Russian Business Network (RBN) - iFrame Cash and Layered Technologies

Russian Business Network (RBN) - iFrame Cash and Layered Technologies

According to net-security.org Todd Abrams, the CEO of Layered Technologies had released a statement in which he stated that the company's support database was a target of malicious activity on the evening of September 19^th 2007. The incident may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for up to 6,000 clients.

Another blog had reproduced a copy of the email to Layered Technologies abuse team, concerning their dedicated hosting of one of the Russian Business Network’s (RBN) key “commercial” web enterprises ref: iFrame Injection Source? . Although there was never a reply to any email, but possibly with the added assistance of this blog’s bigger friends, they or the RBN obviously took action. This is seen by the change; on September 9^th 2007 the change from 72.36.199.58 (USA- Layered Technologies Hosting) to 81.95.153.245 (Russian Federation - Aki Mon Telecom hosting – AKA “RBN”). For those who like the specific details see http://rbnexploit.blogspot.com.

It is reasonable to assume the later attack on Layered Technologies was part of the RBN’s normal procedure to wreak revenge upon those who try to rid themselves of the RBN’s grip. This was just as they did to National Bank of Australia, the Bank of India, and many others.

Hopefully more web hosts will examine who they have as customers in the first place, rather than the value of the credit card?

Details:

Hosting History for Iframedollars.com

IP Address History Event Date Action Pre-Action IP Post-Action IP 2005-01-01 New -none- 67.15.35.16 2005-01-22 Change 67.15.35.16 67.15.35.19 2005-03-05 Not Resolvable 67.15.35.19 -none- 2005-03-20 New -none- 67.15.35.19 2005-05-22 Change 67.15.35.19 81.222.131.59 2005-06-04 Change 81.222.131.59 195.95.218.170 2005-06-26 Change 195.95.218.170 195.95.218.174 2005-07-02 Change 195.95.218.174 85.255.113.2 2005-09-22 Change 85.255.113.2 70.85.116.53 2006-06-03 Change 70.85.116.53 64.72.112.136 2007-08-01 Change 64.72.112.136 72.36.199.58 2007-09-09 Change 72.36.199.58 81.95.153.245

Name Server History

Event Date	Action	Pre-Action Server	Post-Action Server
2004-10-04	New	-none-	Ultralinks.info
2005-05-22	Transfer	Ultralinks.info	Iframedollars.biz
2005-09-22	Transfer	Iframedollars.biz	Coconia.net
2007-08-01	Transfer	Coconia.net	Iframedollars.com

Information related to 'AS28866'

aut-num: AS28866
as-name: AKIMON-AS
descr: Aki Mon Telecom
org: ORG-AMT5-RIPE
import: from AS40989 accept ANY
export: to AS40989 announce AS-AKI
admin-c: SS7823-RIPE
tech-c: NO322-RIPE
mnt-by: AKIMON-MNT
mnt-routes: RBN-MNT
source: RIPE # Filtered

organisation: ORG-AMT5-RIPE
org-name: Aki Mon Telecom
org-type: OTHER
address: 197022, Russia, Saint-Peterburg
address: pr. Medikov, 5

person: Sergey Startsev
address: Russia, St.Petersburg
phone: +7 903 0983277
nic-hdl: SS7823-RIPE
mnt-by: AKIMON-MNT
source: RIPE # Filtered

person: Nikolay Obraztsov
address: Russia, St.Petersburg
phone: +7 903 0983306
nic-hdl: NO322-RIPE
mnt-by: AKIMON-MNT
source: RIPE # Filtered