One of the best ways to fight the criminal malware networks that now populate the Internet might actually be the simplest - publicise their existence.
That is one conclusion that to be drawn from a new white paper published by a volunteer group, the Shadowserver Foundation, which assesses the activities of the Russian Business Network (RBN), a major crimeware hub which abruptly disappeared from the Internet in November, after its existence received worldwide publicity.
The authors suggest that what drove the hub out of existence was not the activity of the many small groups of anti-malware volunteers, but the simple fact that the RBN's notoriety had grown to embarrassing proportions.
"On reflection it is disconcerting that it seems to have taken the visibility from the Washington Post and Wired articles to bring the necessary pressure to bear on this network to affect its disappearance," says the paper, which otherwise delves into the technical detail of some of the hub's activities.
Before its demise, the RBN was blamed for hosting a wide range of malware activities – including Trojans, spam, child porn and specific hacking incidents – under the shield of an apparently legitimate business based in Russia. Targeted by a number of anti-malware organisations such as the UK's Spamhaus.org, the network was able to continue without hindrance until its notoriety reached the mainstream press. Particularly significant were a number of articles run in The Washington Post in October.
"While public movement against the network took considerably longer than it should have in our opinion, it is worth noting that around late August the temperament of researchers toward publicly outing known rogue networks seemed to significantly warm. And, from a distance, this tactic seems to have been overall very effective."