Finjan: Chinese cybercrime networks fill void left by Russian Business Network

Share this article:
Updated Tuesday, Dec. 18 at 2:53 p.m. EST.

An intricate network of servers operated by Chinese criminals has moved into the void created when the notorious Russian Business Network (RBN) shut down, according to a report from anti-crimeware vendor Finjan.

December's "Malicious Page of the Month" report from Finjan's Malicious Code Research Center (MCRC) notes that the RBN “has suddenly picked up from its St. Petersburg digs and diversified…spreading its activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses."

Iftach Amit, director of security for the MCRC, told SCMagazineUS.com that the Chinese group's activity is “an evolution of the Russian Business Network."

“All of the criminal activity over the internet has financial gain behind it, and if you shut down one part of the system, it's bound to bounce back because of market forces,” he said.

The report also noted that MI5, the United Kingdom's counter-intelligence agency, warned 300 U.K. chief executives and security experts of an increased risk from Chinese hackers following an attack on government servers.

Amit said Chinese cybercriminals scan the internet searching for vulnerable U.S. and European hosts at universities and government offices. The hackers then take advantage of misconfigured or unpatched systems, infecting them with IFRAME or JavaScript code, Amit said. The victim is then redirected to a series of sites containing IFRAMEs, including those belonging to the Chinese network.

Other trojans are then downloaded to the victim's compromised PC and another IFRAME sends personal data, such as banking authentication credentials, to the network of Chinese servers. That information is used for tracking and statistics, as well as online transactions, without user knowledge, said Amit.

"It's very sophisticated," he said. "They are able to circumvent many of the security measures the banks have taken."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.