Malware Domain List

Site Related => Site / Forum Discussion => Topic started by: redwolfe_98 on October 17, 2007, 09:10:19 am

Title: Russian Business Network
Post by: redwolfe_98 on October 17, 2007, 09:10:19 am
hello.. i read an article about "russian business network", today:

http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html (http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html)

here is another article about "RBNetwork":

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL43489 (http://www.spamhaus.org/sbl/sbl.lasso?query=SBL43489)

well, i looked, but i didn't find any mention of any websites that were being hosted by "RBN" in the list of malware-domains.. i am not saying that they are a source of a lot of malware, but, apparently, at least some malicious websites are being hosted by RBN, going by what i see in the "spamhaus" article..

update: i did another "search", searching for "rbnnetwork" and found one item:

http://www.malwaredomainlist.com/mdl.php?search=rbnnetwork&colsearch=All&quantity=50 (http://www.malwaredomainlist.com/mdl.php?search=rbnnetwork&colsearch=All&quantity=50)

so, i was wrong about there being no mention of any "RBN" web address..
Title: Re: Russian Business Network
Post by: JohnC on October 17, 2007, 10:07:43 am
Hello,

here are some RBN servers distributing malware:

http://www.malwaredomainlist.com/mdl.php?search=81.95.144
http://www.malwaredomainlist.com/mdl.php?search=81.95.145
http://www.malwaredomainlist.com/mdl.php?search=81.95.146
http://www.malwaredomainlist.com/mdl.php?search=81.95.147
http://www.malwaredomainlist.com/mdl.php?search=81.95.148
http://www.malwaredomainlist.com/mdl.php?search=81.95.149
http://www.malwaredomainlist.com/mdl.php?search=81.95.150
http://www.malwaredomainlist.com/mdl.php?search=81.95.151

I heard that the people behind RBN also own Nevacon:

http://www.malwaredomainlist.com/mdl.php?search=194.146.206
http://www.malwaredomainlist.com/mdl.php?search=194.146.207
Title: Re: Russian Business Network
Post by: redwolfe_98 on October 22, 2007, 06:10:54 am
thanks, john.. looking through the list, i now see that there are many RBN ip addresses listed,they just aren't identified as such.. what led me to this website was searching for "cernel" and there were many ip addresses that were identified as "cernel", so i was expecting them all to be like that..

sorry i didn't reply sooner.. thanks for the work that you are doing..
Title: Re: Russian Business Network
Post by: JohnC on October 22, 2007, 08:44:56 am
No problem.