The Russian Business Network, the shadowy St. Petersburg, Russia-based ISP, is getting a very bad rap lately in the media.
And rightfully so. Experts believe the RBN is largely behind the Adobe rootkit attacks, which take advantage of a recently patched vulnerability, among other active exploits.
But Matt Richard, the newly appointed director of the Rapid Response Team at VeriSign iDefense, told me in an email that other hosting providers are also to blame.
“In fact, the heart of this attack centers around a U.S. corporation known to provide hosting support for adult sites and other shady organizations,” Richard wrote. “In addition, they accept a number of interesting payment options, including wire transfer and WebMoney. They have ICQ (instant messaging computing) contacts for support and are advertised on a number of forums frequented by cybercriminals. They offer support in English and Russian.”
If we should take anything away from Richard, it’s that the cybercriminal underground has become very organized. While the RBN may be the one group receiving the most attention these days, there’s likely scores of others doing performing similar unscrupulous acts.
Patch, patch, patch.