KnujOn (nûj-ôn)

Knujon Archives:

News - 2009 Archive

Archived 2009 News, for current news click here

States Say 'No Thanks' to Mystery Laptops

August 31, 2009

Officials in West Virginia, Vermont, Wyoming and Washington state have reported receiving between three and five laptops, each over the course of two separate deliveries — but none had ordered any of them. (

Microsoft apologizes for gaffe in online ad

August 30, 2009

Software giant Microsoft apologized Wednesday for the apparent bad judgment that led to the head of a black model being swapped for that of a white model in an online advertisement. (

Antitrust watchdog probes Google Italy

August 29, 2009

Italy’s antitrust watchdog is investigating allegations that Google Italy is discriminating against newspapers that don’t want their content linked on Google’s news site by dropping them from its search engine. The Italian authority monitoring markets and competitions said in a statement that it was looking into whether Google might have an unfair advantage in reaping online advertising. (

Rogue Pharmacies Dominate Bing's Ads(
Most Microsoft Bing-Sponsored Search Ads Point To Phony Pharmacies(
Fraud groups ding Bing for illicit pharmacy promos(
Report: Microsoft Bing benefits from illegal pharmaceutical sales(
Bing And Rogue Pharmacy Ads?(
Does Bing 'Find' Illicit Meds Sites?(
Bing blasted for pushing rogue RX advertisements(
Microsoft Bing Benefits from Ads for Illegal Online Pharmacies(
90% Of Bing’s Internet Pharmacies Search Ads Lead To Rogue Sites(
Bing in the dock over rogue pharmacy site ads(
Microsoft Bing Enables Counterfeit Pharmaceutical Sales(
90% of Bing's online drug ads lead to rogue pharmacies(
Microsoft's Bing invaded by pharmaceutical scammers(
Microsoft Slammed Over Bing's Sponsored Online Drug Ads(
Criminal Prescription: Fake Pharmacies Haunt Bing(
9 in 10 US drug ads on Bing are illegal- report (
Fake Pharm Ads Flood Bing, Microsoft Benefits: Report(
Bing Selling Fake Viagra Says Knujon(
Are Bing Searches Still Turning Up Illicit Meds?(
Bing’s Illegal Rogue Pharmacy Ads: “Online Street Corners”(
Microsoft Allows Illegal Online Pharmacies to Advertise on Bing(
Microsoft Bing a Haven for Illegal Pharmacy Ads(
Criminals Operating Unlawful Online Pharmacies Through Microsoft’s Bing(
Microsoft AdCenter On Illegal Pharmacy Ads(

Contractor Seeks 'Cyber Warriors' to Help Defend U.S.

August 9, 2009

Leading defense contractor Raytheon is looking for a few good men and women — a couple of hundred of them, in fact — to patrol the front lines of America's cybersecurity. (

Report finds government vulnerable to cyber attacks

August 8, 2009

The nation's security could be in jeopardy because not enough workers are sufficiently trained to protect computer systems from hackers, criminals, terrorists and foreign governments, the Partnership for Public Service and consulting company Booz Allen Hamilton found after studying 18 federal agencies and interviewing experts inside and outside government. (

Trial set to begin in Mass. music downloading case

August 7, 2009

The industry accuses Joel Tenenbaum, of Providence, R.I., of downloading songs and making music files available for distribution on the Kazaa file-sharing network. (

Free parking for all? Smart parking meters hacked

August 6, 2009

The smart cards pay for parking spots, and their programming could be easily changed to obtain unlimited free parking. It took researcher Joe Grand only three days to design an attack on the smart cards. The researchers examined the meters used in San Francisco, California, but the same and similar electronic meters are being installed in cities around the world. (

UK Pentagon hacker loses appeal, will be sent to U.S.

August 5, 2009

The Briton accused of hacking into U.S. government computers on Friday lost his court appeal to have his case heard in Britain, his legal team said. (

Pharmaceuticals purchased via Microsoft advertisements test positive as counterfeit

August 4, 2009

New report from and

Among our findings in the 59-page report:



Bing is Microsoft's search engine, a new version of their old platform. Advertisers may purchase space within the search results that are matched to a user's search terms. The point is to present the user with products they may be interested in and can click through to. These are not "organic" search results that appear because of popularity, meta-data or relevance. These are paid-for search results tied to specific products and services. Pharmacies are heavily regulated, in the real world and on-line. Unlicensed pharmacies are not supposed to be able to advertise within Bing.

Analysis Walkthrough

Bing has search suggestions. Start typing and options will appear below your entry.

In this case, we simply typed "Xanax no" and Bing suggested four variations of "Xanax no prescription" for us. [Xanax, AKA Alprazolam, is used to treat anxiety disorders and panic attacks. Xanax is a controlled substance. Long-term abuse may result in physical dependence.]

The sponsored Bing results have many options for buying Xanax without a prescription

As a sample we will examine the most prominent advertisement: (ABACUS AMERICA INC/AT&T WorldNet Services) In reviewing these sites it does not take long to see what is really going on. does not supply its business address(makes vague reference to being in Florida) and actually states in their FAQ: "We are not a pharmacy". There are many other samples in the full report. Verify

Bing offers other results

In addition to Xanax, Bing suggests links to find Ocycontin, Hydrocodone, Ambien, Vicodin and others with no Prescription.

See For Yourself

  1. Click a link below
  2. Review the Bing sponsored results
  3. Check the website with LegitScript to see if it is real
abilify at Bing
accutane at Bing
adderall at Bing
ambien at Bing
butabarbital at Bing
butalbital at Bing
butethal at Bing
celebrex at Bing
celexa at Bing
cialis at Bing
cymbalta at Bing
dextropropoxyphene at Bing
dolophine at Bing
dopamine at Bing
haldol at Bing
hydrocodone at Bing
ketamine at Bing
lentabol at Bing
levitra at Bing
oxycodone at Bing
oxycontin at Bing
prozac at Bing
soma at Bing
viagra at Bing
vicodin at Bing
xanax at Bing
xeloda at Bing
xenical at Bing
zoloft at Bing
zovirax at Bing


Search Spammers Hacking More Websites

August 3, 2009

Google's page-rank algorithm, for instance, in part gives prominence to pages that are heavily linked to other material on the Web. Spammers can exploit this by adding links to their site on message boards and forums and by creating fake Web pages filled with these links. [Knujon] keeps track of reported search spam, says that some campaigns involve creating up to 10,000 unique domain names. (

Third-Party Ads Give Facebook an 'Image' Problem (

Personal Technology Nightmares!

August 1, 2009

Exposed: Repair Shops Hack Your Laptops (

Family learned over Internet that son was killed (

Report: Federal Documents Detail iPods Overheating, Catching Fire (

GPS Typo Leads Couple 400 Miles Off Course (

iPhone Apps for the Lawbreaker in You (

Legal battle puts Skype's future in jeopardy, owner says

July 30, 2009

If Skype loses the right to use a key part of its software and can't create an adequate replacement, "Skype's business as currently conducted would likely not be possible," eBay said in its quarterly filing with the U.S. Securities and Exchange Commission. (

Real and Legal Work-At-Home Jobs (

UN orders Iranian to give up Facebook Web address

July 30, 2009

The U.N.’s World Intellectual Property Organization says current owner Majid Karimian Ghannad of Yazd, Iran, has to transfer the domain name — — to the U.S.-based site. The Geneva-based U.N. agency says Ghannad registered the domain in bad faith and had no right to the name. (

White House Clears Up Twitter Mystery (

Feared Hackers Call Off Attack on AT&T

July 28, 2009

A rare moment of civility broke out on the Internet Monday, as the troublemaking geeks of called off a planned attack on telecommunications giant AT&T. (

Whatever happened to the Conficker worm?

July 27, 2009

The hugely talked-about computer worm seemed poised to wreak havoc on the world's machines on April Fool's Day. And then ... nothing much happened. But while the doom and gloom forecast for the massive botnet -- a remotely controlled network that security experts say infected about 5 million computers -- never came to pass, Conficker is still making some worm hunters nervous. (

Chinese hack film festival site

July 26, 2009

Chinese hackers have attacked the website of Australia's biggest film festival over a documentary about Uighur leader Rebiya Kadeer. (

Fix Your Terrible, Insecure Passwords in Five Minutes

July 25, 2009

A foolproof technique to secure your computer, e-mail, and bank account. (

Keeping your downloads legal

July 24, 2009

10 sites to help you navigate the new world of music. Instead of buying CDs or downloading songs, younger consumers appear to be shifting toward streaming music online and on mobile devices. (


July 23, 2009

Although spam filtering and blocking is helpful for the end user, it doesn’t stop the production of spam. KnujOn strikes spam at the source. Unsolicited electronic material is more than just an annoyance. In 2004, Ferris Research Inc. estimated that spam costs US organizations more than US$ 10 billion dollars per year in manpower, software expenses, and lost productivity. In addition, affected systems can suffer from a distributed loss of bandwidth and occasional server failures, not to mention the risk of virus infection and the dangers of phishing expeditions. (

Report finds government vulnerable to cyber attacks

July 22, 2009

The report cites four challenges facing the government: an inadequate supply of potential new information technology experts; uncoordinated leadership of cyber-security workers; a cumbersome hiring process that discourages people from seeking government jobs and fails to provide a career path for those who do; and hiring managers and human resource specialists who disagree on the quality of IT candidates. (

Obama Wages Cyberwar - Mentions KnujOn (

Lead Networks Loses Accreditation

July 21, 2009

MARINA DEL REY, CA - The Registrar Accreditation Agreement (RAA) between the Internet Corporation for Assigned Names and Numbers (ICANN) and registrar Lead Networks Domains Pvt. Ltd. has expired without renewal because Lead Networks failed to comply with the requirements of that RAA (

Mystery Hackers Stole Data During Last Week's Cyberattacks

July 20, 2009

SEOUL, South Korea — Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday. The attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries. (

Teenager claims to have easy iPod Touch jailbreak (

Lexis-Nexis Breach Linked to Crime Family

July 19, 2009

Lexis-Nexis made public notification of a data breach that federal authorities say is tied to a New York mafia crime family. The New York-based company has sent more than 13,000 letters to former customers whose personal data may be at risk. The 13,000 customers may have been targeted for extortion and identity theft. (

