After I read theÂ Chris post on our blog that dissected the darksides domains, I wondered about the Russian Business Network andÂ its state of health.
This year, the posts and white papers circulating on the web portray new protagonists like AbdAllah, Atrivo, Directi or EstDomains. Like their RBN senior branch, these Internet network providers are strongly suspected to protect many actors in the malware/phishing/fraud world.
In February 2008, a ShadowServer foundation document explained that many domains had moved from RBN to AIH (AbdAllah Internet Hizmetleri). Like me, many researchers saw here a revival of RBN. But as it is assumed by some French bloggers, it was only a migration from customers, from one bulletproof hoster to another.
2 weeks ago, in the last Jart Armin controversial paper, the St Petersburg entity was hardly mentioned. Various networks previously known as RBN bastions were listed as core component of the Atrivo California-based family of companies (you can read the Brian Krebs post to be convinced).
In October 2007, after the media got in the Russian ISP in the spotlights, their representative Tim Jaret forcefully denied the accusations. He said that his company investigated abuse complaints and took care of them if there was a violation of law. Now, Emil Kacperski, the Atrivo founder hands out the same message. He assures the company works very hard to clean up his image and respond to abuse reports and then proceed to any corrective action when necessary. But some people don’t believe them!
One thing is sure, each time a report discloses a lax ISP, many unscrupulous customers looking for discretion, cover or camouflage,Â are disrupted. As I said before, we have seen some of them moving to AbdAllah or Atrivo. I should not be surprised if they started searching for a new refuge! All the more probable thatÂ bad advertising arrived to the ears of many attentive backbone providers bring about Atrivo toÂ lose peering from all sides. At least it is something!
Today several researchers announce the dissolution of RBN and with the Atrivo and Directi disclosures, we gave new kicks into the anthill. But all these criminals who pay for dedicated server and protection from takedowns due to abuse complaints are still busy. For that reason, the criminal business network is still living even ifÂ it changes sometimesÂ in name and management.