As a cybercrime and bullet proof hosting hub Real Host Ltd which resides on the autonomous system (Internet server) AS8206 Junik based in Riga, Latvia is high on any watch list, as Dynamoo pointed out in his blog “A real sewer” (ref1). Moreover this has all the hallmarks and operational elements of the apparently fragmented RBN (Russian Business Network), either as a resurgence or clone of the RBN’s business model.
- Spamhaus – SBL75831 – lists the net block for Phishing and Malware hosting. (Ref 5.)
- Fire - shows up to 9 complete malware servers over recent times. (Ref 6.)
- MalwareURL – shows currently 199 domains hosting amongst other badness; 18 trojans, 25 redirects to exploits and rogue anti-virus, 6 Botnet C&C (command and control) (Ref 7.)
- Google’s Safe Browsing - shows for AS8206 Junik in the last 90 days; 12 sites providing malicious software for drive by downloads, 102 sites acting as intermediaries for the infection of 11,810 other web sites. Finally it found 161 websites hosting malware that infected 20,681 other web sites.
- Google’s Safe Browsing - as an example for just one of the domains – 71.speed.info – 32 scripting exploits
- exploits including un patched (or soon to be patched) 0days
- fake codecs, banking trojans, spambots, down loaders ;
- phishing sites,
- money mule recruitment sites;
- Zeus botnet Command and Control servers
- Distributing licensed software (Warez),
- Illegal porn content
- botnet rental,
- botnet loading,
- iFrame exploit affiliate,
- credit card trading forums,
- openly selling credit card, PayPal accounts and bank logins, over 10,000 “newly harvested”
- Many of the domains are ex-Estdomains.
- All of the websites are in Russian or for the trading arm Russian / English.
- However, older entities which many had thought were dead and gone are here; Barwells Group, Newsky, Web-Alfa, and good old Botnet.Su
To download The Full Cyber Crime Series 1.0 the Europeans Real Host Latvia Report click here and to see The Real Host Latvia Take Down Video click here.
|< Prev||Next >|