Monday, October 1, 2007

Russian Business Network (RBN) - iFrame Cash and Layered Technologies

Russian Business Network (RBN) - iFrame Cash and Layered Technologies

According to net-security.org Todd Abrams, the CEO of Layered Technologies had released a statement in which he stated that the company's support database was a target of malicious activity on the evening of September 19th 2007. The incident may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for up to 6,000 clients.

Another blog had reproduced a copy of the email to Layered Technologies abuse team, concerning their dedicated hosting of one of the Russian Business Network’s (RBN) key “commercial” web enterprises ref: iFrame Injection Source? . Although there was never a reply to any email, but possibly with the added assistance of this blog’s bigger friends, they or the RBN obviously took action. This is seen by the change; on September 9th 2007 the change from 72.36.199.58 (USA- Layered Technologies Hosting) to 81.95.153.245 (Russian Federation - Aki Mon Telecom hosting – AKA “RBN”). For those who like the specific details see http://rbnexploit.blogspot.com.

It is reasonable to assume the later attack on Layered Technologies was part of the RBN’s normal procedure to wreak revenge upon those who try to rid themselves of the RBN’s grip. This was just as they did to National Bank of Australia, the Bank of India, and many others.

Hopefully more web hosts will examine who they have as customers in the first place, rather than the value of the credit card?

Details:

Hosting History for Iframedollars.com


IP Address History

Event Date

Action

Pre-Action IP

Post-Action IP

2005-01-01

New

-none-

67.15.35.16

2005-01-22

Change

67.15.35.16

67.15.35.19

2005-03-05

Not Resolvable

67.15.35.19

-none-

2005-03-20

New

-none-

67.15.35.19

2005-05-22

Change

67.15.35.19

81.222.131.59

2005-06-04

Change

81.222.131.59

195.95.218.170

2005-06-26

Change

195.95.218.170

195.95.218.174

2005-07-02

Change

195.95.218.174

85.255.113.2

2005-09-22

Change

85.255.113.2

70.85.116.53

2006-06-03

Change

70.85.116.53

64.72.112.136

2007-08-01

Change

64.72.112.136

72.36.199.58

2007-09-09

Change

72.36.199.58

81.95.153.245






Name Server History

Event Date

Action

Pre-Action Server

Post-Action Server

2004-10-04

New

-none-

Ultralinks.info

2005-05-22

Transfer

Ultralinks.info

Iframedollars.biz

2005-09-22

Transfer

Iframedollars.biz

Coconia.net

2007-08-01

Transfer

Coconia.net

Iframedollars.com


Information related to 'AS28866'

aut-num: AS28866
as-name:
AKIMON-AS
descr:
Aki Mon Telecom
org:
ORG-AMT5-RIPE
import:
from AS40989 accept ANY
export:
to AS40989 announce AS-AKI
admin-c:
SS7823-RIPE
tech-c:
NO322-RIPE
mnt-by:
AKIMON-MNT
mnt-routes:
RBN-MNT
source:
RIPE # Filtered


organisation: ORG-AMT5-RIPE
org-name:
Aki Mon Telecom
org-type:
OTHER
address:
197022, Russia, Saint-Peterburg
address:
pr. Medikov, 5

person: Sergey Startsev
address:
Russia, St.Petersburg
phone:
+7 903 0983277
nic-hdl:
SS7823-RIPE
mnt-by:
AKIMON-MNT
source:
RIPE # Filtered


person: Nikolay Obraztsov
address:
Russia, St.Petersburg
phone:
+7 903 0983306
nic-hdl:
NO322-RIPE
mnt-by:
AKIMON-MNT
source:
RIPE # Filtered

No comments:

Post a Comment