Russian Business Network

Last updated August 29, 2023

The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.^[1]^[2]^[3]

The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider for child pornography, phishing, spam, and malware distribution physically based in St. Petersburg, Russia. By 2007, it developed partner and affiliate marketing techniques in many countries to provide a method for organized crime to target victims internationally.^[4]

Activities

According to internet security company VeriSign, RBN was registered as an internet site in 2006.

Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals.^[5]

The RBN has been described by VeriSign as "the baddest of the bad".^[6] It offers web hosting services and Internet access to a wide range of criminal and objectionable activities, with individual activities earning up to $150 million in one year.^[7] Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network.^[6] RBN has been known to sell its services to these operations for $600 per month.^[4]

The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.^[6]

One increasingly known activity of the RBN is delivery of exploits through fake anti-spyware and anti-malware, for the purposes of PC hijacking and personal identity theft.^[8] McAfee SiteAdvisor tested 279 “bad” downloads from malwarealarm.com, mentioned in the Dancho Danchev referenced article, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper.^[9] The user is enticed to use a “free download” to test for spyware or malware on their PC; MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. In addition to MalwareAlarm, numerous instances of rogue software are linked to and hosted by the RBN.^[10]

According to a since closed Spamhaus report, RBN is “Among the world's worst spammer, malware, phishing and cybercrime hosting networks. Provides 'bulletproof hosting', but is probably involved in the crime too”. Another Spamhaus report states, "Endless Russian/Ukrainian funded cybercrime hosting [at this network]."^[11] October 13, 2007, RBN was the subject of a Washington Post article,^[12] in which Symantec and other security firms claim RBN provides hosting for many illegal activities, including identity theft and phishing.

Routing operations

The RBN operates (or operated) on numerous Internet Service Provider (ISP) networks worldwide and resides (resided) on specific IP addresses, some of which have Spamhaus blocklist reports.^[13]

Political connections

It has been alleged that the RBN's leader and creator, a 24-year-old known as Flyman, is the nephew of a powerful and well-connected Russian politician. Flyman is alleged to have turned the RBN towards its criminal users.^[5] In light of this, it is entirely possible that past cyber-terrorism activities, such as the denial of service attacks on Georgia and Azerbaijan in August 2008,^[14] may have been co-ordinated by or out-sourced to such an organization. Although this is currently unproven, intelligence estimates suggest this may be the case.^[15]

Related Research Articles

<span class="mw-page-title-main">Spamming</span> Unsolicited electronic messages, especially advertisements

Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime is a type of crime involving a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone's security or finances.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by e-mail

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Crimeware is a class of malware designed specifically to automate cybercrime.

<span class="mw-page-title-main">Bulletproof hosting</span> Internet service for use by cyber-criminals

Bulletproof hosting (BPH) is technical infrastructure service provided by an Internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks. BPH providers allow online gambling, illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.

Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest, a division of Claranova.

<span class="mw-page-title-main">Rogue security software</span> Form of malicious software

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

<span class="mw-page-title-main">Jart Armin</span> Cybercrime and computer security investigator and analyst

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced. No matter, in developing or developed countries, governments and industries have gradually realized the colossal threats of cybercrime on economic and political security and public interests. However, complexity in types and forms of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale. China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.

The following outline is provided as an overview of and topical guide to computer security:

The cyber-arms industry are the markets and associated events surrounding the sale of software exploits, zero-days, cyberweaponry, surveillance technologies, and related tools for perpetrating cyberattacks. The term may extend to both grey and black markets online and offline.

References

↑ "RBNexploit.com". CyberDefcon / Jart Armin. Retrieved November 29, 2017.
↑ SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
↑ Topical Research Reports - Security Intelligence from VeriSign, Inc
1 2 Brian Krebs (2007-10-13). "Shadowy Russian Firm Seen as Conduit for Cybercrime". Washington Post.
1 2 Warren, Peter (2007-11-15). "Hunt for Russia's web criminals". The Guardian. London. Retrieved 2010-05-23.
1 2 3 "A walk on the dark side". The Economist. 2007-09-30.
↑ "Cybergang raises fear of new crime wave". timesonline.co.uk.
↑ "Mind Streams of Information Security Knowledge: The Russian Business Network". Dancho Danchev's Blog. Retrieved October 18, 2007.
↑ "malwarealarm .com rating by McAfee SiteAdvisor".
↑ "RBN – The Top 20, fake anti-spyware and anti-malware Tools". rbnexploit.blogspot.com. Retrieved November 29, 2017.
↑ "SBL64875". Spamhaus.org. Retrieved November 29, 2017.
↑ Krebs, Brian. "Shadowy Russian Firm Seen as Conduit for Cybercrime". The Washington Post. Retrieved 2010-05-23.
↑ "RBN IPs". EmergingThreats.net blacklist. Archived from the original on 29 October 2012. Retrieved 1 November 2012.
↑ RBN-Georgia cyberwarfare (rbnexploit.blogspot.com - blog)
↑ "The hunt for Russia's web crims". The Age. Melbourne. 2007-12-13.

