You are here: silicon.com > Software > Malware

Malware

Russian malware gang goes to ground

Or has it just moved east?

Tags: security, asia, gangs, malware

Printer Friendly Email Story RSS

By Tom Espiner

Published: 12 November 2007 16:42 GMT

An alleged Russian malware hosting gang has abruptly disappeared, according to internet security company Trend Micro.

The Russian Business Network (RBN), which was allegedly heavily involved in hosting malware packing kits - development suites for malware - suddenly dropped off the internet last week, said the security company.

Raimund Genes, chief technology officer for Trend Micro's antivirus division, said: "It feels like their upstream providers put them on a black list and terminated services to this problematic customer."

Researchers from internet security company VeriSign said RBN has been able to offer "bullet-proof hosting" for malware through links to the Russian government.

Genes claimed it's likely whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cyber crime was on RBN sites but recently they've become too greedy," said Genes. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. [The site] was rented to multiple malware gangs."

Genes added some Brazilian sites and some US government ones, which he declined to identify specifically, had been compromised through SQL injection attacks to make them point to other RBN sites compromised with malware. "Maybe some government was upset by [RBN] activity," said Genes.

Security A to Z

From antivirus to zero-day, click here for silicon.com's alphabetical guide to security.

Although Trend Micro says it can't be 100 per cent sure, the company believes the gang has shifted operations to Asia. Sites hosted in China and Taiwan are now hosting malware packing kits and malware which had been commonly hosted on RBN sites.

Genes said: "Sites in Taiwan and China are now hosting malware with the same behaviour - MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits."

MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking vulnerabilities in the way they handle Iframe HTML tags.

Tom Espiner writes for ZDNet.co.uk

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

wild guess here I'd say they've been "recruited...
Karen Challinor

Click here to see all

Related Links

Mac porn Trojan is multiplying, warns F-Secure

Phishers snare Salesforce.com data

Security threats evolve again

Storm botnet 'services' for hire?

Cyber criminals building more but smaller botnets

Mobile malware threat 'not high'

Viruses - is the threat over?

Cyber criminals turn pro

The A to Z of security

Is this the malware mother of all botnets?

China hosting half of world's malicious sites

Malware writers target open source

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...

Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech

Phishers set their sights on corporate accounts

Tax-refund phishing scams hit an all-time high

First critical Windows 7 patches released

Online fraudsters enlist Trojans to run off with your money

Microsoft files lawsuits in malicious-ad crackdown


  • Jobs
New Business Sales - Managed Hosting/ Managed Services

Sales, IT Managed Services, Hosted Solutions, SaaS, DNS, Internet Hosting, New Business, Business Development, New Business Sales Executive - IT ...

New Business Sales Executive - IT Managed Hosting/ Smart Tech

Business Development Manager - IT Managed Services/ Hosted Solutions/ Smart Technology - London/ City - 70,000. Services including: Hosting, Deskside ...

SALES ? Manchester / Managed Hosting ? Cloud Services

But opening and closing business is the most important skills we are looking for Great place to work - expect to be working with a team of similarly ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Pay for IT chiefs weathers the storm

Illegal downloaders crackdown: Digital Economy Bill to cut them off

Salesforce.com makes more friends in the cloud

Google sheds light on netbook plans for Chrome OS

How to squeeze the last drops of savings from an outsourcing contract

Salesforce.com plans social networking for business




Quick Sitemap Links: