Cisco Cites KnujOn Study - "IntelliShield Cyber Risk Report"

July 3, 2008

The new version of the Storm Worm

July 2, 2008

eBay to Pay Nearly $61 Million to Louis Vuitton

July 1, 2008

Anti-Phishing Group Being Sued In Attempt to Silence Criticism

June 30, 2008

GoDaddy VP Caught Bidding Against Customers

June 29, 2008

ICANN Opens Pandora's Box

June 28, 2008

1. Keep the Whois accurate - We all know it isn't
2. Keep criminals from becoming registrars and registrars from becoming criminals - See above and below

Anderson Cooper Covers Rogue Pharamcies

June 27, 2008

ICANN and IANA domains hijacked by Turkish crackers

June 26, 2008

Spam DDoS assault cuts off south Pacific state

June 25, 2008

Almost half of malicious sites tied to 10 networks

June 24, 2008

An interview with GAC chairman Janis Klarklins

June 22, 2008

PASSING THE SPAM BUCK - Why one report suggests registrars share the blame

June 21, 2008

Will ICANN take action against "worst" Chinese registrar?

June 20, 2008

Krebs Article on PrivacyProtect.org draws discussion, accusations and spam

June 19, 2008

Worst registrar Xin Net crackdown requested

June 18, 2008

The gist of the latest KnujOn memo to ICANN is that Xin Net has over the last year

• hosted over 18,000 illicit domains, advertised in over 1.7 million unsolicited emails, and
• corrected exactly none of the 11,000 sites reported to ICANN by KnujOn

'Spam King' to pay $6 million to MySpace

June 17, 2008

Last Saturday, an arbitrator ordered Scott Richter, the president of online advertising and direct marketing firm Media Breakaway, to pay a stiff penalty to MySpace, including $1.2 million in legal fees. The settlement is the second major one for Richter, who previously settled with Microsoft in August 2005 for $7 million. He was once considered one of the most prolific spammers, sending out over 100 million messages per day. (betanews.com)

Anonymous Domain Sales: A Spammer's Delight

June 16, 2008

Spammers routinely register their sites under false names, or hijack someone else's identity to do so. But new research shows they're also paying for premium services when registering domain names to ensure a deeper level of anonymity...
Out of the 15,000 spam-advertised domains we examined, nearly half -- 7,142 names -- were registered through a Broomfield, Colo. company called Dynamic Dolphin. As I noted in my previous story, Dynamic Dolphin is the seventh most-popular registrar among spammers who provide patently false information in their public WHOIS records...
Dynamic Dolphin is owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. The CEO of Media Breakaway is none other than Scott Richter, the once self-avowed "Spam King" who claims to have quit the business. Anti-spam groups also have recently implicated Media Breakaway in the alleged hijacking of more than 65,000 Internet addresses for use in sending e-mail and hosting commercial Web sites...
Dynamic Dolphin is a reseller of registrar services offered by an Indian company called Direct Information PVT Ltd. - also known as Directi and PublicDomainRegistry.com. Directi was the second most popular registrar among spammers who used privacyprotect.org; it handled the registration for nearly 4,000 of those 15,000+ domains that Knujon flagged...
(blog.washingtonpost.com)

Lost in E-Mail, Tech Firms Face Self-Made Beast

June 14, 2008

SAN FRANCISCO — The onslaught of cellphone calls and e-mail and instant messages is fracturing attention spans and hurting productivity. It is a common complaint. But now the very companies that helped create the flood are trying to mop it up.(nytimes.com)

Lawmakers Look To Strike Right Balance With Spyware Bill

June 13, 2008

Senate Commerce Committee members Wednesday stressed the importance of striking the right balance with legislation to help fight secretly installed computer spyware and provide the FTC with the tools the agency needs to prosecute high-tech hackers. (nextgov.com)

Registrars Release Suspended Domains to Attackers

June 12, 2008

A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers. The end result, some of the domains involved in the late May and early June attacks are now active again. Thus not only newly compromised sites are foisting the malware, but any sites previously compromised that have not cleaned up their pages (and properly parameterized their SQL queries) will now once again be serving as conveyor belts for password stealing trojans.(blog.scansafe.com)

Major ISPs Agree To Block Child Porn Newsgroups

June 11, 2008

ALBANY — - Online forums in which thousands of child-porn images have been posted have been stricken from three Internet providers, including two of the nation's five largest, New York Attorney General Andrew Cuomo said Tuesday. (courant.com)

70 Registrars are in mystery locations

June 10, 2008

As part of our ongoing effort to ensure compliance and improve responsibility on the part of Internet stakeholders KnujOn is posting the results of recent investigation of the public disclosure of the locations of registrar companies. We have found 70 registrars listed on the Internic registrar directory missing street addresses and/or phone numbers. More serious are the following registrars that do not even have the country of location listed: EvoPlus Ltd., Hecta Media, Inc., Hostgator.com LLC, OnlineNIC, Inc., Thought Convergence, Inc., and Verelink, Inc.

This may merely be an oversight that can be corrected quickly, and I believe it should be. Full disclosure of this data will help transparency and trust. While registrants are required to disclose full contact data, the registrars should be held to the same standard. This report was sent to ICANN and some of the data has already been corrected. The full list is below.

!!! BB Bulk, Inc. dba My Name Now
# 1 DotMobi Registrar, Inc.
10dencehispahard, S.L.
123 Registration, Inc.
8068 Registrar, Inc
A Mountain Domains, Inc.
A. W. B. Trading, Inc.
About Domain Dot Com Solutions Pvt. Ltd. d/b/a
Above, Inc.
Alibaba (China) Technology Co., Ltd.
Alisoft (Shanghai) Co., Ltd.
Anytime Sites, Inc.
AO Domains, Incorporated
Arctic Names, Inc.
Backslap Domains, Inc.
Best Bulk Register, Inc.
Black Ice Domains, Inc.
Blueweb, Inc.
Bottle Domains, Inc.
CodyCorp.com Inc.
Colorado Names Domains, Inc.
Commerce Island, Inc.
Cool Ocean, Inc.
Crisp Names, Inc.
Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com
DNGLOBE LLC
Domain Jingles, Inc.
DomainCannon.com LLC
Domerati, Inc.
Dootall, Inc.
Dotregistrar, LLC
Dotted Ventures, Inc.
Dynamic Dolphin, Inc.
ELB Group Inc
Emily Names Domains, Inc.
European NIC Inc.
EvoPlus Ltd.
Experian Services Corp.
FBS Inc.
Freeparking Domain Registrars, Inc.
Get SLD, Inc.
Good Luck Internet Services PVT, LTD.
Hecta Media, Inc.
Hostalia USA, Inc.
Hostgator.com LLC
Interdominios, Inc.
IPNIC, Inc
JJH Investments, LLC
Lazy Dog Domains, Inc
Naming Web, Inc.
NEEN.IT Inc., d/b/a namesprit.com
NetraCorp LLC dba Global Internet
NIC1, Inc
Oil Change Domains, Inc.
OnlineNIC, Inc.
Own Identity, Inc.
Pitchback Domains, Inc.
Pointag Technologies, Inc.
Slaphappy Domains, Inc.
Snowflake Domains, Inc.
Thought Convergence, Inc.
Threadagent.com, Inc.
Total Calories, Inc. dba Slim Names
united-domains AG
Valley Apples, Inc.
Verelink, Inc.
Walela Brook, Inc.
Western United Domains, Inc.
WGB Registry, Inc.
White Socks Domains, Inc.

Verisign, McAfee and Symantec sites can be used for phishing due to XSS

June 9, 2008

Should they all be trusted at first sight by unsuspecting online users? Yes, unfortunately this is the case with the websites of renowned and respected IT security companies. However, now that are all vulnerable to cross-site scripting, the possibilities to get phished and infected with malware and crimeware are dramatically increased. (xssed.com)

Good Question, Lacking Article

June 6, 2008

Who Will Rule The New Internet?(time.com)

While Josh Quittner asks a critical question in this Time article he focuses too much on the technology and misses completely the various political power struggles going on in the background that are pulling and pushing on the Internet. The issues of crime, safety, privacy, espionage and control are going boil up on the Internet in ways that Time has not considered. In the end it may be the lawyers who control the Internet and not programmers.

legitscript.com

June 5, 2008

LegitScript Internet pharmacy verification standards have been recognized by the National Association of Boards of Pharmacy (NABP). LegitScript’s mission is to assist consumers and businesses in determining which Internet pharmacy websites operate safely and in compliance with Federal and state laws and regulations, as well as with accepted medical standards and ethics. Over the next several months, LegitScript.com will be adding functionality to our website that will give consumers the ability to compare prices for specific prescription drugs from LegitScript-approved Internet pharmacies. (legitscript.com)

New report identifies dangerous Web domains

June 4, 2008

SAN JOSE, Calif. -- When surfing the Internet for safe Web sites, not all domains are equal. Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information). (washingtonpost.com)

Serious warning released by European Union web security body ENISA

June 3, 2008

ENISA (the European Network and Information Security Agency) presented a report estimating that spam cost Europe €27 billion in 2007, and represents a growing threat with the danger of a 'digital 9/11' on the horizon. The group called on the EU to improve efforts to combat the spam menace, including greater funding for anti-spam initiatives, a more unified approach to tackling spam, and the implementation of mandatory intrusion reporting systems.

Meanwhile the Internet Corporation for Assigned Names and Numbers (ICANN), the body responsibly for maintaining the structure of the internet, had also been raising their efforts to reduce spam. Following the publication of a report suggesting that the vast majority of spamvertised sites are hosted at domains administered by a small number of registrars, the ICANN group responded by contacting the named bodies and threatening to revoke their license to register domain names should they fail to take action to clean up their areas of the web. ICANN has a long-running system for registering complaints against specific domains, and claims to chase up over 75 issues per month with similar enforcement notices. ICANN's announcement, and the KnujOn organisation, who first drew attention to the clustering. (virusbtn.com)

PhishBucket.org

June 1, 2008

To track and investigate suspicious employment-related email offers. To work with law enforcement to stop confirmed scams. To provide help and resources to victims of employment scams. To make the Internet a safer place. (phishbucket.org)

ICANN Sends Notice of Breach to Red Register

May 30, 2008

ICANN sent a notice of breach to ICANN-accredited registrar Red Register, Inc. based on Red Register, Inc.'s failure to comply with the Uniform Domain Name Dispute Resolution Policy ("UDRP"). Specifically, Red Register failed to comply with UDRP Rule 16(a) and paragraph 4(k) of the UDRP despite repeated requests by ICANN and the National Arbitration Forum (“NAF”). These rules require registrars to communicate plans to implement UDRP Provider decisions and implement those decisions.

Consistent with the breach provisions of the Registrar Accreditation Agreement ("RAA"), ICANN requested that Red Register, Inc. act within 15 days to cure the cited breaches. If Red Register, Inc. fails to cure the breaches cited in ICANN’s notice of breach, ICANN will pursue all remedies available under the terms of the RAA, including termination.

The ICANN Board adopted the UDRP and UDRP Rules on 26 August 1999. In addition, ICANN approved the form of implementation documents on 24 October 1999. The RAA requires all accredited registrars to comply with board adopted Consensus policies.

As part of ICANN’s ongoing work to develop and maintain a tough, but fair, contractual compliance program designed to create an even playing field for registrars and registries, ICANN:

• Conducts registrar and registry audits to assess compliance with contractual terms;
• Conducts registrar and registry investigations after receiving information indicating that contract violations have occurred;
• Publishes a monthly newsletter to provide information regarding contractual compliance program activities at http://icann.org/compliance/newsletter/index.htm; and
• Assists thousands of consumers in resolving domain name-related complaints annually.

