Sunday, March 20, 2011

RBN IP List and Super Black Hole Updated

Hunting the RBN

IP address ranges from which the former customers of the RBN ISP, their malware marketing affiliate networks, emulators, and other organized crime groups exploit consumers. Block at will:

Protect your family and home network from 300,675 of "the baddest of the bad" domains blacklisted for Smoothwall 3:



Sunday, March 6, 2011

RBN IP List Update 3-6-2011

RBN IP List Update 3-6-2011 is available at:

In this update we add more coverage for ChronoPay properties.  Thus far, we have seen only one domain object move.  The mail server was located at (AS43355 UPL-TELECOM-AS UPL Telecom) and is now deployed at (Hetzner).  Both of these IP addresses also host DNS servers, so this provides a clue as to enemy infrastructure.

In addition to Pavel Vrublevsky's hubris, the update lists new instances of SpyEye Command and Control servers, Zeus, several backdoor trojans, a Heihachi deployment of Trojan Palevo, and we catch the Koobface Gang victimizing cancer patients with Trojan Bredolab.

We have consolidated several IP listings (an opportunity provided by consistently malicious behavior).

We wish to acknowledge Brian Krebs, the Malware Domain List, and David Glosser at Malware Domains.

Thank you,

James McQuaid