Amazon takes a page from 1984, deletes Orwell books from Kindles (

Online Pranksters Wreak Havoc at Hotels, Restaurants Nationwide

July 18, 2009

Often imitated and deviously duplicated, a group called PrankNET appears to be at the center of a growing trend that has harried hoteliers and restaurateurs for months and is now being investigated by the FBI. (

Doctor faces jail over Internet pharmacy scam

July 17, 2009

BOSTON - A doctor has pleaded guilty to writing tens of thousands of prescriptions for muscle relaxants and other drugs over the Internet to patients he'd never examined. Federal prosecutors say Dr. Torino Jennings, of Mechanicsville, Va., pleaded guilty in U.S. District Court in Boston on Monday to seven counts of introducing misbranded drugs into interstate commerce and four counts of tax evasion. Prosecutors say between 2004 and 2007, Jennings issued from 50,000 to 100,000 prescriptions based on forms completed for online pharmacies. (

Pain relief can spiral into addiction to prescription drugs (

Uyghur "cyber-separatism"

July 16, 2009

Although access to the internet is restricted within China and many neighboring Central Asian republics, where a large portion of the Uyghur expatriate community resides, over twenty-five prominent web sites, mostly maintained by Uyghurs who left Xinjiang prior to Communist Liberation, reach approximately half of the estimated one million Uyghurs living outside Xinjiang. Most, like the International Taklamakan Human Rights Association (, the East Turkistan Information Center (, and the Uyghur American Association ( are focused on serving the international exile community and drawing external attention to the Uyghurs' plight, with predominantly English-language sites ("Cyber-Separatism and Uyghur Ethnic Nationalism in China" 16). About half are dedicated to open independence advocacy, while the others are focused more generally on providing information about the Uyghurs, their history, culture, and current political situation; a few of these latter sites are sometimes accessible within China itself depending on political conditions ("Cyber-Separatism and Uyghur Ethnic Nationalism in China" 9). (

Six signs it's a job scam

July 15, 2009

Though job scams are prevalent at any point in time, today's tough economic times have increased the amount of scammers looking to take advantage of people desperate to make money and find a job. "With the economy sliding, people who might otherwise be skeptical want to find a silver lining and too often mistake the glitz and glamour promises of a scammer's ad for their path to financial security," says Christine Durst, co-founder and CEO of Staffcentrix, a training and development company that focuses on home-based work. (

Cousins set to launch after paying $3M for domain

July 14, 2009

A Weymouth company is sweet on becoming the online corner candy store to the world. is scheduled to launch July 20 as a destination for everything candy - selling more than 6,000 different candy items from 500-plus manufacturers to offering product reviews, blogs and discussion boards. The Web site’s candy selection will come from all over the United States and the world, including products from smaller manufacturers and retro candy that adults remember from their childhood, such as candy cigarettes, 100 Grand bars and Charms, according to CEO Greg Balestrieri. (

Xin Net Continues to Cover for Illicit Traffic Sites

July 13, 2009

Once again we are seeing false suspensions and blank Whois records for spammed Xin Net domains engaged in illicit traffic. This has been carefuly documented at Xin Net before.

No Whois record returned, but the site is active!

The return of "old school" spam

July 12, 2009

Every quarter Google and Postini take a joint look at the state of the spam industry, its undulations and upheavals. And the results for the most recent quarter, ended June 30, are in. In many ways, the results are unsurprising: Spam is up again, with levels 53 percent higher than the first quarter of the year, but just 6 percent higher than the second quarter of 2008. (Spam levels were uncommonly low last quarter following the shut-down of the ISP McColo, a notorious haven for spammers. Those spammers have largely found other services to host their activities, and spam levels have since rebounded.) (

Need Some Weed? Just Check Twitter

July 11, 2009

Some California pot sellers are living the high life this summer — because high-tech social-networking sites such as MySpace, Facebook and Twitter are allowing them to legally swap street corners for the Internet. (

Security guard charged with hacking hospital systems

July 10, 2009

IDG News Service - The grainy video shows a bleary-eyed young man in a hoodie inside the Carrell Clinic in Dallas, Texas. As he hits the elevator button, the theme music from Mission Impossible plays in the background. "You're on a mission with me: Infiltration," he tells the camera. Then in the course of the next five minutes, the man, who says he hasn't slept in three days, uses a security key to roam the halls of the hospital and install malicious botnet software on a computer there. He says he's "infiltrated a very large corporate office," but according to the U.S. Federal Bureau of Investigation, he was just working the night shift as a security guard, pretending to break into the very building he was supposed to be guarding. On Friday the federal authorities arrested Jesse William McGraw on a charge of felony computer intrusion, saying he intended to use the botnet to launch a massive distributed denial of service (DDOS) attack on July 4, the day after he was set to stop working there. He'd nicknamed the day "Devil's Day." He worked for a Dallas security company called United Protection Services, on the 11 p.m. to 7 a.m. shift at the clinic. McGraw, who went by the hacker name GhostExodus, allegedly installed malicious software all over the Carrell Clinic, including systems that contained confidential information and others that managed the building's climate-control systems, authorities said Tuesday. The hacker could have harmed patients or damaged drugs if he had turned off air conditioning during Texas's hot summer months, authorities said (

Troubles Plague Cyberspy Defense

July 9, 2009

WASHINGTON -- The flagship system designed to protect the U.S. government's computer networks from cyberspies is being stymied by technical limitations and privacy concerns, according to current and former national-security officials. The latest complete version of the system, known as Einstein, won't be fully installed for 18 months, according to current and former officials, seven years after it was first rolled out. This system doesn't protect networks from attack. It only raises the alarm after one has happened. A more capable version has sparked privacy alarms, which could delay its rollout. Since the National Security Agency acknowledged eavesdropping on phone and Internet traffic without warrants in 2005, security programs have been dogged by privacy concerns. In the case of Einstein, AT&T Corp., which would test the system, has sought written approval from the Justice Department before it would agree to participate, people familiar with the matter says. (

Pentagon Official: North Korea Behind Week of Cyber Attacks

July 8, 2009

North Korea was indeed behind the cyberattacks that targeted dozens of Web sites in the U.S. and South Korea over the past week, a U.S. defense official told Fox News Wednesday afternoon. (

Chinese Registrars Need Rap on Knuckles, Expert Says

July 7, 2009

A computer security expert is calling for action against two Chinese companies that he and other analysts allege are facilitating spam and cybercrime on the Internet. Both of the companies, eName ( and Xin Net Technology (, are domain name registrars. They sell domain names and the corresponding registration services that allow a Web site to be found on the Internet, said Gary Warner, director of research in computer forensics at the University of Alabama's computer and information sciences department. Warner, who runs a research project dedicated to tracking trends in spam, said both companies accept domain name registrations from bad actors who can be traced to illegal activity and spam. Xin Net came in at the top spot on a list of the most abused registrars released earlier this year by KnujOn, an organization dedicated to fighting spam. It garnered the same rank last year. From June 2008 through February, KnujOn said it found 34,283 illicit domains linked to Xin Net, covering unregulated prescription drugs, pirate software and counterfeit consumer goods. EName has allowed registration of Web sites selling software that purportedly allows users to spy on other people's SMS messages, Warner said. The company also allows the registration of domains names that are hosted on botnets, or networks of computers that have been infected with malicious software. (

CyberCrime & Doing Time (
China postpones controversial Web filter (

Flights Delayed at Chicago's O'Hare Airport Because of Computer Glitch

July 6, 2009

CHICAGO — United Airlines' computers are back up and running at O'Hare International Airport, slowly easing long lines of passengers headed out for the Fourth of July holiday weekend. It's not clear whether all of the computers are functioning again, but some ticket agents are able to check in passengers. And the self check-in kiosks are working. A computer problem involving all of United's computers at O'Hare had caused delays and cancelations Thursday morning. (

Jackson dies, almost takes Internet with him

July 5, 2009

LONDON, England (CNN) -- How many people does it take to break the Internet? On June 25, we found out it's just one -- if that one is Michael Jackson. The biggest showbiz story of the year saw the troubled star take a good slice of the Internet with him, as the ripples caused by the news of his death swept around the globe. "Between approximately 2:40 p.m. PDT and 3:15 p.m. PDT today, some Google News users experienced difficulty accessing search results for queries related to Michael Jackson," a Google spokesman told CNET, which also reported that Google News users complained that the service was inaccessible for a time. At its peak, Google Trends rated the Jackson story as "volcanic." As sites fell, users raced to other sites: TechCrunch reported that TMZ, which broke the story, had several outages; users then switched to Perez Hilton's blog, which also struggled to deal with the requests it received. (

Celebrity death rumors spread online (

Two Centuries On, a Cryptologist Cracks a Presidential Code

July 4, 2009

For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now. The cryptic message was sent to President Jefferson in December 1801 by his friend and frequent correspondent, Robert Patterson, a mathematics professor at the University of Pennsylvania. President Jefferson and Mr. Patterson were both officials at the American Philosophical Society -- a group that promoted scholarly research in the sciences and humanities -- and were enthusiasts of ciphers and other codes, regularly exchanging letters about them. (

Swedish Music Pirates Make Millions in Jail

July 3, 2009

STOCKHOLM — A little-known Swedish software firm has snapped up file-sharing website The Pirate Bay with the hope of turning the source of legal controversy into a money-spinner that appeals to both users and content providers. Global Gaming Factory X AB, which operates Internet cafes and provides software, said Tuesday that it had agreed to buy Pirate Bay for 60 million Swedish crowns ($7.7 million). The website made world headlines in April when the three Swedish founders and a financial backer were each sentenced to one year in jail and ordered to pay a combined $3.6 million in damages for breaching copyright law with the free downloading site, which was one of the biggest sites of its kind on the Internet. (

Hey, that's not the hotel I booked (

U.S. and Europe Jointly Establish Cyber-Crime Force

July 2, 2009

ROME -- The U.S. Secret Service plans to unveil Tuesday plans for a pan-European task force charged with preventing identity theft, computer hacking and other computer-based crime. The unit will be based in Rome, teaming up with an Italian anti-cyber-crime police unit and the Italian post office Poste Italiane SpA, which has developed software that can track electronic payments as it moves beyond traditional mail delivery. (

Apple pulled adult app, won't distribute porn (

Securing critical infrastructure needs holistic approach, panel says

July 1, 2009

Securing the nation’s and the world’s increasingly critical, connected and diverse information infrastructure requires a holistic view of cybersecurity, rather than a focus on specific technologies, threats and delivery vectors, according to a panel of government security officials. (

Hacker pleads guilty to stealing 1.8 million credit card numbers (

New cyber chief to protect against computer attacks

June 29, 2009

Prime Minister creates security post after warnings of electronic espionage. Britain is to appoint its first national cyber security chief to protect the country from terrorist computer hackers and electronic espionage, Gordon Brown will announce tomorrow. (

Ex-DHS Cyber Chief Tapped as President of ICANN

June 28, 2009

Former Department of Homeland Security cyber chief Rod A. Beckstrom has been tapped to be the new president of the Internet Corporation for Assigned Names and Numbers (ICANN), the California based non-profit, which oversees the Internet's address system. Most recently, Beckstrom was director of the National Cyber Security Center -- an organization created to coordinate security efforts across the intelligence community. Beckstrom resigned that post in March, citing a lack of funding and authority. (

U.S. Officials: Iran Opposition Leader's Web Site Shut Down, Supporters 'Tortured' Into Confessions

June 27, 2009

State Department officials monitoring events in Iran from Dubai have relayed back to Washington that Mousavi's Web site "Kalemah," his last link to the outside world, is completely shut down. (

"I wish people wouldn't refer to Knujon reports as if it was the bible"

June 26, 2009

Pro-Iran Hackers Deface Oregon University Web Site

June 25, 2009

PORTLAND, Oregon — Hackers defaced the home page of the Oregon University System, posting a caustic message telling President Obama to mind his own business and stop talking about the disputed Iranian election. Attempts to access the university system's Web site were automatically redirected to another page, where readers viewed a message said to be from Iran that asserted there was no cheating in the election. That message was up for 90 minutes before university system technicians intervened Wednesday morning. (

N.J. Teen Won't Face Child Porn Charges for Posting Nude Photos of Self on MySpace

June 24, 2009

TRENTON, N.J. — A 14-year-old New Jersey girl who posted nude pictures of herself on will have child pornography counts dropped. The Passaic County Prosecutor's Office says the girl must undergo at least six months of counseling and probation and must stay out of trouble. If she does, all charges will be dropped. The Clifton teen was initially arrested and charged with possession of child pornography and distribution of child pornography. If convicted on those counts, she could have been required to register as a sex offender. (

Accused Spam King Alan Ralsky Pleads Guilty

June 23, 2009

Alan Ralsky, a 64-year-old Michigan man that federal investigators say was among the world's top spam kingpins, pleaded guilty on Monday to running a multi-million dollar international stock fraud scam powered by junk e-mail. (

News Roundup

June 21, 2009

Germany to Block Child Porn Web Sites (

Australian Parents Fight to Shut Down Teen 'Revenge' Web Site (

Iranians dodging government's Internet crackdown (

FBI hacked by China (

Cyber warriors join fight against censors and foil Iran’s bid to silence bloggers

June 20, 2009

One blogger put up an “Iran Election Cyberwarfare Guide” detailing how activists could support Iranian tweeters. Advice included: “Help cover the bloggers: change your twitter settings so that your location is Tehran and your time zone is GMT +3.30. Security forces are hunting for bloggers using location and timezone searches. If we all become Iranians, it becomes much harder to find them.” Protesters are also using Twitter to organise “denial-of-service” attacks against Iran Government websites — co-ordinated attempts to shut down their servers by overwhelming them with traffic. (

Woman fined to tune of $1.9 million for illegal downloads

June 19, 2009

(CNN) -- A federal jury Thursday found a 32-year-old Minnesota woman guilty of illegally downloading music from the Internet and fined her $80,000 each -- a total of $1.9 million -- for 24 songs. Jammie Thomas-Rasset's case was the first such copyright infringement case to go to trial in the United States, her attorney said. (

Web Searches on Celebs, Lyrics Return Viruses

June 18, 2009

Michael Phelps may have conquered the 2008 Olympics, but he might also be destroying students’ computers. Typing his name in five major search engines carries a 40 percent maximum risk of infection, according to a recent report by the security technology company McAfee. Hypothetically, 100 out of the 250 websites that appear after a search of “Michael Phelps” would be infected. (

How Iranians Get Around Web Censors

June 17, 2009

Iranians protesting the outcome of their country's presidential election, and stymied by Internet censorship, have a secret weapon — proxy servers. Following the controversial announcement that President Mahmoud Ahmadinejad had won in a landslide late Friday, Iranian authorities disabled cell-phone text-messaging and blocked Web sites such as Facebook and YouTube. But Iranians who'd voted for the "loser," Mir Hossein Moussavi, quickly discovered what Chinese Web users have long known: certain Internet-linked servers can serve as relays, allowing access to blocked sites. Instead of two machines communicating directly — as usually happens when a Web user goes to a Web site — the proxy server acts as a "man in the middle," bouncing data from one to the other and back again. (

Crackdown on Scam Robo-calls

June 16, 2009

Behind a Massive Robocall Scam, Four Human Faces: What's surprising is that these billion-plus calls allegedly stemmed from three companies — Transcontinental Warranty, Voice Touch and Network Foundations. And behind those three companies are four human faces: Christopher Cowart, James and Maureen Dunne, and Kamian Kohlfeld. (

A Peek Inside One Telemarketing Firm Ensnared in FTC Lawsuit: After just four days as a telemarketer at Transcontinental Warranty, Mark Israel quit. He couldn't take all the dishonesty and the "screaming and yelling" from irate consumers. A declaration from Israel, of Boca Raton, Fla., is a key component in a Federal Trade Commission civil lawsuit against the Florida company, which is accused of using illegal, prerecorded calls — or robocalls — and blatant misrepresentations while hawking bogus car warranties. (

Car Warranty Robo Calls Investigated: The calls target people regardless of whether they have warranties or even own cars and have become such a nuisance that officials in 40 states are investigating the companies behind them. The Better Business Bureau said that last year it received more than 140,000 complaints about the car warranty calls, which come even if a person has signed up for the national Do Not Call registry. (

Peeved at Auto-Warranty Calls, a Web Posse Strikes Back : Mr. Silveira began calling back an auto-warranty company that has become the focus of an Internet crusade. He left it voice-mail messages that contained nothing but a recording of Rick Astley's 1987 hit song "Never Gonna Give You Up." (

Sample Robo-Call Recordings:
402-982-0610 on 5/29/09 "Mortgage Payment Reduction"
269-768-2592 on 5/29/09 "Hardship program"(female)
917-398-5520 on 6/16/09 "Hardship program"(male)
502-565-1289 on 4/27/09 "Grant funding"
866-246-2310 on 6/5/09 "Auto Warranty"
231-732-2607 on 2/18/09 "Consumer Credit Card Bailout"
571-261-0045 on 5/12/09 "Kathy from Financial Freedom"
206-339-3738 on 5/5/09 "Cash System" RE:* More on this one later

Iran threatens Web sites reporting on protests(

Crisis in Iran Sparks Global Guerrilla Cyberwar

June 15, 2009

The election crisis in Iran has ignited a full-on guerrilla cyberwar, with Twitterers and techies across the globe pitching in to help protesters in that country access the Internet, and official Iranian government Web sites being knocked offline. (

Twitter Links Iran Protesters to Outside World (

Cybercops Without Borders

June 14, 2009

For years, cybercrime has been moving to Eastern Europe and Asia. Now U.S. law enforcement is following it. (

Tagged: The World's Most Annoying Website

June 13, 2009

Two Harvard math majors, Greg Tseng and Johann Schleier-Smith, co-founded Tagged in 2004. I called them up, wanting to know why they're using Harvard math degrees to annoy the piss out of people. Tseng, the CEO, was unavailable, but Schleier-Smith, the chief technology officer, agreed to talk, but only over e-mail. "We did not intend to cause people to invite contacts by accident," Schleier-Smith wrote. "The recent backlash hurts, and we want to ensure our continued growth helps people rather than creating problems for them." (

Tagged or Spammed?

What are the most dangerous search terms on the Internet?

June 12, 2009

HONG KONG, China (CNN) -- If you like to search for "music lyrics" or "free" things, you are engaging in risky cyber behavior. And "free music downloads" puts 20 percent of Web surfers in harm's way of malicious software, known as "malware." A new research report by U.S.-based antivirus software company McAfee has identified the most dangerous Internet search words that place users on pages with a higher likelihood of cyber attacks. The study examined 2,600 popular keywords on five major search engines -- Google, Yahoo, Live, AOL and Ask -- and analyzed 413,000 Web pages. (

Score one for the good guys in battle against spam

June 11, 2009

This is not the first successful action against bad actors. In May 2008 the anti-spam organization KnujOn issued a report that identified 20 registrars — companies that issue domain names — as being responsible for 90 percent of the domains associated with high levels of spam or other abusive activities. By February 2009, eight of the top 10 offenders had been either put out of business or had cleaned up their acts. Unfortunately, a new group of registrars had taken their places, with 10 registrars responsible for 83 percent of spam domains (

Rumor Mill: Rod Beckstrom, former director of the US DHS National Cybersecurity Center, to be new CEO of ICANN

ICANN and the Joint Project Agreement(JPA)

June 10, 2009

On Thursday, June 4th the House Subcommittee on Communications, Technology and the Internet held an oversight hearing on “Issues Concerning the Internet Corporation for Assigned Names and Numbers”. The hearing was remarkable in a number of ways. First, given the technically arcane nature of its subject, the turnout was spectacular – more than half the Subcommittee’s members on a morning when other hearings competed for their attention, and a SRO crowd in the very large hearing room of the full Energy and Commerce Committee. Second, there was remarkable bipartisan agreement expressed, with Member sentiments falling on a continuum between extreme concern and “over our dead bodies” as regards the prospect of termination of the Joint Project Agreement (JPA) between the U.S. and ICANN on September 30th. (

Energy and Commerce Subcommittee Hearing on “Oversight of the Internet Corporation for Assigned Names and Numbers (ICANN)”

