executed a fellow for unauthorized use of the Chinese Olympics logo on pirated Windows CDs. Perhaps after a few heads roll the Chinese ISPs will boot RBN out, too.

  3. Biton Walstra

    Block their IP on every Router

    Just block their networks on every border router you have (as we do) will sort that problem by it self.

  4. Anonymous Coward
    Happy

    Hoooray...

    As a web site administrator who's usually faced with many fake registrations, which mostly push porn, drugs, dodgy loans and so on, I've noticed a big fall off in these registrations in the last couple of days.

    Hopefully these guys will be off line for ever. (Wishful thinking I fear).

  5. Name

    IP Addresses for the RBN

    http://it.slashdot.org/comments.pl?sid=327367&cid=20971557

    Slashdot had a story about this. The linked comment is a complete list of the IP ranges turned into a list of iptables commands.

  6. Dave

    Interesting...

    On reading this i checked my spam box - and lo and behold i havn't had 'your account was accessed/blocked' emails from natwest bank/(royal) bank of scotland today - normally i get about 15-20 of them.

    (I'm not a customer of either bank which makes it slightly amusing)

  7. Henry Smith

    This may be like playing....

    ...Wackomole. My web forum has been getting signup requests from the Panama Branch of the RBN. IP range is 81.95.148.0 - 81.95.151.255. Do a 'whois' on that range and see details.

  8. Anonymous Coward
    Stop

    DROPRBN

    cat /etc/firewall/DROPRBN

    #!/bin/bash

    /usr/bin/curl -s http://www.spamhaus.org/drop/drop.lasso |/bin/grep ^[1-9]|/usr/bin/cut -f 1 -d ' ' |/usr/bin/xargs -iX -n 1 /sbin/iptables -A INPUT -s X -i eth0 -j DROP

  9. kevin elliott

    spammers

    Take a look at www.fspamlist.com, especially under export.

  10. Will Blake
    Flame

    RBN Offline Really?

    I must admit sometimes I get really depressed about the standard of journalism and commercial bias with Internet security issues nowadays.

    What started as Washington Post blog article concerning the dropping of “some” RBN IP addresses and another “regular” shift of their operation bases. Within 48 hours Trend Micro reporting the RBN has “no” internet connectivity, to grab a few clicks and as Johnny Come Lately hint to claim the credit, here The Register just copies this fabricated story.

    For Anonymous Coward, the reason there has been a drop off over the last few days is Bleeding Threats RBN blacklist going into operation, http://doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork

    Just yesterday for example the on average 130,000 internet users per day still visited the RBN’s fake, anti-spyware and anti-malware products http://rbnexploit.blogspot.com/2007/11/rbn-fake-tools-rogue-software-bank-of.html .

    How come? The RBN have been using alternative DNS routing and name servers for four years.

    So everyone now believes 60-70% of all the current online exploits have gone away? Who gains by this stupidity? – Ah... Trend Micro, Symantec, MS$, security journalists? et. al . – Come on you mugs keep buying the products which can maybe put your PC right “after” exploitation!

  11. Pascal Monett Silver badge

    @Double Dekkers

    You know, the guy who can understand what you wrote and what to do with it probably doesn't need to read it here in the first place.

    Could someone translate that into English ?

  12. Tom Farrar
    Unhappy

    This isn't a real hit for RBN...

    Lets face it, they have more assigned IP's than just this one AS which doesn't get peered anymore.

    AS40989 is gone, true:

    http://www.cidr-report.org/cgi-bin/as-report?as=AS40989

    Which gets rid of AS28866 (AkiMon), another of there networks, but what about AS41731/AS41173? They have a loads of ASN's, and simply blocking one range isn't going to really help.

    This really isn't the last we will hear!

  13. Stovarok

    @Pascal Monett

    Actually, I never thought of it so it's good to read it here :)

    It downloads the "Spamhaus Don't Route Or Peer List" parses the IP addresses and adds them to the firewall.

This topic is closed for new posts.