Internet Anthropologist Think Tank: Fake Suspended NOTICE

  • Search our BLOG


    • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, November 03, 2007

    Fake Suspended NOTICE


    Saturday, November 03, 2007


    ( THIS HAS APPLICATIONS TO TERROR SITES )

    Detecting and Blocking the Russian Business Network



    Bleeding Edge Threats recently announced the release of some very handy RBN blocking/detecting rulesets :

    "Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown, Do what you will with this information."

    Remember RBN's fake anti virus and anti spyware software? The list is getting bigger with another 20 additions again hosted on RBN IPs exposed by the RBNExploit blog.

    Meanwhile you may be also be interested in how does an abuse request get handled at the RBN? Deceptively of course. Each and every domain or IP that has been somehow reported malicious to them, not once but numerous times by different organizations starts serving a fake account suspended message like the following malicious domains hosted at the RBN do :

    FAKE: SERVED ACCORDING TO YOUR IP:

    "This Account Has Been Suspended For Violation Of Hosting Terms And Conditions. Please contact the billing/support department as soon as possible"

    - superengine.cn (81.95.149.181) - fake account suspended message, no malicious script at front page but within the domain ( NOTICE YOU WILL GET INFECTED ON THESE DOMAINS. )

    - eliteproject.cn (81.95.149.124) - fake account suspended message, no malicious script at front page but within the domain

    - space-sms.info (200.115.174.248) - fake account suspended, loads the malicious takenames.cn

    - lem0n.info - (200.115.174.248) fake account suspended message, obfuscated javascript to bl0cker.info

    - worldtraff.cn (200.115.174.248) - fake account suspended message, loads bl0cker.info and takenames.cn

    - takenames.cn (58.65.239.66) - fake of eValid web testing solution, interacting with all of these domains

    Dots, dots, dots, 58.65.239.66 or takenames.cn for the time being, used to resolve to goodtraff.biz in the past, another RBN operation we know from the Bank of India hack, where the second RBN IP was used in the most recent Possibility Media's Malware Fiasco as well.
    posted by Dancho Danchev @ Saturday,

    SOURCE: ddanchev

    CRUSHING THIS RUSSIAN GANG WILL BE GOOD PRATICE FOR FUTURE TERROR THREATS.

    AND ARE THOSE TERROR SITES REALLY DOWN, OR A FAKE MESSAGE?

    PARADIGM, Russian the New KGB is getting kickbacks, or this couldn't go on.
    Question is does Putin support it. Estimates are this Criminal Russian Internet Gang makes $50 usd mil. a year. How much is Putin getting?


    GERALD

    Labels: , , ,

    posted by gerald at 11/03/2007 05:45:00 PM READ MORE READ OR SUBSCRIBE, Our WAR OSINT on Twitter

    Share |

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home