RBN and Bulletproof Hosting
Fraser Howard writes on the Sophos Blog:
Several previous blog entries have described various forms of web-based attacks. In most cases, the attack involves compromising a large number of web servers in order that the sites they host are turned into drive-by download sites. When victims browse these compromised sites, additional malicious content is silently loaded from some remote server (the attack site).More here.
Whilst looking through some of the data collected from the web threat analysis system in the lab over the last few weeks, I noticed that a number of the remote attack sites were in the same address range. Digging further, it quickly became apparent that the attack sites were using hosting services provided by the Russian Business Network (RBN). The RBN provide web hosting and other services much like any other ISP. Unlike other ISPs however, the RBN is reported to be used almost solely by cybercriminals for illegal purposes. Illegal activities such as phishing, botnet C&C, spam, DoS attacks and malware hosting have all been traced to RBN-hosted servers.