You are here: silicon.com > Software > Malware

Malware

Russian malware gang goes to ground

Or has it just moved east?

Tags: malware, asia, security, gangs

Printer Friendly Email Story RSS

By Tom Espiner

Published: 12 November 2007 16:42 GMT

An alleged Russian malware hosting gang has abruptly disappeared, according to internet security company Trend Micro.

The Russian Business Network (RBN), which was allegedly heavily involved in hosting malware packing kits - development suites for malware - suddenly dropped off the internet last week, said the security company.

Raimund Genes, chief technology officer for Trend Micro's antivirus division, said: "It feels like their upstream providers put them on a black list and terminated services to this problematic customer."

Researchers from internet security company VeriSign said RBN has been able to offer "bullet-proof hosting" for malware through links to the Russian government.

Genes claimed it's likely whatever protection RBN enjoyed was withdrawn because the group had overreached itself. "All kinds of cyber crime was on RBN sites but recently they've become too greedy," said Genes. "They infiltrated a Turkish government site so that it pointed to a site in Panama that was registered under RBN. [The site] was rented to multiple malware gangs."

Genes added some Brazilian sites and some US government ones, which he declined to identify specifically, had been compromised through SQL injection attacks to make them point to other RBN sites compromised with malware. "Maybe some government was upset by [RBN] activity," said Genes.

Security A to Z

From antivirus to zero-day, click here for silicon.com's alphabetical guide to security.

Although Trend Micro says it can't be 100 per cent sure, the company believes the gang has shifted operations to Asia. Sites hosted in China and Taiwan are now hosting malware packing kits and malware which had been commonly hosted on RBN sites.

Genes said: "Sites in Taiwan and China are now hosting malware with the same behaviour - MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits."

MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking vulnerabilities in the way they handle Iframe HTML tags.

Tom Espiner writes for ZDNet.co.uk

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

wild guess here I'd say they've been "recruited...
Karen Challinor

Click here to see all

Related Links

Mac porn Trojan is multiplying, warns F-Secure

Phishers snare Salesforce.com data

Security threats evolve again

Storm botnet 'services' for hire?

Cyber criminals building more but smaller botnets

Mobile malware threat 'not high'

Viruses - is the threat over?

Cyber criminals turn pro

The A to Z of security

Is this the malware mother of all botnets?

China hosting half of world's malicious sites

Malware writers target open source

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you

Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy

SMS flaw leaves iPhone vulnerable to attack

Why Google's security arm doesn't have a war room

ATM hack talk pulled from security conference

PayPal techies hit fraudsters where it hurts

SMEs on target list for UK cyber attack group


  • Jobs
Trade Specialist - China

My client a renewable energy company based in China is looking for someone fluent in several languages to work within a trade department in China.The ...

Systems & Database Analyst

Primary Responsibilities: Maintain the 'core business'applications that are hosted within theinfrastructure. Gatwick My FTSE 250 client based in ...

Service Desk Engineer (Cisco)

Wavex currently offers a range of services from managed services to individual technical solutions such as hosting and co-location, infrastructure ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

The Financial Close: Optimizing Performance and Driving Financial Excellence

Enterprise Performance Management - Financial Excellence and Beyond

A complete view of the enterprise

Making the Business Case for HR Investments

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Large Hadron Collider's grid gets stressed

Heatwave? No sweat for CIOs

Has in-flight entertainment got wings in the iPod era?

MoD inks £231m deal to boost comms

Take a trip to the future of air travel

Orange launches managed videoconferencing




Quick Sitemap Links: