RBN

The Russian Business Network continues to make news. It's reported their St. Petersburg network has gone dark and they've opened up shop in China (http://blog.wired.com/sterling/2007/11/russian-busines.html).

It also appears they may have been involved in hijacking part of the Monster.com site as well and using it to leverage an IE IFRAMES attack against job hunters there.

November 20, Computerworld – (National) Hackers jack Monster.com, infect job hunters.

Monster.com took a portion of its Web site offline Monday as researchers reported that it had been compromised by an IFrame attack and was being used to infect visitors with a multi-exploit attack kit.

According to Internet records, the Russian Business Network (RBN) hacker network may be involved. Parts of the Monster Company Boulevard, which lets job hunters search for positions by company, were unavailable Monday; by evening, the entire section was dark. Most major American companies are represented on the site. Job seekers who used Monster’s by-company directory on Monday before the site was yanked were exposed to Neosploit, an attack tool kit similar to the better-known Mpack, said the chief technology officer at Exploit Prevention Labs Inc.

The injection of the malicious IFrame code into the Monster.com site probably happened Monday, he added. Like many other IFrame exploits, this one silently redirected the user’s browser to another site hosting Neosploit. In the case of at least one of the exploit sites the researcher identified, there is a connection to the notorious RBN, the hacker and malware hosting network that recently shifted operations to China, then mysteriously abandoned the IP blocks it had acquired in China, seemingly vanishing from the Internet.


Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9048019&intsrc=hm_list