- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
Or has it just moved east?
By Tom Espiner
Published: 12 November 2007 16:42 GMT
An alleged Russian malware hosting gang has abruptly disappeared, according to internet security company Trend Micro.
The Russian Business Network (RBN), which was allegedly heavily involved in hosting malware packing kits - development suites for malware - suddenly dropped off the internet last week, said the security company.
Raimund Genes, chief technology officer for Trend Micro's antivirus division, said: "It feels like their upstream providers put them on a black list and terminated services to this problematic customer."
Researchers from internet security company VeriSign said RBN has been able to offer "bullet-proof hosting" for malware through links to the Russian government.
Genes claimed it's likely whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cyber crime was on RBN sites but recently they've become too greedy," said Genes. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. [The site] was rented to multiple malware gangs."
Genes added some Brazilian sites and some US government ones, which he declined to identify specifically, had been compromised through SQL injection attacks to make them point to other RBN sites compromised with malware. "Maybe some government was upset by [RBN] activity," said Genes.
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. 
Although Trend Micro says it can't be 100 per cent sure, the company believes the gang has shifted operations to Asia. Sites hosted in China and Taiwan are now hosting malware packing kits and malware which had been commonly hosted on RBN sites.
Genes said: "Sites in Taiwan and China are now hosting malware with the same behaviour - MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits."
MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking vulnerabilities in the way they handle Iframe HTML tags.
Tom Espiner writes for ZDNet.co.uk
Education sector users with mission-critical hosted applications. We are currently delivering 24x7 hosted services to 8000+ customer networks (1000+ ...
Internet / Leased lines - Web applications IIS / operating system support Desirable - MCSE - Citrix Metaframe PS4 - SQL maintenance, tuning and ...
Working as part of a vibrant team, your role will involve the implementation, management, development and support of the technical infrastructure ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Financial-Software Leader Credits Productivity Boost, Reduced IT Costs to 2007 Software
Staying Ahead of the Curve: Oracle Database 11g vs. Microsoft SQL Server 2005
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?