Sunday, March 20, 2011

RBN IP List and Super Black Hole Updated


Hunting the RBN

IP address ranges from which the former customers of the RBN ISP, their malware marketing affiliate networks, emulators, and other organized crime groups exploit consumers. Block at will:

Protect your family and home network from 300,675 of "the baddest of the bad" domains blacklisted for Smoothwall 3:

config

hosts

Sunday, March 6, 2011

RBN IP List Update 3-6-2011

RBN IP List Update 3-6-2011 is available at:
http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork

In this update we add more coverage for ChronoPay properties.  Thus far, we have seen only one domain object move.  The mail server mail-eye.com was located at 78.108.190.4 (AS43355 UPL-TELECOM-AS UPL Telecom) and is now deployed at 178.63.72.234 (Hetzner).  Both of these IP addresses also host DNS servers, so this provides a clue as to enemy infrastructure.

In addition to Pavel Vrublevsky's hubris, the update lists new instances of SpyEye Command and Control servers, Zeus, several backdoor trojans, a Heihachi deployment of Trojan Palevo, and we catch the Koobface Gang victimizing cancer patients with Trojan Bredolab.

We have consolidated several IP listings (an opportunity provided by consistently malicious behavior).

We wish to acknowledge Brian Krebs, the Malware Domain List, and David Glosser at Malware Domains.

Thank you,

James McQuaid
http://www.jamesmcquaid.com/JamesMcQuaid.asc