Analysis: Crackdown on domain name crooks

May 29, 2008

WASHINGTON, May 29 (UPI) -- The non-profit association that oversees Internet addresses is trying to crack down on shady Web pages used by spammers and hackers... "It's a huge problem," said Burnette, declining to give more detailed figures on the numbers of registrants reported to have submitted inaccurate or incomplete information. "If we find that registrars are not investigating reports (of inaccurate or non-existent WHOIS data) as they are required to, our escalation procedure can ultimately result in their accreditation being terminated," effectively shutting them down, she said. (upi.com)

ICANN looks to lend a hand in spam fight (betanews.com)

US Politicians Express Concerns on ICANN's Future

May 28, 2008

In early May Representative Edward J. Markey (D-MA), chairman of the House Subcommittee on Telecommunications and the Internet, joined Reps. John D. Dingell (D-MI), chairman of the Energy and Commerce Committee, and 14 other members of the committee in sending a letter to Department of Commerce Secretary Carlos M. Gutierrez regarding possible changes to ICANN. The letter was written over their concerns for a major change in the Department of Commerce's (DOC) relationship with ICANN. (technewsreview.com.au)

ICANN slaps registrars who help criminals (avertlabs.com)
ICANN takes action against spam havens (gcn.com)
ICANN Puts eNom and Moniker “On Notice” (domainnamewire.com)
Top ten worst spam registrars notified by ICANN (blogs.zdnet.com)

Xin Net's Bottomless Bottle of Pills

May 27, 2008

In an effort to continue highlighting concerns at specific providers we will focus on each company listed in KnujOn top 10 of the worst spam-related registrars. ICANN responded Friday to this list which included Xin Net as #1. Xin Net has been the focus of controversy and efforts at CastleCops recently and is heavily connected to Fast Flux operations as evidenced by this analysis at the Università degli Studi di Milano. Xin Net accounts for 75% of the Fast Flux traffic. The University of Milan Dipartimento di Informatica e Comunicazione has found 10,570 malicious domains at Xin Net connected to Fast Flux. KnujOn's Xin Net illicit domain count is fast approaching 30,000. Much of this traffic and spam advertises "Canadian Pharmacy" type sites as seen below:

E-mail 'bloodbath' threat paralyzes Mexican city

May 26, 2008

Mexico's northern border town of Juarez, infamous for its history of drug-related violence, has gone into lockdown after an e-mail began circulating warning of an unparalleled "bloodbath" in the coming days. Shops, bars and restaurants have shut and soldiers are patrolling the streets, giving a surreal and dangerous tone to this city of 1.4 million people which sits just across the US border from the Texan town of El Paso. Authorities are taking seriously the anonymous e-mail, which menaced "the bloodiest and most violent weekend in the history of Juarez." The place is already reeling from a surge in murders that has claimed around 400 lives so far this year, several of them police officers and members of rival narcotics gangs. The US embassy to Mexico has told US citizens that the message represented a "potential threat" and that public places, nightspots and the main streets in Juarez should all be avoided. (breitbart.com)

Iraqi software pirate likes it offshore, where his skills mean good business

May 25, 2008

BAGHDAD - He is everywhere but nowhere, an unseen geek whose skills as a software pirate are so impressive that others are now pirating his work. more stories like this Posters and pamphlets promoting his latest DVD, Anas08, hang in shop windows and flap in the breeze on vendors' tables wherever computer equipment is sold in Baghdad. Looking for a new version of Adobe Photoshop, Microsoft Office, or an online edition of the Koran, complete with English translation and an index to topics and verses? They're all on the Anas08 disc, available for about $3, compared with the thousands of dollars it would cost to buy the 390 programs individually through authorized dealers.

