Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 09/09/19

Monday, September 09, 2019

Join Me on Patreon Community!

Dear blog readers,

I decided to let everyone know that I've recently launched my own Patreon Community Page with the idea to let everyone know that I'm currently busy crowd-funding a high-profile upcoming Cyber Security Investment Project - and I would love to hear from you more details about your thoughts regarding new Tier Features and whether or not you could make a possible long-term type of financial donation or sponsorship regarding my research and my security expertise.

The current status of the project:
- I'm currently busy soliciting additional input from colleagues regarding upcoming Tier Features
- I'm currently busy reaching out to colleagues to possibly convert them to Patreon Sponsors
- I'm currently busy working on a high-profile Security Podcast
- I'm currently busy working on a high-profile Security Newsletter

Has my research helped you or your organization in the past? Have you been a long-time blog reader? Have you learned something new? Did my active cybercrime and nation-state actor profiling helped you excel in your career path? Are you happy with what you're seeing? Dare to take a moment and refer a colleague or an organization my personal blog including my Patreon Community Page including a possible Patreon Sponsor request confirmation?

Looking forward to hearing from you at - dancho.danchev@hush.com

Enjoy!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Historical OSINT - The Russian Business Network Says "Hi"

You know you're popular when "they" say "hi".

It's 2009 and I've received a surprising personal email courtesy of guess who - The Russian Business Network showing off the actual ownership of the hxxp://rbnnetwork.com domain and basically saying "hi". It's worth pointing out that throughout 2008-2013 I've extensively profiled the activities including the customer activities of some of the most prolific customers and members of the infamous Russian Business Network also known as the RBN in the context of blackhat SEO iFrame and input validation abuse across major Web properties including malvertising and various other malware-serving and client-side exploits serving campaigns including money mule recruitment and phishing campaigns the ubiquitous at the time fake security software also known as scareware in a variety of post series.

Related post - Dissecting a Sample Russian Business Network (RBN) Contract/Agreement Through the Prism of RBN's AbdAllah Franchise

It's been a decade since I last profiled the most prolific and sophisticated market-leading bullet-proof hosting cybercrime enterprise - the Russian Business network which at the time was dominating the majority of campaigns that I was busy profiling with the help of fellow researchers to whom I owe a big deal of thanks for approaching me circa 2008-2013 namely Jart Armin and James McQuaid with whom I've been directly or indirectly keeping in touch throughout 2008-2013 for the purpose of offering quality research on the activities of the Russian Business Network including their customers and fraudulent and malicious campaigns.

Related post - Historical OSINT - Inside the 2007-2009 Series of Cyber Attacks Against Multiple International Embassies

Stay tuned and thanks for reaching out!

Related Russian Business Network (RBN) Research:
I See Alive IFRAMEs Everywhere - Part Two
I See Alive IFRAMEs Everywhere
Bank of India Serving Malware
U.S Consulate in St.Petersburg Serving Malware
Syrian Embassy in London Serving Malware
CISRT Serving Malware
Compromised Sites Serving Malware and Spam
U.S Consulate St. Petersburg Serving Malware
Massive RealPlayer Exploit Embedded Attack
Malware Serving Exploits Embedded Sites as Usual
MDAC ActiveX Code Execution Exploit Still in the Wild
Yet Another Massive Embedded Malware Attack
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
Over 100 Malwares Hosted on a Single RBN IP
Detecting and Blocking the Russian Business Network
Exposing the Russian Business Network
Go to Sleep, Go to Sleep my Little RBN
Injecting IFRAMEs by Abusing Input Validation
RBN's Fake Account Suspended Notices
ZDNet Asia and TorrentReactor IFRAME-ed
Russia's FSB vs Cybercrime
HACKED BY THE RBN!
Rogue RBN Software Pushed Through Blackhat SEO
Wired.com and History.com Getting RBN-ed
The Russian Business Network
Exposing the Russian Business Network
More CNET Sites Under IFRAME Attack
Embedded Malware at Bloggies Awards Site
Have Your Malware In a Timely Fashion
Geolocating Malicious ISPs
More High Profile Sites IFRAME Injected
The New Media Malware Gang - Part Four
Another Massive Embedded Malware Attack

Dancho Danchev