Russian Business Network badware shop goes underground

The internet security community is buzzing with the news that the Russian Business Network (RBN), a notorious group of professional badware distributors and online criminals, has pulled down its websites and abandoned its IP addresses, effectively vanishing from the internet. The RBN has been behind numerous large-scale attacks, and has been traced as an attacking source of several sites that have ended up in the Badware Website Clearinghouse.

Unfortunately, it seems clear that the RBN’s disappearance is simply a technique for moving deeper underground, a move likely precipitated by recent increased attention and publicity around the RBN. The anti-malware company Trend Micro is already reporting observing RBN-like activity in China and other parts of Asia.

It’s unlikely that the RBN will consolidate operations in any new home in the same way it operated for so long in Russia, instead diversifying the locations of both its online and on-the-ground operations, making it harder to track. For security researchers and makers of protective software, the disappearance of the RBN is less a victory than a new challenge.