This story reminded me of something. Like many folks I know people serving overseas and send them care packages. I asked one serving in Iraq: "Do you want any DVD movies?" to which he responded: "No, we've got them all, they sell them on the street for pennies and before they are even out in the U.S." Shocked but not surprised I asked him what else to they sell? Everything. Office, Server2007, Dreamweaver. Pirated media and software is bountiful everywhere but it gave me pause to think about soldiers loading them onto their laptops or watching movies on them in a war zone. What else is on those disks?

DHS moves to strengthen domain name servers

May 24, 2008

The Homeland Security Department’s Science and Technology Directorate has awarded a contract to Secure64 Software to increase the security of the Internet’s Domain Name Servers (DNS). DNS is one of the most critical back-end processes on the Internet or any other IP network, but it operates somewhat transparently. DNS alleviates the burden of memorizing a Web site’s IP address, instead allowing the user to type in a simple domain name such as www.dhs.gov. The Internet would not be functional from a practical perspective without DNS. But despite its importance, most DNS implementations are not secured, leaving DNS transactions vulnerable to attacks such as pharming, cache poisoning and DNS redirection. (usdoj.gov)

"Worst Spam Offenders" Notified by ICANN

May 23, 2008

In order to clarify the system for dealing with incorrect “Whois” domain name registration information, and deal with community concern, ICANN is releasing the following information regarding its compliance work.

MARINA DEL REY, Calif.: ICANN has sent enforcement notices and notices of concern to certain registrars, including those reported this week as being the registrars for the majority of websites advertised in spam emails.

Earlier this week, an investigation by KnujOn, widely reported online, publicly identified 10 registrars as being the companies used to register the majority of domain names that have since appeared in spam email messages.

More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.

With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints.*

"ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations," explained Stacy Burnette, Director of Compliance at ICANN.** "Infringing domain names are locked and websites removed every week through this system."

Although the majority of registrars offer excellent services and contribute to the highly competitive market for domains, ICANN’s compliance department has developed an escalation process to protect registrants and give registrars an opportunity to cure cited violations before ICANN commences the breach process.

However, while registrars are responsible for investigating claims of Whois inaccuracy, it is not fair to assume a registrar that sponsors spam-generating domain names is affiliated with the spam activity. A distinction must be made between registrars and an end user who chooses to use a particular domain name for illegitimate purposes.

"But if those registrars, including those publicly cited, do not investigate and correct alleged inaccuracies reported to ICANN, our escalation procedure can ultimately result in ICANN terminating their accreditation and preventing them from registering domain names," Ms Burnette said. (icann.org)

38 Individuals in U.S. and Romania Charged in Two Related Cases of
Computer Fraud Involving International Organized Crime

May 22, 2008

BUCHAREST, ROMANIA – Thirty-eight individuals with ties to international organized crime have been charged in two separate indictments involving computer and credit card fraud schemes, Deputy Attorney General Mark R. Filip, Romanian Prosecutor General Laura Codruþa Kövesi, U.S. Attorney for the Central District of California Thomas P. O’Brien and Acting U.S. Attorney for the District of Connecticut Nora R. Dannehy announced today. The Deputy Attorney General made the announcement with the Romanian Prosecutor General to highlight the extensive and continued cooperation between the two countries in addressing these types of international crimes. The announcement comes less than one month after U.S. Attorney General Michael B. Mukasey announced the Department’s new Law Enforcement Strategy to Combat International Organized Crime. (usdoj.gov)

Carpet bombing in cyberspace

May 21, 2008

BY COL. CHARLES W. WILLIAMSON III: The world has abandoned a fortress mentality in the real world, and we need to move beyond it in cyberspace. America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack. (afji.com)

The Spam Balloon

May 20, 2008

Knowing that a minority of companies control most of the sites advertised in spam helps put the junk email problem into better perspective. To illustrate this consider a typical spam campaign. The emails are generated by tens of thousands of malware compromised machines and networks on the Internet. They send millions of spam messages to millions of victims. Sounds like a big problem, right? Not exactly. Because the number of actual websites advertised in those millions of messages is rather small in comparison the derivative of a spam campaign is seriously reduced. Reducing the true size even further is the fact that these real websites are held by one or maybe two registrar companies per campaign. Imagine that a spam campaign is a balloon. A balloon is actually made of a very small amount of real material, it only appears bigger because it's full of hot air. The huge volume of sent spam messages is the hot air that pushes the boundaries the Internet's resources, making the problem look bigger than it is. However, the air only stays in the balloon because it is knotted at the bottom. The registrars are this knot.