77 Suspects Arrested on Child Pornography Charges in Florida, 5 Young Victims Rescued

June 9, 2009

TALLAHASSEE, Fla. — State, local and federal authorities have arrested 77 suspects on child pornography charges and rescued five young victims. Gov. Charlie Crist announced the 10-week crackdown Tuesday at a news conference with "America's Most Wanted" TV host John Walsh and Attorney General Bill McCollum. The suspects range in age from 17 to 83 and include two registered sex offenders. The last person was arrested Tuesday in Tallahassee. Walsh called the crackdown "historic" and heaped praise on Crist and McCollum, saying he hoped both Republicans will win their next political races. Crist is running for U.S. senator and McCollum for governor. (

FTC Shuts Down Notorious Rogue Internet Service Provider

June 8, 2009

3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet. According to the FTC, the defendant, Pricewert LLC, which does business under a variety of names including 3FN and APS Telecom, actively recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC alleges that the defendant advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals. (

The Fallout from the 3FN Takedown

June 7, 2009

The Federal Trade Commission's unprecedented recent takedown against troubled Web hosting provider has had an immediate -- if little noticed -- impact on the level of spam sent worldwide, and the number of infected PCs doing the spamming, according to multiple sources. Experts say the drop in spam probably is not visible to most Internet users or even operators of large networks, as the decrease is within the upper ranges of daily fluctuations in spam volumes. Still, the preliminary results indicate that a large number of spam-spewing zombie PCs were being coordinated out of severs hosted at 3FN. According to botnet expert Joe Stewart, director of malware research at Atlanta based SecureWorks, 3FN was home to a large number of command-and-control servers for the Cutwail spam botnet, one of the world's largest. As of last week, Stewart said he was tracking upwards of 400,000 spam zombies infected with Cutwail and sending spam. When I caught up with Stewart again on Monday, he said the number of Cutwail-infected PCs actively spamming was fluctuating between 120,000 and 150,000. (

What You Don't Know About the World's Worst Breaches

June 6, 2009

Verizon Business investigated 90 major data breaches in 2008, including 285 million compromised records. Nearly ¾ of those breaches were external hacks, and 99.9 percent of the records were compromised via servers and applications. (

Aerial images online endanger national security, critics say

June 5, 2009

WASHINGTON (CNN) -- One is a assemblyman in California; the other a piano tuner in Pennsylvania. But when they independently looked at online aerial imagery of nuclear power plants and other sites, they had the same reaction: They said they feared that terrorists might be doing the same thing. Now, both have launched efforts to try to get Internet map services to remove or blur images of sensitive sites, saying the same technology that allows people to see a neighbor's swimming pool can be used by terrorists to chose targets and plan attacks. (

Pentagon Working on Cyberwarfare Tools for GIs (

ICANN Conference Call Disrupted

June 4, 2009

Now that KnujOn is an ICANN At-Large Structure we participate in many conference calls where vital policy issues are discussed. These calls are invitation only code accessed. This particular call was on the IRT Briefing concerning trademark protection and related issues. About halfway through the call an unidentified male interrupted the discussion and demanded "What color is your underwear?", mild outrage and confusion was followed by more strange statements like "EVERYONE HANG UP NOW! NO MORE QUESTIONS!" and then mass muting of all participants by the call operators at ICANN. After a moment we were restored to the call, but the interruptions continued as whoever repeated tried to shout into the call. Towards the end we were all treated to the query: "Anyone want to touch my wiener?" It is not clear if this was done by cybercrooks, ICANN critics or random pranksters. This was a first, but could be the beginning of a trend as issues of e-crime, institutional corruption, personal privacy, cross-border control, and international sovereignty take center stage in the next decade of the Internet.

The President's Blackberry has been hacked!

June 3, 2009

Cyber terrorist Kasper Hauser has accessed President Barack Obama's encrypted Blackberry messages and reprinted them in a new book being published by the complicit book publisher Little Brown on June 8, 2009. (

Microsoft's New Search Engine Puts Porn in Motion

June 2, 2009

Your kids may get a bang out of Bing — and that's not a good thing, Internet safety experts warned on Monday. (

Maximizing Data Quality & Minimizing Risk for Banking Institutions

June 1, 2009

Learn how an optimal data security solution will allow for effective usage of your organization's data while protecting sensitive information and allowing you to operate in compliance with GLB and SOX. (

Heartland Update: More than 650 Institutions Impacted

May 29, 2009

While it's hard to get a handle on just how many consumers were affected by the Heartland Payment Systems (HPY) data breach, the total number of institutions now reporting card compromises is at 656. The tally reflects many banks and credit unions with losses of thousands of dollars to fraud, along with the costs associated with monitoring and card replacement, which has led to several class action suits being filed against the payments processor. On Wednesday, a federal court judge on the Judicial Panel on Multidistrict Litigation in Louisville, KY was to hear the case for consolidating several of the class action suits. The judge will issue the courts ruling sometime after the hearing. (

Iranian Politician Blasts Country's Facebook Ban

May 28, 2009

TEHRAN, Iran — A moderate challenger to hardline President Mahmoud Ahmadinejad condemned the authorities on Monday for blocking access to the Facebook social networking site ahead of the June 12 presidential election. (

French police detain 90 in child porn sting

May 27, 2009

PARIS — A French police official says 90 people have been detained in a nationwide sweep of suspected consumers of online child pornography. The official says Tuesday’s operation stemmed from the 2004 arrest of an 18-year-old man who was running a child pornography ring. The man, from the northern city of Clermont, traded pornographic photos and videos of children as young as babies. He has since been incarcerated. (

China court backs net censor victim

May 26, 2009

A Beijing judge has ruled that an internet hosting company was wrong to close a prominent government critic's website over allegedly illegal content, in the first case won by a victim of internet censorship in a Chinese court. Hu Xingdou, an economics professor who regularly discusses topics ranging from corruption to police brutality on his webpage, sued Beijing Xin Net in April after the hosting company sent him an e-mail saying the site contained "illegal" content and had been shut down. In a verdict issued on May 20, the Daxing district court said the company had failed to provide proof for its claim and to prove that it asked Mr Hu to change the incriminated content before closing the site, as required in their contract. (

Steroids update: ICANN terminates registrar non-responsive to LegitScript rogue Internet pharmacy notifications

May 25, 2009

In July of last year, LegitScript and spam fighter KnujOn sent out letters to eight US-based registrars requesting that they terminate or suspend websites they were sponsoring that offered to sell steroids, a Schedule III controlled substance, without a prescription, from overseas (both illegal and dangerous). Eventually, six of the eight registrars terminated all of the sites. The sole exceptions were Parava Networks, supposedly in Texas, and eNom. (

Cyber conflict? More like censorship

May 24, 2009

A handful of times in the past two years, political tensions in former Soviet states have spilled over into cyberspace. In April 2007, protests in Estonia, which was occupied by the Soviet Union for nearly four decades, resulted in attacks by ethnic Russians and their sympathizers on Estonian government networks. A year later, cyber attacks on networks in the nation of Georgia accompanied the military conflict between that country's government and Russia. Radio Free Europe suffered an attack nearly a year ago after it posted a report on the anniversary of the accident at the Chernobyl nuclear power plant. (

HIV-positive patients sue hospital over records lost on train

May 23, 2009

Four HIV-positive patients whose records were left behind on an MBTA train by a Massachusetts General Hospital employee are suing the hospital, claiming their privacy has been breached. In March the hospital notified 66 patients who received care at its Infectious Disease Associates outpatient practice that billing records bearing their names, Social Security numbers, doctors, and diagnoses had been lost by a manager who was riding the Red Line. She had brought the paperwork home for the weekend, but left it on the train when she returned to work the morning of Monday, March 9, according to hospital security reports. (

YouTube Flooded With Porn Clips

May 22, 2009

The "/b/tards" strike again. The teenaged pranksters of's /b/ discussion board flooded YouTube with pornographic clips Wednesday and Thursday, according to various reports. YouTube has strong filters and dedicated employees seeking out and deleting porn from the site, but it wasn't enough to handle the onslaught of uploading clips. (

Hundreds of Texas Property Owners Lose Land in Massive Scam

May 21, 2009

Hundreds of Texas landowners may be forced to battle in court to get their own properties back after investigators announced the landowners may have been victims of a massive fraud. (

Mom Outraged by Son's Arrest Reportedly Knew of His Web Stardom for Phone Threats

May 20, 2009

When a North Carolina woman accused the federal government last week of abusing the Patriot Act to imprison her teenage son for allegedly making bomb threats, the mother's allegation caused quite an uproar, including calls to free 16-year-old Ashton Lundeby. But a new report by Wired News suggests that, not only was the teenager an online superstar in rogue tech communities for his prank phone calls, but his mother may have known all along that the boy was conspiring with others to make bomb threats. (

KnujOn at Anti-Spyware Conference

May 19, 2009

Who Owns the Problem? In recent years, the web has become one of the leading methods of spreading malicious software. One of the challenges in fighting this means of distribution is the diversity of groups involved in the fight: security companies, independent researchers, webmasters, registrars, hosting companies, network providers, enforcement agencies, and more. What are reasonable expectations and roles for the various parties involved? What partnerships are effective, and how do we build more of them? What are best practices for information reporting and for responding to abuse complaints? (

ATMs on Staten Island rigged for identity theft; bandits steal $500G

May 17, 2009

A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers. They used the pilfered info to swipe half a million dollars from their victims' bank accounts - the latest twist in increasingly aggressive identity-theft scams, police said. (

France Passes Three Strikes Net Piracy Bill

May 16, 2009

On the second attempt, France's National Assembly has passed a net piracy bill that would see offenders disconnected from the Web. Last month the French National Assembly rejected a bill that would see illegal file sharers cut off from the Net after being caught three times. Yesterday, in a 296-233 vote, they passed it, making President Nicolas Sarkozy, a firm advocate of the legislation, a happy man. (

Craigslist Gets Rid of 'Erotic Services' Ads

May 15, 2009

Craigslist will pull its controversial "erotic services" section, called a front for prostitution by critics, following the arrest of a Boston medical student charged with murdering a masseuse he allegedly met on the classified ad site. (

Dublin student stages Wiki hoax

May 14, 2009

The Irish Times reports that a Wikipedia hoax by a 22-year-old Dublin student resulted in a fake quote being published in newspaper obituaries around the world. The quote was attributed to French composer Maurice Jarre, who died at the end of March. It was posted on the online encyclopedia shortly after his death and later appeared in obituaries published in the Guardian, the London Independent, on the BBC Music Magazine website and in Indian and Australian newspapers. Shane Fitzgerald, a final-year undergraduate student studying sociology and economics at UCD, said he placed the quote on Wikipedia as an experiment when doing research on globalisation. (

