« December 2007 · June 2008 · March 2010 »

February 2008
MonTueWedThuFriSatSun
    010203
04050607080910
11121314151617
18192021222324
2526272829  
March 2008
MonTueWedThuFriSatSun
     0102
03040506070809
10111213141516
17181920212223
24252627282930
31      
April 2008
MonTueWedThuFriSatSun
 010203040506
07080910111213
14151617181920
21222324252627
282930    

Calendar:

  • 24.04.2008: Thousands of More Hacked Websites Targeting Your Passwords
  • 20.04.2008: Entropy and Bot Counts
  • 10.04.2008: DSL Reports under DDoS Attack Again
  • 28.03.2008: New Packer Statistics
  • 20.03.2008: uc8010.com and 2117966.net Attacks Linked
  • 13.03.2008: Recently Hacked Websites Aiming to Steal Your Passwords
  • 11.03.2008: Intel Strategy Conference - Portland Oregon, United States
  • 01.03.2008: See below.
  • 29.02.2008: ISO4 Conference - Sunnyvale California, United States
  • 20.02.2008: NSP-SEC Summit - San Jose California, United States
  • 18.02.2008: Gambling Websites Under Attack
  • 10.02.2008: Storm Worm Valentine's Day Update
  • 09.02.2008: Inbot08 Conference - Aachen, Germany
Newest first Oldest first

Saturday, 1 March 2008

New Whitepaper: RBN "Rizing"

Russian Business Network (RBN)

In the last few months, there has been a significant amount of press coverage given to insidious cyber activity associated with the segment of the Internet known as the “Russian Business Network,” or RBN. Previous studies have suggested that the RBN has ties to nearly every area of cybercrime, including: phishing, malware, DDOS activity, pornography, botnets, and anonymization.

In November 2007, media reporting indicated that a large portion of the RBN “went dark.” Since that time, the Shadowserver Foundation has been more closely analyzing outlying networks implicated as being associated with RBN. One of these suspected outliers is AS9121, known as TurkTelekom. SecurityZone.org reported in early December 2007 that while not everything in TurkTelekom appears to be malicious, there are some ranges that are “particularly bad” and analysis of Shadowserver Foundation data agrees. Several subranges quickly stand out as being deeply involved in malicious cyber activity: 88.255.90.0/24 and 88.255.94.0/24. IP registration indicates these ranges are listed under the name “ABDALLAH INTERNET HIZMETLERI” (AIH).

Abdallah Internet Hizmetleri (AIH)

In one of the most thorough RBN studies to date, David Bizeul reported that AIH ranges 88.255.90.0/24 and 88.255.94.0/24 - are among the “most used network ranges used by RBN affiliates’ domain names.” The purpose of this paper is to take a deeper look at these two class C ranges of AIH based out of Rize, Turkey, available information from the Internet, and statistics collected by the Shadowserver Foundation to provide further insight into the scope and depth of the RBN.

Read the full paper or view all of our posted whitepapers.

=>Posted March 01, 2008, at 12:57 AM by dn1nj4?