External links

Spamhaus – Rokso listing and description of RBN activities
RBN Study - bizeul org - PDF
Shadowserver - RBN as RBusiness Network AS40898 - Clarifying the guesswork of Criminal Activity - PDF

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "RBNexploit.com". CyberDefcon / Jart Armin. Retrieved November 29, 2017.

[2] SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

[3] Topical Research Reports - Security Intelligence from VeriSign, Inc

[wp20071013-4] 1 2 Brian Krebs (2007-10-13). "Shadowy Russian Firm Seen as Conduit for Cybercrime". Washington Post.

[Warren-5] 1 2 Warren, Peter (2007-11-15). "Hunt for Russia's web criminals". The Guardian. London. Retrieved 2010-05-23.

[econ20070930-6] 1 2 3 "A walk on the dark side". The Economist. 2007-09-30.

[7] "Cybergang raises fear of new crime wave". timesonline.co.uk.

[8] "Mind Streams of Information Security Knowledge: The Russian Business Network". Dancho Danchev's Blog. Retrieved October 18, 2007.

[9] "malwarealarm .com rating by McAfee SiteAdvisor".

[10] "RBN – The Top 20, fake anti-spyware and anti-malware Tools". rbnexploit.blogspot.com. Retrieved November 29, 2017.

[11] "SBL64875". Spamhaus.org. Retrieved November 29, 2017.

[12] Krebs, Brian. "Shadowy Russian Firm Seen as Conduit for Cybercrime". The Washington Post. Retrieved 2010-05-23.

[13] "RBN IPs". EmergingThreats.net blacklist. Archived from the original on 29 October 2012. Retrieved 1 November 2012.

[14] RBN-Georgia cyberwarfare (rbnexploit.blogspot.com - blog)

[15] "The hunt for Russia's web crims". The Age. Melbourne. 2007-12-13.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

v t e Scams and confidence tricks
Terminology	Confidence trick Error account Shill Shyster Sucker list
Notable scams and confidence tricks	1992 Indian stock market scam 2G spectrum case Advance-fee scam Art student scam Badger game Bait-and-switch Black money scam Blessing scam Bogus escrow Boiler room Bride scam Narada sting operation Bullet-planting scheme Charity fraud Clip joint Coin-matching game Coin rolling scams Drop swindle Embarrassing cheque Exit scam Extraterrestrial real estate Fiddle game Fine print Foreclosure rescue scheme Foreign exchange fraud Fortune telling fraud Gem scam Get-rich-quick scheme Green goods scam Hustling Indian coal allocation scam IRS impersonation scam Intellectual property scams Kansas City Shuffle Kerala gold smuggling case Locksmith scam Long firm Miracle cars scam Mismarking Mock auction Moving scam National Herald corruption case Overpayment scam Patent safe Pig in a poke Pigeon drop Pork barrel Pump and dump Redemption/A4V schemes Reloading scam Rent-sangla scam Return fraud Salting Shell game Sick baby hoax SIM swap scam Slavery reparations scam Spanish Prisoner SSA impersonation scam SSC Scam Strip search phone call scam Swampland in Florida Technical support scam Telemarketing fraud Thai tailor scam Thai zig zag scam Three-card monte Trojan horse Vyapam scam West Bengal blood test kit scam White van speaker scam Work-at-home scheme West Bengal SSC recruitment scam
Internet scams and countermeasures	Avalanche Carding Catfishing Click fraud Clickjacking Cramming Cryptocurrency scams Cybercrime CyberThrill DarkMarket Domain name scams Email authentication Email fraud Internet vigilantism Lenny anti-scam bot Lottery scam PayPai Phishing Referer spoofing Ripoff Report Rock Phish Romance scam Russian Business Network SaferNet Scam baiting 419eater.com Jim Browning Kitboga Scammer Payback ShadowCrew Spoofed URL Spoofing attack Stock Generation Voice phishing Website reputation ratings Whitemail
Pyramid and Ponzi schemes	Aman Futures Group Bernard Cornfeld Caritas Dona Branca Earl Jones Ezubao Foundation for New Era Philanthropy Franchise fraud High-yield investment program (HYIP) Investors Overseas Service Kapa investment scam Kubus scheme Madoff investment scandal Make Money Fast Matrix scheme MMM Petters Group Worldwide Pyramid schemes in Albania Reed Slatkin Saradha Group financial scandal Secret Sister Scott W. Rothstein Stanford Financial Group Welsh Thrasher faith scam
Lists	Con artists Confidence tricks Criminal enterprises, gangs and syndicates Impostors In the media Film and television Literature Ponzi schemes