The Russian Business Network (RBN) is doing a fantastic job of making a very bad name for itself, and the effort seems to be deliberate.

In case you haven't heard of RBN, it's an ISP that's become notorious as a haven for prolific spammers and purveyors of malware, a host of cyber criminals, an origination point for Distributed Denial of Service (DDoS) attacks, and a suspected facilitator of a list of other criminal activity.

Security professional David Bizeul spent three months studying RBN and collecting data to map out the organization's activities along with its networks and business structure. Bizeul's research includes his own findings as well as tidbits from other security-related entities. The research was made available to the world on November 20 in a 70-page detailed report.

Although someone from RBN recently tried to defend the company as being a legitimate business operator (see the Wired blog posting at the first URL below), Bizeul's research indicates otherwise. At a minimum, the company seems to serve as an online haven for cyber crime. However, RBN might actually operate on the margins of Russian law. You can read more about the issue at The Washington Post's Web site, at the second URL below.

http://blog.wired.com/27bstroke6/2007/10/controversial-r.html

http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461_pf.html

According to Bizeul, RBN has created an entire Internet business infrastructure around its activities, including a network of numerous hosting companies, ISPs, and telecom operations along with top-level network peering arrangements with companies that operate Internet traffic exchange points. Bizeul dug into the company's networks and discovered that they're plastered with all sorts of malicious content, including malware, pirated software, and child pornography. He also unmasked a group of entities that seem to be operating in unison, if they aren't all actually operated by RBN.

Reading the report (in PDF format at the URL below) is eye-opening. It helps give a good understanding of just how far some people will go toward obscuring the exact nature of their business, and it also provides some information that you could use to help defend your own networks. Toward the end of the report, on page 48, Bizeul provides a list of networks that can be blocked at your network borders to prevent any communication between your network and networks known to be operated by RBN.

http://www.bizeul.org/files/RBN_study.pdf

Another set of networks that you might consider blocking is provided by Spamhaus in its Don't Route or Peer List (DROP). Spamhaus describes the list as "consisting of stolen 'zombie' netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the \[Spamhaus Block List\] designed for use by firewalls and routing equipment."

http://www.spamhaus.org/drop/