New Jersey Man Admits Scientology Web Hack

May 13, 2009

NEWARK, N.J. — A New Jersey man has pleaded guilty to conducting a cyberattack on Church of Scientology Web sites in January 2008. Prosecutors say 19-year-old Dmitriy Guzner of Verona entered his plea to computer-hacking charges on Monday in Newark. Assistant U.S. Attorney Wesley Hsu says Guzner attacked Scientology Web sites as part of Anonymous, an underground group that protests the Church of Scientology, accusing it of Internet censorship. (

A guide to social networking for clueless adults (

General: Cyberattack on U.S. Might Lead to Military Strike

May 12, 2009

The U.S. is ready to respond with physical military force to a cyberattack, a top general says. "The Law of Armed Conflict will apply to this domain," Air Force Gen. Kevin P. Chilton, head of U.S. Strategic Command, told reporters at a breakfast roundtable Thursday, according to Stars and Stripes. (

FAA: Hackers compromise employee data

May 10, 2009

The FAA said Monday hackers were able to access its computers last week, accessing personal information on some 45,000 employees and retirees but never reaching the systems responsible for air traffic control. "The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information," the agency said in a statement. (

FAA's Air-Traffic Networks Breached by Hackers (

FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Records

May 8, 2009

The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday. The state police in Virginia are also investigating the possible breach of confidential records. (

Government Secrets Found on Computer Sold on eBay (
Domestic Terror Lexicon (

Pressure on web ‘brothels’

May 7, 2009

Tough-talking attorneys general are pushing for policing and even the complete shutdown of online “brothels” hosted by Craigslist and the Boston Phoenix on thinly veiled sex-for-hire sites in the wake of the murder of an erotic masseuse in Boston. “We have the horrific evidence that bad people use these services. We have to do more together,” said Rhode Island Attorney General Patrick Lynch, president of the National Association of Attorneys General. The online sites contain graphic, descriptive ads for sexually oriented services. One from “Chelsea” on the Phoenix Web site offers “sensual body rubs” and fetish services at $225 an hour. On Craigslist Boston, “Bella” offers sessions with a “mind-blowing ending.” (

Phoenix publisher slams attacks on fetish ads (
Erectile dysfunction ads too hot for TV? (

Swedish Hacker Indicted in Cisco, NASA Attacks

May 6, 2009

WASHINGTON — A Swedish computer hacker was indicted Tuesday for breaking into the networks of tech-gear maker Cisco Systems Inc. and high-end computing equipment at the National Aeronautics and Space Administration. The attacks underscore the development of a vast underground economy that targets both the private sector and the government. Hacking under the nom de guerre "Stakkato," Philip Gabriel Pettersson was a teenager when he penetrated the systems five years ago. He is now 21 years old and faces charges in a five-count indictment of illegally damaging computer networks and theft of trade secrets. (

Study Shows Government Web Sites Lag Behind Private Sector

May 5, 2009

President Obama won high marks from friend and foe alike for his campaign's mastery of the Internet during the 2008 campaign, and now that he is in the White House he has pledged to use the Web to make the federal government more transparent to the general public. But the federal government's Web sites -- with the notable exception of the White House site -- are in large part outdated and difficult to navigate, leaving the administration looking ahead to a very bumpy ride along the information superhighway as it tries to bring the sites up to speed. (

Report: U.S. Cyberwar Strategy a Disastrous Mess

May 3, 2009

WASHINGTON — Shrouded in secrecy, the U.S. government's policies on how and when to wage cyberwarfare are ill-formed, lack adequate oversight and require a broad public debate, a new report by the National Research Council says. The report warns that the "undeveloped and uncertain nature" of the government's cyberwarfare policies could lead to them being used hastily and ill-advisedly during a crisis. That danger is compounded by secrecy and lack of oversight, the report's authors cautioned on Wednesday. (

College spammers face 10 years in prison in $4.1M operation

May 2, 2009

Two brothers from Missouri and two of their cohorts have been charged with conspiracy and violations of the CAN-SPAM Act thanks to their $4 million e-mail scheme targeting university and college students across the US. The scheme originated out of the University of Missouri, but the group took numerous measures to obscure the origins of their e-mails. (

'Twitterjacking' -- Identity Theft in 140 Characters or Less

May 1, 2009

Celebrities, athletes, politicians and media personalities alike have been flocking to the hugely popular social networking site in droves, with actor Ashton Kutcher leading the way and media magnate Oprah Winfrey recently joining the fray. (

Twitter Hacked Yet Again (

Panel Advises Clarifying U.S. Plans on Cyberwar

April 30, 2009

The United States has no clear military policy about how the nation might respond to a cyberattack on its communications, financial or power networks, a panel of scientists and policy advisers warned Wednesday, and the country needs to clarify both its offensive capabilities and how it would respond to such attacks. (

Report: U.S. Already Conducting Cyberwarfare (

Five Serious Cases of Cyberespionage

April 29, 2009

Five recent cases of cyberespionage upon crucial governmental, infrastructure or political systems. (

Florida teen finds rocks in Nintendo DS box (

KnujOn at RIPE Next Week

April 28, 2009

Dr. Robert Bruen of KnujOn will present during the Plenary Sessions Tuesday and Friday next week at RIPE 58 in Amsterdam, The Netherlands.

What is RIPE?

ccNSO Says “No” to geogrphical names

April 27, 2009

The Country Code Names Supporting Organization (ccNSO) doesn’t want geographical names operating as gTLDs and said as much to ICANN in their comments on version 2 of the draft application guide book. (

Ending Spam

April 26, 2009

I know how to win the war on spam. The first step is acknowledging that we can do it, and the second step is actually accepting that we want to do it. However, doing this would have a number of consequences that certain companies (the ones that could actually win the war on spam) are financially dis-interested in undertaking. Namely, it would kill the spam-fighting industry, and that would cause some harm to the anti-virus industry, as spam fighting has become an extra service they tease you about so you'll pay the extra money to get the premium version of their anti-virus utility. Another major hurdle is that spam detection techniques are often closely held secrets, and revealing any part of that process is often quite taboo. We can't get very far until these issues are resolved, and we need backing by some heavyweight players (like Google, who recently bought anti-spam company Postini). (

NYPD Computers Targeted by International Hackers

April 25, 2009

NEW YORK — International hackers scan New York Police Department computers at least 70,000 times a day hunting for an unauthorized entry into the system of the nation's largest police force, commissioner Raymond Kelly said Wednesday. But all attempts have failed because of a protective system quietly constructed in the past seven years, even though hackers illegally scan NYPD computers every day, using IP addresses predominantly from China and the Netherlands, Kelly said. (

Hackers 'got close to high-tech jet programme' (
New Military Command Planned to Improve U.S. Cybersecurity (
how to get malicious domainresellers out of the system (
Joe Stewart at RSA (

Ex-Sen. Bill Bradley Sits on Board of Major Spamming Firm

April 24, 2009

Spammers come in all shapes and sizes. One in particular wears very large sneakers. Bill Bradley -- Basketball Hall-of-Famer, Rhodes scholar, former U.S. senator from New Jersey and onetime presidential candidate -- may very well be helping to clog up your inbox with unwanted mail. Bradley sits on the board of QuinStreet, which is identified as a major spamming firm by anti-spam organizations such as and (

Malicious program targets Macs

April 23, 2009

Mac computers are known for their near-immunity to malicious computer programs that plague PCs. But that may be changing somewhat, according to computer security researchers. It seems that as sleek Mac computers become more popular, they're also more sought-after targets for the authors of harmful programs. (

KnujOn on RSA Panel Today at 9:10AM in Blue 102

April 22, 2009

This panel will deconstruct the online criminal enterprises causing the most damage to the Internet and generating the most criminal profits. Technical, business and inter-operational elements together with technical elements such as malware, bots, spam, spyware and data theft will be addressed. The emphasis will be criminals' use of new interdependent business models to generate enormous profits. (

Panelists: Dr. Robert Bruen - Knujon, Lawrence Baldwin - my|NetWatchman, Joe Stewart - SecureWorks. Moderated by: Patrick Peterson - IronPort/Cisco

Full Schedule

Secure software? Experts say it's no longer a pipedream (

Cops: BU med student the Craigslist killer

April 21, 2009

A clean-cut Boston University medical student preparing to wed a blond beauty was charged last night as the notorious Craigslist killer, cops said, announcing a bombshell break in a case that has attracted national attention. Philip H. Markoff, 22, was stopped on Interstate 95 in Walpole with a suitcase in the trunk of his car. Police - who credited forensic computer experts, tips from the public and “shoe-leather” detective work for cracking the case - had Markoff under surveillance “for days. (

Four found guilty in landmark Pirate Bay case

April 20, 2009

STOCKHOLM, Sweden (CNN) -- Four men behind a Swedish file-sharing Web site used by millions to exchange movies and music have been found guilty of collaborating to violate copyright law in a landmark court verdict in Stockholm. (

The missing sales numbers are coming back on

April 19, 2009

Two days after Amazon said a "glitch" had caused the sales rank to be dropped from thousands of books, the numbers returned Tuesday for Annie Proulx's "Brokeback Mountain," James Baldwin's "Giovanni's Room" and other notable titles. (

Hiroshima, 2.0

April 17, 2009

"It's as though we've entered something like the nuclear era without a Hiroshima," says Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit, nongovernmental organization that consults with government and industry about potential cyberattacks. "People aren't aware that everything has changed." (

Hackers grabbed more than 285M records in 2008 (
Study: Spammers scourge to inbox and environment (

Podcast Series: RSA Conference 2009, Patrick Peterson HT1-202: Deconstructing The Modern Online Criminal Ecosystem

April 16, 2009

Patrick Peterson HT1-202: Deconstructing The Modern Online Criminal Ecosystem This panel will deconstruct the online criminal enterprises causing the most damage to the Internet and generating the most criminal profits. Technical, business and inter-operational elements together with technical elements such as malware, bots, spam, spyware and data theft will be addressed. The emphasis will be criminals' use of new interdependent business models to generate enormous profits. Panelists: Larry Smith Chief Investigator, SpamHaus, Lawrence Baldwin Chief Forensics Officer, My Net Watchman, Robert Bruen, CEO Knujon. (

Parava Networks( Terminated

April 15, 2009

The end of a long drama that started last summer: Registrar Parava Netowrks(aka has been terminated by ICANN for failing to address non-compliance of the RAA. Parava first came to our attention while working with LegitScript on a report on Underground Steroid Websites. While conduction our investigation we discovered that Parava had falsified its address.