Discuss the Spam Balloon

Spam domains use small number of registrars (heise-online.co.uk)

Most Spam Sites Tied to a Handful of Registrars

May 19, 2008

So who are the top 10 registrars most favored by spammers? You can see the list along with Knujon's methodology here. A few of the names on it are unsurprising simply by virtue of their market share. Number five -- Bellevue, Wash., based eNom -- is the second largest registrar, according to DomainTools's registrarstats.com. Number six -- Pompano Beach, Fla., based Moniker -- has the eighth largest market share among registrars.

But size doesn't explain most of the names on the list. The registrars that scored the worst overall - Xinnet Bei Gon Da Software, BEIJINGNN, and Todaynic -- are all located in China, and are 18th, 47th and 99th in terms of market share, respectively.

Perhaps the most interesting name on the list is number 7 - a registrar out of Broomfield, Colo., called Dynamic Dolphin. According to Knujon, more than 10 percent of the company's 45,000-plus domains have false WHOIS data, and more than 17 percent of the domains registered through the company have been observed being advertised through spam.

A bit of digging into Dynamic Dolphin revealed that it is owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. Those of you who read this post a few weeks back will recognize this company: Its CEO is Scott Richter, a notorious, self-avowed spammer who claims to have quit the business. As I noted in that post, anti-spam groups claim that Media Breakaway recently hijacked more than 65,000 IP address for use in sending e-mail and hosting commercial Web sites. (blog.washingtonpost.com/securityfix/)

GMER: all your rootkits are belong to us

May 18, 2008

GMER is an application that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, inline hooks (gmer.net)

RootkitRevealer v1.71

May 17, 2008

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). (technet.microsoft.com)

Spam law affects affiliates: FTC chairman William Kovacic
named spam as one of his agency's top priorities

May 16, 2008

The Federal Trade Commission's just-approved new rule provisions for the CAN-SPAM Act largely place the onus on e-mail marketers and their affiliates to take responsibility for clean e-mail lists and clear communication among marketing partners. (dmnews.com)

AntiEvilTools Project

May 15, 2008

AntiEvilTools Project is a non-governmental voluntary organizations of the Forum(www.antiprotect.com) with the purpose of the open-source security software category. It is built on open-source enthusiasm of the participants on the basis of the study,You may see it as a study exchange the platform. In here , there are Kernel driver development experts, but also familiar algorithm programmer ,more full of learning enthusiasm of students at school.You only need the part which will participate in you by the demo form to submit n0bele@163.com .Once through the audit, you will see all AntiEvilTools source code. (rootkit.com)

Three Charged With Hacking Dave & Buster's Chain

May 14, 2008

Three men have been indicted for hacking into a number of cash registers at Dave & Buster's restaurant locations nationwide to steal data from thousands of credit and debit cards, data that was later sold or used to cause more than $600,000 in losses, the Justice Department said this week. (blog.washingtonpost.com/securityfix)

Whittling spam down to a manageable level

May 13, 2008

A recent report by security software maker Symantec reveals that spam accounted for an average of 80 percent of traffic hitting e-mail gateways in April, spiking as high as 87 percent at times. That is a daunting figure, but Garth Bruen of KnujOn looks at the problem in a different way. According to a study being presented this week by KnujOn to the High Technology Crime Investigation Association, 90 percent of the illicit Web sites using spam to generate traffic are clustered on just 20 registrars — that is only 2.5 percent of the 800 registrars accredited by the Internet Corporation for Assigned Names and Numbers. That can make the spam problem seem almost manageable. (gcn.com)

Strategic Developer | Martin Heller: "20 registrars control 90% of illicit domains, says Knujon" (weblog.infoworld.com)

Think a File Has a Virus?

