Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Historical OSINT

Monday, September 09, 2019

Historical OSINT - The Russian Business Network Says "Hi"

You know you're popular when "they" say "hi".

It's 2009 and I've received a surprising personal email courtesy of guess who - The Russian Business Network showing off the actual ownership of the hxxp://rbnnetwork.com domain and basically saying "hi". It's worth pointing out that throughout 2008-2013 I've extensively profiled the activities including the customer activities of some of the most prolific customers and members of the infamous Russian Business Network also known as the RBN in the context of blackhat SEO iFrame and input validation abuse across major Web properties including malvertising and various other malware-serving and client-side exploits serving campaigns including money mule recruitment and phishing campaigns the ubiquitous at the time fake security software also known as scareware in a variety of post series.

Related post - Dissecting a Sample Russian Business Network (RBN) Contract/Agreement Through the Prism of RBN's AbdAllah Franchise

It's been a decade since I last profiled the most prolific and sophisticated market-leading bullet-proof hosting cybercrime enterprise - the Russian Business network which at the time was dominating the majority of campaigns that I was busy profiling with the help of fellow researchers to whom I owe a big deal of thanks for approaching me circa 2008-2013 namely Jart Armin and James McQuaid with whom I've been directly or indirectly keeping in touch throughout 2008-2013 for the purpose of offering quality research on the activities of the Russian Business Network including their customers and fraudulent and malicious campaigns.

Related post - Historical OSINT - Inside the 2007-2009 Series of Cyber Attacks Against Multiple International Embassies

Stay tuned and thanks for reaching out!

Related Russian Business Network (RBN) Research:
I See Alive IFRAMEs Everywhere - Part Two
I See Alive IFRAMEs Everywhere
Bank of India Serving Malware
U.S Consulate in St.Petersburg Serving Malware
Syrian Embassy in London Serving Malware
CISRT Serving Malware
Compromised Sites Serving Malware and Spam
U.S Consulate St. Petersburg Serving Malware
Massive RealPlayer Exploit Embedded Attack
Malware Serving Exploits Embedded Sites as Usual
MDAC ActiveX Code Execution Exploit Still in the Wild
Yet Another Massive Embedded Malware Attack
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
Over 100 Malwares Hosted on a Single RBN IP
Detecting and Blocking the Russian Business Network
Exposing the Russian Business Network
Go to Sleep, Go to Sleep my Little RBN
Injecting IFRAMEs by Abusing Input Validation
RBN's Fake Account Suspended Notices
ZDNet Asia and TorrentReactor IFRAME-ed
Russia's FSB vs Cybercrime
HACKED BY THE RBN!
Rogue RBN Software Pushed Through Blackhat SEO
Wired.com and History.com Getting RBN-ed
The Russian Business Network
Exposing the Russian Business Network
More CNET Sites Under IFRAME Attack
Embedded Malware at Bloggies Awards Site
Have Your Malware In a Timely Fashion
Geolocating Malicious ISPs
More High Profile Sites IFRAME Injected
The New Media Malware Gang - Part Four
Another Massive Embedded Malware Attack

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com