Yesterday, the infamous Russian Business Network (RBN) dropped out of the Internet at around 7 PM PST. Since then, IP addresses of RBN can no longer be reached because there is no routing for them any longer. It could be that the upstream providers who provided RBN with Internet connectivity may have terminated their services to their problematic customer temporarily or (hopefully) even permanently. Trend Micro will continue to closely monitor whether RBN remains down.
The Russian Business Network is notorious for hosting lots of malware and Web browser exploits. These threats have been injected into thousands of legitimate Web sites. Customers of RBN abuse the latest exploits for their nefarious purposes. The most recent example is a security issue in Adobe’s Acrobat Reader that was fixed only a few weeks ago.
That RBN, currently, has no Internet connectivity means that the Web is a somewhat safer place today. Unfortunately, this may not be for long. RBN may find new upstream providers. In recent weeks, moreover, Trend Micro has seen equivalents of RBN pop up in Turkey and Taiwan. These hosting providers seem to have the same kind of customer base as RBN. Thus, even if RBN drops off of the Internet permanently, its customers might find a new home soon. TrendLabs is also closely monitoring the activities in the mentioned new suspicious networks.