The russian cybermafia identified : Russian business network - Block them
Ukraine is to cybercrooks what Turkye is for hackers : heaven or a world where you can do everything you have always dreamed off without any danger of being caught by the government as long as you leave them alone and only target foreigners.
One visit to their sites can bring tens to hundreds of malicious downloads seen and unseen behind and upfront your screen. And around 3 to 4 million people are being lured to their sites a month ? If they continue like that they will get richer than the other multimillion dollar cybercrook firm Cool Web Search.
They are very powerful crooks. They have launched the mpack attack against the Italian web infecting more than 10.000 sites in a few days with all kinds of malicious downloads visitors received and installed if they weren't protected. Mpack is one of the most professional online crimeware packs for sale. And if you really try to hurt them businesswise they will let some hackers force a very targeted attack on you as the Bank of India experienced. This was proof that targeted attacks by highly professional hackers is not something to underestimate if you are the victim. You only know it afterwards because the attack was so limited at the start that you didn't notice (oh, one virus or one computer doing strange) but after some time you won't know what hit you.
They lure people with links and advertising to fake antispyware and antivirusware that also promises to scan your machine (for vulnerabilities to use yeah). You should really warn the people in your network that they do not download such software or let these servers scan their machines.
If you wanna do it, use the big names, each has an online free scan services and if you look for free personal use antivirus there is avg and antivir and some others that are widely known. spybot search and destroy for antivirus.
Very useful listings can be find here and here and if you really like to block them totally out of your network or protect your users the complete way than you will find enough information here to do it. There are some ukrainan legitimate users but probably you don't need them and if they wanna be on the same network as those crooks, than it is their choice. If they were really that interested they would sue or change hosting. This is more difficult for the crooks as they have built up a whole network of servers and services and I am not sure other ISP's are very happy to take them on, even if they throw much money around. Everybody is for sale, but being blackwholed by the cybercommunity has the risk that if you need help against an attack or because you are victim of a disaster, they will just standby and say 'good riddance'.
For the moment they are like parasites that try to get into a network and than infect it. They mirror themselves in other networks and try to do the same. Or the networks cut out the cancer or the cancer takes over slowly the body or makes it very sick as it spreads cyberinfections over the whole network it has infiltrated.
More blocking info
iframecash com = 18.104.22.168 = Hiding within Cogent Communications (DC, US) moved back onshore to the US from Aki Mon Telecom
iframecash net = 22.214.171.124 = Hiding within Net Access Corporation (NJ, US) - along with many (what look like) bank phishing domains
anonymous-service (dot) com = 126.96.36.199 = within ThePlanet com (US) & proxy registered via Global Net Access (US) - also key domains
adulthosting (dot) ru, aspmedia (dot) net, sexbomba (dot) ru. webmoney-hosting (dot) net
76service com = 188.8.131.52 = still within Noc4hosts Inc (FL, US) and proxy registered via Global Net Access - also key domains:
firstoceanicbank (dot) net, gamesboard (dot) ru, hydrometeocenter (dot) net, newpulses (dot) com, odeku (dot) net, putany (dot) net, sosnovsky (dot) net
Something is different. Sometimes they change domainnames like men drink been when they are together (using the taste formulae) but here it seems they are keeping the sites, site-names and structure and just change the IP adresses. For once you are not running behind IP adresses.
best blog http://rbnexploit.blogspot.com/
ISP's and hosters should become member of this group to have more detailed information they can act on http://groups.google.com/group/russianbusinessnetwork