ICANN also found a litany of other violations and now must secure the smooth transition of the estimated 36,000 domain names currently managed by Parava Networks through the new De-Accredited Registrar Transition Procedure.


Publisher: Please give us back our illegal weapons

April 14, 2009

The offending item: a set of brass knuckles, mailed to video games journalists together with other goodies including a cigar, a silk handkerchief, and a book of matches. But while it nicely complements the game's mafiosi theme, it also had the unfortunate side-effect of turning recipients of the mailing into criminals, as mere possession of brass knuckles is illegal in many states and can carry hefty penalties. After blog GamePolitics expressed its consternation, the publisher began a flurry of hush-hush phone calls to arrange the return of the weapons. EA declined to comment beyond expressing a desire to assist journalists in proper disposal of the items. (

BlackBerry users experience e-mail outage ( Scientists warn of Twitter dangers (

Medical Disinformation at Google

April 13, 2009

WASHINGTON - When Dave deBronkart, a tech-savvy kidney cancer survivor, tried to transfer his medical records from Beth Israel Deaconess Medical Center to Google Health, a new free service that lets patients keep all their health records in one place and easily share them with new doctors, he was stunned at what he found. Google said his cancer had spread to either his brain or spine - a frightening diagnosis deBronkart had never gotten from his doctors - and listed an array of other conditions that he never had, as far as he knew, like chronic lung disease and aortic aneurysm. A warning announced his blood pressure medication required "immediate attention." "I wondered, 'What are they talking about?' " (

KnujOn at the MIT Spam Conference

April 11, 2009

You might not believe it after glancing at your e-mail inbox, but professional spam fighters say they're making progress in the war on digital junk mail. Billions of unwanted spam messages continue to flood the Internet; indeed, spam now accounts for about 90 percent of all e-mail traffic, according to e-mail security officials who attended a conference on spam held late last month at the Massachusetts Institute of Technology. But improved filtering technology means that the great majority of these messages never arrive at their destinations. And last year saw the shutdown of several major spam senders. "This is not an impossible problem to solve," said Garth Bruen, chief executive of Knujon, an e-mail security company in Wilmington, Vt., whose name is "no junk" spelled backward. But private citizens are finding ways to slam the spammers. Bruen pointed to last year's shutdown of McColo, a California company that was one of the world's leading senders of spam. Goaded by evidence compiled by Knujon and other antispam researchers, two major Internet providers stopped doing business with McColo, knocking the company offline. Overnight, worldwide spam output dropped about 75 percent, according to Ironport's spam-tracking survey. Bruen and his father, Robert, cofounder of Knujon, are trying to remove the profit from spam. Most spam messages contain Web addresses, so the recipient can go to a website to make a purchase. Web addresses are purchased from a company called a registrar. Spammers provide the registrars with false names and street addresses to make it harder for law enforcement agencies to track them down. Knujon is pressuring the Internet Corporation for Assigned Names and Numbers (ICANN), an Internet governance group, to force registrars to demand accurate information from purchasers of Web addresses. This would make it far easier to put spammers out of business. Already, said Bruen, pressure from ICANN has caused two domain registries, one in Germany and the other in China, to largely eliminate their sales of domains to spammers. "It's been slow, but we are getting progress," said Bruen (

Mystery Solved

April 10, 2009

In February we were analyzing our new Ten Worst Registrars List and noted that many had dropped from last year's list and we had a clear explanation for each change in the list, except for The Nameit Co/AITDOMAINS.COM. A careful read of ICANN's Contractual Compliance Semi-Annual Report shows Nameit/AIT is under investigation by ICANN. The following paragraph is from that Report.

Since July 2008, ICANN continued to follow-up with seven registrars to elicit responses to the audit. Four additional registrars responded to ICANN’s request to provide a reasonable level of assurance that they had taken steps to correct Whois data inaccuracies. (refer to Figure 4-1). Three registrars - Beijing Innovative Linkage Technology Ltd., dba (Beijing Innovative Linkage Technology), Advanced Internet Technologies, Inc. (AIT) and Parava Networks, Inc, dba (Parava) - were not in compliance. ICANN sent breach letters to Beijing Innovative Linkage Technology and Parava. Staff is continuing to investigate AIT and considering issuing a breach letter. Beijing Innovative Technologies recognized that by failing to take reasonable steps to correct Whois inaccuracies they breached the RAA. Subsequently, they agreed to participate in a compliance remediation plan. (

Nameit/AIT has been one KnujOn's most frequently cited Registrars for spam sites several years running.

Changes at Directi Alter Scope of Rogue Pharamcy World

April 9, 2009

Thanks to LegitScript, KnujOn and Directi the Internet is measurably safer. As many may recall, we had a dust up with Directi in September of 2008. However, the disclosures and confrontation lead to the situation we see now: Directi is shaking the illicit pharmacies out of their portfolio.

Arlington, Va. (PRWEB) April 9, 2009 -- Online pharmacy verification service LegitScript and Domain Name Registrar ResellerClub today announced some very promising results in their united effort against abusive domain name registrations. For several months, LegitScript and ResellerClub have been working together to identify and block domain names associated with rogue online pharmacies that were registered through ResellerClub. Their collaboration has resulted in thousands of rogue online pharmacies being shut down, largely over the past six months. LegitScript reports for the past couple of quarters revealed: Six months ago, over 13% of the rogue Internet pharmacies in LegitScript's database (about 8000 at that time) were registered through ResellerClub. After the two companies worked in close collaboration to remedy this, reports show a dramatic decline. Although LegitScript's rogue Internet pharmacy list has grown to over 35,000 domains, today, ResellerClub domains account for only 0.5% of these rogue Internet pharmacies. What's more, after this compliance exercise, of all the sites that were shut down, 75% remained offline - proving that the terminations had a meaningful effect. Meanwhile, nearly all of the 25% that did set shop again did so with other Registrars. (

Inspiring news on the Anti-Abuse front (
Doc charged with distributing oxycodone (

Taliban Sites Hosted in Texas at ThePlanet

April 8, 2009

On March 25, a Taliban Web site claiming to be the voice of the "Islamic Emirate of Afghanistan" boasted of a deadly new attack on coalition forces in that country. Four soldiers were killed in an ambush, the site claimed, and the "mujahideen took the weapons and ammunition as booty." The Texas company, a Web-hosting outfit called ThePlanet, says it simply rented cyberspace to the group and had no clue about its Taliban connections. For more than a year, the militant group used the site to rally its followers and keep a running tally of suicide bombings, rocket attacks and raids against U.S. and allied troops. The cost of the service: roughly $70 a month, payable by credit card. (

Cyberspies Penetrate U.S. Electrical Grid, Leave Software That Could Disrupt System (
U.S. Power Grid Hacked, Everyone Panic! (
Cell Phone Tracking Can Locate Terrorists - But Only Where It's Legal (
Alleged Iranian Nuke Smuggling Plot Involving New York City Banks Uncovered (
Pentagon Loses $100M in Six Months to Cyberattacks (
UK is ideal home for electronic Big Brother (

Mass. AG sues NJ companies for health care fraud

April 7, 2009

BOSTON - The Massachusetts attorney general is suing two New Jersey-based companies and three individuals, accusing them of marketing and selling fraudulent health insurance. Attorney General Martha Coakley filed a civil complaint Monday against the National Alliance of Associations, Professional Benefit Consultants and three men. Coakley says the defendants made hundreds of customers believe they were buying health insurance, but the products were actually association memberships that provided a limited discount plan on certain medical services. Telephone listings for companies have been disconnected. (

Attorney General Coakley Sues Company for Selling Fraudulent Health Insurance (

Scam Artists Trying to Exploit Obama's Mortgage Rescue Plan, Officials Say

April 6, 2009

Government officials say scammers are seeking to take advantage of borrowers in danger of default by charging them upfront fees of $1,000 to $3,000 for help with loan modifications that rarely, if ever, pay off. The frauds often involve companies with official-sounding names designed to make borrowers think they are using the Obama administration's efforts to help modify or refinance 7 million to 9 million mortgages. (

Identity theft recovery

April 5, 2009

Video: CNN's Gerri Willis and her panel discuss the problems associated with identity theft and rolling over 401(K)s. (

Gang of villagers chase away Google car

April 4, 2009

Fearing the appearance of their well appointed properties on the Web site would attract criminals scouting for burglary targets, villagers in Broughton, north of London, summoned the police after spotting the car. (

Report: FTC to Crack Down on Blog Endorsements

April 3, 2009

Not just any bloggers or social networkers, mind you. Rather, the Financial Times reports, the government consumer watchdog will be cracking down on people who post false statements endorsing certain products — and the makers of those products as well. (

Security Needs Support Continued MAAWG Growth

April 1, 2009

The organization's 15th meeting in San Francisco was one of its largest with 350 online security professionals from 10 countries and 130 companies collaborating against botnets, spam and all forms of abusive messaging. The 30 sessions over four days included a keynote by Washington Post journalist Brian Krebs sharing how his investigative reporting led to identifying McColo-hosted botnets; talks by ICANN representatives and Knujon's Bob Bruen on fighting domain abuse; and a session with FBI executives on finding and prosecuting botnet masters. User advocate Jayne Hitchcock of spoke on educating customers. (

Tracking GhostNet

Cornficker for Breakfast Tomorrow

March 31, 2009

The Armageddon-threatening virus(worm), also known as Downup, Downadup and Kido, was a major topic of conversation at the MIT Spam Conference as the doomsday date of April 1st is looming. This threat has been around since at least October 2008 and has gone through a number of changes. The authors of this worm have been credited with some of the most sophisticated and robust coding for malicious software so far. However, there is considerable debate as to what this malware can and will do tomorrow. Some say it is more hype than harm. Some call it an Internet WMD.

