Demand
IP range please.
Russian Business Network (RBN) - the Controversial hosting firm fingered by many as a nexus of malware exploits and cybercrime more generally - has suddenly dropped offline. Trend Micro reports that the infamous network dropped off the net at around 0200 GMT on Wednesday, possibly after its upstream service providers pulled …
The upstream ISPs shouldn't have waited until the Washington Post started running articles about the problem. One would hope that ISPs would be more dilligent about ditching offenders like RBN.
Of course, if RBN moves to China, the ISPs there could fall foul of Beijing's head-rolling policy. This year the Chinese authorities executed a fellow for unauthorized use of the Chinese Olympics logo on pirated Windows CDs. Perhaps after a few heads roll the Chinese ISPs will boot RBN out, too.
As a web site administrator who's usually faced with many fake registrations, which mostly push porn, drugs, dodgy loans and so on, I've noticed a big fall off in these registrations in the last couple of days.
Hopefully these guys will be off line for ever. (Wishful thinking I fear).
I must admit sometimes I get really depressed about the standard of journalism and commercial bias with Internet security issues nowadays.
What started as Washington Post blog article concerning the dropping of “some” RBN IP addresses and another “regular” shift of their operation bases. Within 48 hours Trend Micro reporting the RBN has “no” internet connectivity, to grab a few clicks and as Johnny Come Lately hint to claim the credit, here The Register just copies this fabricated story.
For Anonymous Coward, the reason there has been a drop off over the last few days is Bleeding Threats RBN blacklist going into operation, http://doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
Just yesterday for example the on average 130,000 internet users per day still visited the RBN’s fake, anti-spyware and anti-malware products http://rbnexploit.blogspot.com/2007/11/rbn-fake-tools-rogue-software-bank-of.html .
How come? The RBN have been using alternative DNS routing and name servers for four years.
So everyone now believes 60-70% of all the current online exploits have gone away? Who gains by this stupidity? – Ah... Trend Micro, Symantec, MS$, security journalists? et. al . – Come on you mugs keep buying the products which can maybe put your PC right “after” exploitation!
Lets face it, they have more assigned IP's than just this one AS which doesn't get peered anymore.
AS40989 is gone, true:
http://www.cidr-report.org/cgi-bin/as-report?as=AS40989
Which gets rid of AS28866 (AkiMon), another of there networks, but what about AS41731/AS41173? They have a loads of ASN's, and simply blocking one range isn't going to really help.
This really isn't the last we will hear!