Finjan: Chinese cybercrime networks fill void left by Russian Business Network

Share this article:
Updated Tuesday, Dec. 18 at 2:53 p.m. EST.

An intricate network of servers operated by Chinese criminals has moved into the void created when the notorious Russian Business Network (RBN) shut down, according to a report from anti-crimeware vendor Finjan.

December's "Malicious Page of the Month" report from Finjan's Malicious Code Research Center (MCRC) notes that the RBN “has suddenly picked up from its St. Petersburg digs and diversified…spreading its activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses."

Iftach Amit, director of security for the MCRC, told SCMagazineUS.com that the Chinese group's activity is “an evolution of the Russian Business Network."

“All of the criminal activity over the internet has financial gain behind it, and if you shut down one part of the system, it's bound to bounce back because of market forces,” he said.

The report also noted that MI5, the United Kingdom's counter-intelligence agency, warned 300 U.K. chief executives and security experts of an increased risk from Chinese hackers following an attack on government servers.

Amit said Chinese cybercriminals scan the internet searching for vulnerable U.S. and European hosts at universities and government offices. The hackers then take advantage of misconfigured or unpatched systems, infecting them with IFRAME or JavaScript code, Amit said. The victim is then redirected to a series of sites containing IFRAMEs, including those belonging to the Chinese network.

Other trojans are then downloaded to the victim's compromised PC and another IFRAME sends personal data, such as banking authentication credentials, to the network of Chinese servers. That information is used for tracking and statistics, as well as online transactions, without user knowledge, said Amit.

"It's very sophisticated," he said. "They are able to circumvent many of the security measures the banks have taken."

Share this article:

Sign up to our newsletters

More in News

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider ...

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.