Ongoing IFrame Attack From Russia

There’s been a nasty bug prowling the ‘Net of late, and it works by using a site’s own Search Engine Optimization (SEO) practices against it. Ars takes a look at the iFRAME injection campaign and the organization behind it. As Ars Technica points out:

The launchpad for these various malware campaigns is our old friend, the Russian Business Network. According to Danchev, earlier reports of the network’s demise have been greatly exaggerated. Faced with dwindling functionality thanks to security policies that prevented traffic from reaching IP addresses associated with the RBN, the company divided itself, sought new service providers, and is back in business. Many of the codec downloads and false website fronts active in the above attacks trace directly back to RBN addresses.

Interesting view on this twist from a Ars’ forum discussion:

I was 18 when the Berlin wall fell. States colonized by the former USSR were freed and democracy was put in place. I hoped for a better future for Russia. Since then, they have turned authoritarian, abused nations around them, threatened the world with missiles that can penetrate defense systems, poisioned and shot dissidents, and allowed a large organized crime sector to operate.I know my response isn’t technical, nor even helpful, but I couldn’t help but express my sadness over all this. When you see a great threat removed, especially as a teenager, you hope for the best, but I guess we aren’t going to see much good news from Russia for a long time.

It is, indeed, sad that instead of business partnership some Russian companies are trying to establish themselves as a highway robbery corporations.