Let’s start with the basics. The malware affects MS Windows systems only through a Windows Server Service vulnerability that forces a buffer overflow, grabs a DLL from the Internet via HTTP that runs another through svchost.exe (this is a generic service process frequently attacked by viruses). This process will try an copy itself to networked machines and even to removable devices like USB drives. The portion of the worm code that spreads itself over the Internet is itself encrypted, which has slowed understanding of the malware. The malware will also block attempts to be removed by antivirus packages and may block system restore or rollback. More instructions will be sought from a list of domains, including (see: Rogue Antivirus Distribution Network Dismantled). Suspiciously, the worm avoids infecting machines in the Ukraine.

Microsoft has issued a patch but millions of users have not applied it yet. Microsoft has also offered a bounty to capture the worm’s authors. A Working Group has been created that includes: Afilias, AOL, Arbor Networks, Microsoft, ICANN, Neustar, Verisign, CNNIC, Public Internet Registry, Global Domains International, Inc., M1D Global, Symantec, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Support Intelligence, and others.

MS Patch:

Flaw in Conficker Worm May Aid Cleanup Effort [comments] (
Malicious code has prompted France to ground fighter jets [comments] (
Conflicker virus expected to hit bank accounts from April 1 [comments] (
'Dangerous' computer worm no cause for alarm, experts say [comments] (

GhostNet [comments](

China analysts dismiss cyber-espionage claims

March 30, 2009

Analysts in China are dismissing claims that nearly 1,300 computers in more than 100 countries have been attacked, and have become part of a cyber-espionage network apparently based in China. The network was discovered after computers at the Dalai Lama's office were hacked, researchers say. "This is purely another political issue that the West is trying to exaggerate," Song Xiaojun, a Beijing-based strategy and military analyst, told China Daily, a state-run newspaper. Zhu Feng, a professor with the school of international studies at Peking University, added: "Cyber security has been a global issue, but this time those who see China as an emerging threat again have picked the subject as a new weapon." Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, cyber-security experts alleged in two reports Sunday. (

Russian Business Network Flees HostFresh

March 29, 2009

After receiving information that the RBN malware bastion, HostFresh (aut-num: AS23898 as-name: HOSTFRESH-AS-AP), was in the process of being depeered. During the takedowns of Atrivo, McColo and UkrTelegroup, we observed domains being migrated to other IP ranges, as the owners sought to keep their criminal enterprises alive. (

Cambridge University Debunks Chain Email

March 28, 2009

The e-mail was originally sent around without mentioning Cambridge; it got added after the Times of London interviewed a Cambridge neuropsychologist for comment. Matt Davis, a senior research scientist at Cambridge University's Cognition and Brain Sciences Unit, spent some time tracking down the origin of this letter-transposition story. He found that it comes from a letter written in 1999 by Graham Rawlinson, a specialist in child development and educational psychology, to New Scientist magazine in response to an article written about the effects of reversing short chucks of speech. (

Australian Internet `blacklist' prompts concern

March 27, 2009

A whistle-blower organization claims a secret list of Web sites that Australian authorities are proposing to ban includes such innocuous destinations as a dentist's office. Australia's government denied that the list _ published by renegade Web site _ was the same as a blacklist run by the Australian Communications and Media Authority, or ACMA. However, a manager at the dentist's office said the ACMA had confirmed her site's inclusion on the ban list. (

FBI's Most Wanted Lists Get High-Tech Makeover

March 26, 2009

The agency has begun to use some very cool high-tech tools to capture fugitives — and to find missing persons, too. (

Bloody Massacres and Suicide -- They're Just a Click Away

March 25, 2009

A crazed mob beats an accused rapist with baseball bats before setting him on fire. Soldiers open fire on a crowd in Cote d'Ivoire, and a bystander films the bloodied corpses in close-up. These are images mainstream media organizations deem too graphic to broadcast or print. (

Today's White Collar Crime - Get 20% Off and Free Shipping

March 24, 2009

Written as a text for undergraduate courses, this book appeals to instructors interested in teaching the field of white-collar crime, both from a matter-of-fact investigative perspective as well as a decidedly academic endeavor. Accordingly, it goes beyond discussing the basic theories and typologies of commonly-encountered offenses such as fraud, forgery, embezzlement, and currency counterfeiting, to include the legalistic aspects of white-collar crime. It also explores the investigative tools and analytical techniques needed if students wish to pursue careers in this field. Because of the inextricable links between abuse-of-trust crimes such as misuse of government office, nepotism, and bribery and the realm of corporate corruption, these issues are also included. The text also maintains a connection between white-collar crime and acts of international terrorism; as well as the more controversial aspects of possible abuses of power within the public arena posed by the USA Patriot Act of 2001 and the asset forfeiture process. Adapted readings at the end of each chapter provide readable cases of white collar crime - in action - to illustrate the principles / theories presented. Activities, Exercises, and Photographs are also included in each of the 10 chapters and a Companion Web Site provides additional test items and other instructor support material. (

This book is useful for course study, training, reference or as an introduction to the subject. Use this form and get 20% off and Free Shipping
Qualified adopters may request an examination copy here

No joke in April Fool's Day computer worm [Comment] (

Parava Networks' Time Is Up

March 23, 2009

It has now been 15 business days since Parava Networks was issued a Breach Notice by ICANN. As of this morning Parava was still using a fake address for its own operational domains.

KnujOn, will of course, be following this story closely in anticipation of some announcement from ICANN relating to this.

Is Your Domain Name Ownership Information Safe? [Comment] (

Russian Business Network and Iran

March 22, 2009

A Russian organized crime group involved in pornography, drug smuggling, and the distribution of malware has initiated operations from the IP address space of the Islamic Republic of Iran. It is unknown if this activity was launched with state approval. The Russian Business Network affiliate involved has established a front company, autonomous system AS48669 NTCOLO-AS NTCOLO, and has been allocated 510 unique IP addresses. AS48669 consists of 105 malware domains, 19 domain name servers, 8 mail servers and 3 fraudulent payment processors. The affiliate's contact email address is The domain to IP address assignments are modified several times per week, as the RBN seeks to evade IP blocking by network administrators. (

News Roundup

March 21, 2009

Pentagon Official Warns of Risk of Cyber Attacks
The head of the Pentagon's Strategic Command warned Congress today that the United States is vulnerable to cyberattacks "across the spectrum" and that more needs to be done to defend against the potential of online strikes, which could "potentially threaten not only our military networks, but also our critical national networks." But Air Force Gen. Kevin Chilton made clear to a House Armed Services subcommittee that he has not been asked to defend most government Web sites nor the commercial and public infrastructure networks whose destruction could cripple the nation. Chilton's command, instead, has the responsibility "to operate and defend the military networks only and be prepared to attack in cyberspace when directed," he said, adding, "I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them." The responsibility of protecting civilian networks currently rests with the Department of Homeland Security, but Chilton's testimony comes at a time when a presidential-chartered 60-day study of cybersecurity is underway. A report from that study is expected next month. (

An Upland man who worked at a company that operated off-shore oil platforms was indicted today on federal charges of damaging the company's computer systems after it declined to offer him permanent employment. Mario Azar, 28, was named in a one-count indictment returned this afternoon by a federal grand jury in Los Angeles. The indictment charges Azar with unauthorized impairment of a protected computer, a charge that carries a maximum statutory penalty of 10 years in federal prison. Azar was an information technology consultant under contract with the Long Beach-based Pacific Energy Resources, Ltd. (PER) until May 2008, when he left the company. Azar helped set up a computer system that PER used to communicate between its offices and its oil platforms. The computer system also served a "leak detection" function for PER. During May and June of 2008, Azar illegally accessed the PER computer system and "caused damage by impairing the integrity and availability of data," according to the indictment, which alleges that Azar caused thousands of dollars in damage. While PER temporarily lost use of its computer systems as result of Azar's conduct, the outage did not lead to any oil leaks or environmental harm... (

6 from Hudson indicted in $6M credit card fraud, identity theft swindle
Six Hudson County residents, including three who are at large, have been indicted on charges they ran a credit card fraud/identity theft ring that swindled financial institutions out of at least $6 million. Six Hudson County residents have been indicted on charges they operated a credit card fraud and identity theft ring that swindled financial institutions out of more than $6 million, officials told The Jersey Journal today.¿½ A two-year investigation led to early morning raids on Sept. 5 ed and charges against Mohammad Sheikh, 47, of North Bergen; Afzal Sheikh, 54, and his wife, Rubina Sheikh, 44, of Secaucus, and Quaisar Mahmood, 47, Rafiq Malik, 56, and Rauf Farooqi, 54, of Jersey City. In the indictment handed up yesterday, they are charged with identity theft, theft by deception, money laundering and conspiracy, Davis Elson said "Mahmood, Malik and Farooqi remain at large and prosecutors think Mahmood and Farooqi may have left the country, Davis Elson said. Leaders of the group opened fraudulent credit card accounts at various banks and credit card companies and used them to make nonexistent transactions at "shell" companies created by the suspects, officials said. The companies had no actual sales locations or inventory, officials said" (

As Jurors Turn to Web, Mistrials Are Popping Up
Last week, a juror in a big federal drug trial in Florida admitted to the judge that he had been doing research on the case on the Internet, directly violating the judge's instructions and centuries of legal rules. But when the judge questioned the rest of the jury, he got an even bigger shock. Eight other jurors had been doing the same thing. The federal judge, William J. Zloch, had no choice but to declare a mistrial, a waste of eight weeks of work by federal prosecutors and defense lawyers. "We were stunned," said a defense lawyer, Peter Raben, who was told by the jury that he had been on the verge of winning the case. "It's the first time modern technology struck us in that fashion, and it hit us right over the head." It might be called a Google mistrial. The use of BlackBerrys andd iPhones by jurors gathering and sending out information about cases is wreaking havoc on trials around the country, upending deliberations and infuriating judges (

Two Texas men settle charges in spam scam case

March 19, 2009

The Securities and Exchange Commission yesterday said two men settled charges that they conducted a massive e-mail spam campaign to drive up the demand for penny stocks they owned. The enforcement action arose from a spam e-mail received by an SEC staff attorney in August 2005 that had the subject line: “Experts are jumping all over this stock,” according to the SEC. Several more e-mails to the SEC followed. The e-mails were sent by two Texas men, Darrel T. Uselton and his uncle Jack E. Uselton, who generated more than $4 million through the scheme, which involved buying and selling shares in 13 penny stock companies. (

All MIT Spam Conferences are free for all interested parties to attend events. The primary goal is to get dialogs going and ideas flowing. [comment] (

Report: Most Spam Sites Tied To Just 10 Registrars (

The Next Spam Scam: Health Insurance Fraud

March 18, 2009

They prey on weakness, fear, ignorance, gullibility, greed, and compassion. What is said of spammers can be said of most criminals. They find whatever is most human in their victims and exploit it. The national "health scare" debate has likely driven many to make choices out of fear, and this is what criminals know and hope for. Just as with the booming stock and mortgage markets of a few years ago, or increasing pharmacy prices today, these crafty crooks are lurking in the shadows waiting for the next crisis or opportunity. These fax-junk examples take advantage of the double-edged fear of medical finances and personal health issues with such pitch lines as: "Working with you to address the healthcare crisis!", "Most pre-existing conditions accepted!", "Accidental Injury Coverage Covered Up to $10,000".

