Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Version 1.0.1<br />
RBN <strong>study</strong> – before and after<br />
David Bizeul<br />
Summary<br />
Abstract: .........................................................................................................................................................2<br />
Summary.........................................................................................................................................................3<br />
Overview .........................................................................................................................................................4<br />
1. <strong>Russian</strong> cybercrime......................................................................................................................................4<br />
2. RBN at a glance ...........................................................................................................................................5<br />
RBN activities / Web focus............................................................................................................................6<br />
1. Malware diffusion .........................................................................................................................................6<br />
2. Phishing......................................................................................................................................................10<br />
3. Other malicious activities............................................................................................................................10<br />
RBN <strong>org</strong>anization / <strong>Network</strong> data ...............................................................................................................11<br />
1. Overview on BGP and Internet...................................................................................................................11<br />
2. Internetworking and AS peering .................................................................................................................11<br />
3. ISP and IXP................................................................................................................................................11<br />
4. AS Path ......................................................................................................................................................12<br />
5. The RBN IP path ........................................................................................................................................12<br />
6. The RBN <strong>Network</strong>s virtually........................................................................................................................13<br />
7. The RBN <strong>Network</strong>s logically.......................................................................................................................18<br />
8. The RBN <strong>Network</strong>s physically ....................................................................................................................19<br />
9. The RBN <strong>Network</strong>s in the Internet..............................................................................................................20<br />
10. Affiliates presentation through networks................................................................................................21<br />
Too Coin Software .........................................................................................................................................21<br />
SBT................................................................................................................................................................21<br />
RBN ...............................................................................................................................................................21<br />
AkiMon...........................................................................................................................................................21<br />
Nevacon.........................................................................................................................................................22<br />
Silvernet.........................................................................................................................................................22<br />
Linkey ............................................................................................................................................................22<br />
Eltel2..............................................................................................................................................................22<br />
Luglink ...........................................................................................................................................................22<br />
Eltel................................................................................................................................................................22<br />
Other affiliates................................................................................................................................................23<br />
RBN customers / Real stats ........................................................................................................................24<br />
1. Running services on entities.......................................................................................................................24<br />
2. Hosted web pages......................................................................................................................................25<br />
Investigation and analysis ..........................................................................................................................27<br />
1. Lookup, IP history, NS history and, registrar history...................................................................................27<br />
2. <strong>Network</strong> Whois ...........................................................................................................................................28<br />
3. Reverse IP and reverse NS analysis..........................................................................................................31<br />
4. Simple DNS analysis..................................................................................................................................31<br />
5. Whois history..............................................................................................................................................32<br />
6. Information correlation and assumptions....................................................................................................35<br />
A nefarious social network .........................................................................................................................36<br />
1. Deliberately complex and false...................................................................................................................36<br />
2. Behind the curtains.....................................................................................................................................38<br />
RBN evolution ..............................................................................................................................................43<br />
1. Changes in hosted domain names .............................................................................................................43<br />
2. Changes in locations ..................................................................................................................................43<br />
3. Evolution.....................................................................................................................................................44<br />
Mitigation strategies ....................................................................................................................................45<br />
4. Think big to understand the threat impact and to predict evolution ............................................................45<br />
5. Act small.....................................................................................................................................................46<br />
Conclusion ...................................................................................................................................................50<br />
Annexes........................................................................................................................................................51<br />
1. Tools and services used for this <strong>study</strong> .......................................................................................................51<br />
2. RBN content ...............................................................................................................................................52<br />
3