RBN is on the run. The hacker crew RBN (Russian Business Network) has relinquished their IP address space. Their site went dark yesterday and the URL is null routed. Thoughts are that they are on the move…to China.

From Computer World:

The Russian Business Network (RBN), a notorious hacker and malware hosting organization that operates out of St. Petersburg, Russia, has gone off the air, security researchers said today.

According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. “The routing information for their IP addresses has been withdrawn,” said Paul Ferguson, a network architect at Trend Micro. “That’s significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they’ve been voluntarily withdrawn.

“This is not the result of someone, such as their ISP, blackholing their traffic,” Ferguson continued. “This was done voluntarily.” Another report, however, on The Washington Post’s Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.

So, now with the site going dark the question comes to mind. How long until they resurface?

Recently, they surfaced with an advertising buy on RSS middleware company Feedburner.com (a Google company).


Makes you wonder how many folks fell for that one (assuming it was actually the RBN). [EDIT] Thanks Stian for the clarification.

At least there will be a brief respite from their shenanigans in any case.

Article Link

[tags]RBN, Russian Business Network, Malware, Feedburner, RBN Offline[/tags]


  1. Dear Dave, are you familiar with the RBN Exploit Blog that is referred to in the Feedburner ad? I guess not, since you give RBN the credit for it being a scam.

    It is a highly serious and a great resource on the development and movements of the RBN. I would highly advice you to pay it a visit.

    Of course, in a world of deception we cannot be sure that this is not a mis-information campaign. I’m pretty sure it’s not however, seeing the RBN has just recently started taking the most basic precautions to infer analysis and uncovering of their activities.

  2. @Stian

    Thanks for the clarification. I had written “(assuming it was actually the RBN)” as I was unclear if this was linked or just an unfortunate similarity in names.


Leave a Reply

Your email address will not be published. Required fields are marked *