May 12, 2008

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. Specs: Free, independent service, Use of multiple antivirus engines, Real-time automatic updates of virus signatures, Detailed results from each antivirus engine, Real time global statistics (virustotal.com)

KnujOn to Present at High Technology Crime Investigation Association
Ohio Spring Training Conference

May 11, 2008

90% of the illicit sites tracked by KnujOn.com are clustered at just 20 registrars which is only 2.5% of the entire registrar population. While networks of compromised spam generators, "bot-nets" are large and millions of spam emails are constantly sent, the number of final destination websites is considerably smaller, and the number of sponsors of those domains is even more concentrated. (prweb.com)

This is just one of the issues we will be discussing at the Ohio HTCIA Chapter 2008 Spring Training Conference Monday May 12 at 3:30pm in H-1095 and Tuesday May 13 at 10:30 in H-1095 in the Clocktower building at Lakeland Community College (Full Schedule).

What is the HTCIA?
"The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership." (htcia.org)

Spam Moves to Cellphones and Gets More Invasive

May 10, 2008

Cellphones have become consumers’ most personal technological devices. Some industry executives, along with consumer groups and security experts, are concerned that unwanted text messages on phones will be an even greater headache than unwanted computer messages. Cellphone spam is particularly annoying to its recipients because it is more invasive — announcing itself with a beep — and can be costly. (nytimes.com)

90% of the Illicit Sites Tracked by
KnujOn Clustered at 20 registrars

May 8, 2008

I forgot my password! (Now what?)

May 7, 2008

There are many approaches to deal with forgotten passwords. All rely either on proving access to some resource (such as a pre-registered email account), or on the long-term memory of the person who needs to restore access to his or her account. Most approaches are not very secure, and many are hard for legitimate users to manage. To make it worse, many approaches are unsuitable for input-constrained devices, such as mobile phones.

It is well known in the cognitive science literature that personal preferences are more stable than long-term memory. A system based on personal preferences is also less vulnerable to data-mining attacks than one that relies on more traditional facts (such as mother's maiden names or childhood address). We propose a system that is secure and practical: It takes less than thirty seconds to authenticate (whether on a computer or a handheld), and has a false negative rate of close to 0% and a false positive rate of less than 1%. For many environments, Blue Moon Authentication may very well be the best approach there is. (ravenwhite.com)

MySpace wins lawsuit against Spamford Wallace

May 6, 2008

MySpace has won a lawsuit against notorious spammer Sanford (Spamford) Wallace. The social networking website gained a default judgment against Wallace after he failed to turn over documents or appear in court, CNet reports. (theregister.co.uk)

30 years of Spam - and we ain't finished yet

May 5, 2008

Spam celebrates its 30th birthday on Saturday (3 May). On that day in 1978, 393 Arpanet subscribers were sent what's reckoned to be the first ever spam email1 in history (the message itself was written on 1 May 1978). DEC marketing rep Gary Thuerk came up with the wheeze which produced a fierce backlash from Arpanet (military) administrators, as well as a small number of sales. After first appearing on Arpanet, unsolicited bulk commercial ads moved over to Usenet, email and websites links. Much to the chagrin of Hormel Foods, the term spam was applied to the phenomenon in a pop-culture reference to the spam skit from Monty Python's Flying Circus, where all meals in a restaurant come with spam, spam and more spam. Junk email - not nourishing luncheon meat - has become the principal meaning of the word spam. (theregister.co.uk)

At 30, Spam Going Nowhere Soon - Audio (npr.org)

Is Nothing Sacred? Cupcakes Used For Information Trolling

May 4, 2008

Archived Stories