Hearing: Too few people aware of cyberattacks

March 17, 2009

The nation's cybersecurity is in dire need of an update to plug the various vulnerabilities and dangers within the network, according to a U.S. House subcommittee that met this week. IT security professionals gathered in Washington DC this week to discuss the challenges of improving the state of the country's web and network security and the goals of President Obama's 60-day review of the federal cybersecurity initiatives that were ordered last month. The hearing, the first of three this month, was before the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, which is chaired by Representative Yvette Clarke. "We find ourselves in an extremely dangerous situation today too many vulnerabilities exist on too many critical networks, which are exposed to too many skilled attackers who can inflict too many damages to our systems," the New York Democrat said in her opening statements. "Unfortunately, to this day, too few people are even aware of these dangers, and fewer still are doing anything about it." Other security experts present at the meeting said the country wasn't ready for a large-scale online attack and that things needed to change, reports. (

Cyber War! on Frontline

March 16, 2009

In the aftermath of Sept. 11, 2001, as most U.S. intelligence shifted to finding Al Qaeda cells around the world, one group at the White House decided to investigate a new threat -- attacks from cyberspace. "In the past, you would count the number of bombers and the number of tanks your enemy had. In the case of cyber war, you really can't tell whether the enemy has good weapons until the enemy uses them," says Richard Clarke, former chairman of the White House Critical Infrastructure Protection Board. In "Cyber War!" Clarke and other insiders talk about a new set of warriors fighting on the new battlefield of cyberspace, and they evaluate just how vulnerable the Internet may be to both virtual and physical attack. "The thing that keeps me awake at night is [the thought of] a physical attack on a U.S. infrastructure combined with a cyber attack which disrupts the ability of first responders to access 911 systems," says Ron Dick, former head of the FBI's National Infrastructure Protection Center. (

Social Elements of Security Policy and Messaging

March 15, 2009

Let us begin with the premise that security policies exist to protect an entity's assets as it pursues the normal conduct of business. To ensure that those policies are effective, security professionals must first understand the social elements, including cultural and generational variances, that affect employee behavior and perceptions about security. With the implementation of a three-step process of discussion, creation and messaging, security policy can be successfully crafted—with consideration given to geographical, cultural and generational factors—while assuring resonance and understanding throughout the organization. A recent Cisco white paper, Data Leakage Worldwide: The Effectiveness of Security Policies, illustrates the apparent disparity between the perceptions of end users and IT professionals surrounding the existence, relevance, updating and communication of security policies. Just as businesses strive to understand their marketplace, they should also conduct internal market research to identify the key characteristics of their employee demographics. (

Anti-Spam Victories(

What's in a Domain Name? Marketers Weigh the Cost

March 14, 2009

YORK, Pa. ( -- Today there are 21 generic top-level domains, or those little words that come after the dot at the end of a web addresses, including .com, .net and .gov. But that's all about to change. A proposed expansion of domains means that by the end of the year there could be hundreds. Coca-Cola and Pepsi could request .soda or .softdrinks; Procter & Gamble and Unilever could sign up for .laundry or .soap; and McDonald's and Wendy's could get .burger or .fries. The potential for names and online branding would be limited only by the imagination of the creative marketing industry. But what if you had to pay for every one of the new domains that relates to your brand? The initial cost estimated by the Internet Corporation for Assigned Names and Numbers, the nonprofit agency that oversees the distribution and policy of domain names, is $185,000 for registration plus anywhere from $25,000 to $75,000 in annual fees. (

Thieves look to Internet(

KnujOn Feed Plug-in Requested for Spam Assassin

March 13, 2009

KnujOn Feed Plug-in Requested for Spam Assassin(

MIT Spam Conference Schedule Posted

March 12, 2009

Fellow Anti-Spammers, the Schedule for the 2009 MIT Spam Conference is now available. Full details and registration information can be found here

Thursday March 26, 2009
9:30 a.m. breakfast
10:00 a.m. chair opening: Kathy Liszka / Bill Yerazunis Welcome and Administrivia
10:15 a.m. keynote: Robert Bruen Keynote: ICANN Policy Enforcement
10:45 a.m. keynote: Garth Bruen Keynote: The Future of Anti-Spam: A Blueprint for New Internet Abuse Tools
11:15 a.m. paper: Adrian McElligott Email Permission Keys
11:45 a.m. lunch
1:00 p.m. keynote
1:30 p.m. paper: Claudiu Musat Spam Clustering Using Wave Oriented K Means
2:00 p.m. paper: Sebastian Holst "Account-free” Email Services to Combat Phishing, Brand Infringement, and Other Online Threats
2:30 p.m. break
2:45 p.m. paper: Nathan Friess A Kosher Source of Ham
3:15 p.m. paper: Didier Colin A Selective Learning Model For Spam Filtering
3:45 p.m. presentation: Rudi Vansnick Is Spam in Europe easier to handle ?
6:00 p.m. reception: Courtesy of ComCast

Friday March 27, 2009
9:00 a.m. breakfast
9:30 a.m. paper: Tim Martin Phishing for Answers: Exploring the Factors that Influence a Participant's Ability to Correctly Identify Email
10:00 a.m. paper: Reza Rajabiun IPv6 and Spam
10:30 a.m. break
10:45 a.m. workshop: Adrian McElligott How to integrate Email Permission Keys in to an existing Spam Filter in 5 easy steps
11:15 a.m. paper: Henry Stern The Rise and Fall of Reactor Mailer
11:45 a.m. lunch
1:00 p.m. presentation: Andra Miloiu Costina Do humans beat computers at pattern recognition?
1:30 p.m. paper: Cesar Fernandes An Economic Approach to Reduce Commercial Spam
2:00 p.m. break
2:15 p.m. paper: Alexandru Catalin Phishing 101
2:45 p.m. paper: Areej Al-Bataineh Detection and Prevention Methods of Botnet-generated Spam
3:15 p.m. wrap up: all participants

Full Details

FBI agents have made two arrests after raiding the D.C. office of the man tapped to be President Obama's chief information officer(

Google Dollars From Online Pharma

March 11, 2009

There's no question Google and other search engines (think Yahoo) make a lot of money advertising--even in a recession. But Google can't just let anyone advertise -- its rulebook, for example, explicitly bans advertisers that use "deceptive, illegal, unethical, false or misleading practices." Moreover, Google's Online Pharmacy Qualification Process lays out specific rules on which online drugstore sites are allowed to advertise. It says, for instance, that sellers of online prescription drugs in the U.S. and Canada must register with the PharmacyChecker Verification Program. But is PharmacyChecker a strong enough verification process? It may not be. Its list of banned "rouge" sites, for one, pales in comparison to the over 22,000 sites that fail to meet the stricter standards of online verifier Early this month, CNN exposed a PharmacyChecker-approved site that illegally sold controlled drugs from India without a prescription. Legitscript's analysis of the site,, found that CNN's order for the restricted antidepressant Xanax was made through PharmNet but was processed and paid through another site altogether. In fact, while PharmacyChekcer validated PharmNet, LegitScript rejected that site's application for approval. It's worrisome if Google's verification process relies solely on PharmacyChecker, which approves sites that other verification processors do not. Researchers at the National Center on Addiction and Substance Abuse (CASA) agree. In a July 2008 study, CASA found search engines' verification processes "far from perfect." Indeed after successfully finding prominent ads from rouge pharmacies in searches for controlled substances on Google and Yahoo, CASA wrote that their findings "suggest that these search engines are profiting from advertisements for illegal sales of controlled prescription drugs online." Until search engines impose more stringent requirements for online pharmacies, sites without the proper licenses and certifications will continue to generate sales. The online drug business is a fast-growing transnational enterprise, estimated by Mark Monitor to be worth $12 billion last year--there's a lot of potential ad dollars in there. (

The battle over cybersecurity(

Websites sell fake Aussie passports

March 10, 2009

WEBSITES are selling fake state-of-the-art Australian passports for as little as $1250, boasting they'll pass the most rigorous border checks. Australia's Department of Foreign Affairs and Trade (DFAT) says the sites are just another money-making scam but admit they are "the subject of ongoing discussions'' with Australian Federal Police. DFAT also warns that people who use such documents are guilty of a serious criminal offence. One of the sites boasts it is a unique producer of quality fake documents. "We offer only original high-quality fake passports, driver's licences, ID cards, stamps and other products for following countries: Australia, UK, USA,'' the site says. Sample pictures of a blank Australian passport show where buyers' personal details will be entered after supplying a digital photo, signature and other particulars. (

Online brand abuse 'on the rise'

March 9, 2009

Online abuse of the world's top brands is rising, according to a report. Cyber-squatting - in which someone registers a domain name with the aim of selling it on at a later date - remains the most common form of abuse. Cyber-squatting rose by 18% in 2008, to 1,722,133 reported incidents, according to brand specialist MarkMonitor. The study also found that 80% of sites identified in 2007 as "abusive" were still in existence today. The report suggests that brand owners need to take a more aggressive stance against people or companies abusing a trademark, brand or domain name. (

Cybercrime in the UK rose by more than 9% in 2007, according to a new report(

Garth Bruen's E-Crime Statement

March 8, 2009

"When reporting abuse and fraud, instead of being helped, consumers are often pushed into a maze with no map. Obfuscation by industry experts, experts at manipulating hosts, ISPs, registrars and the general architecture of the Internet, they confound investigators. There could be potentially a dozen or more companies involved in the promotion and execution of a single illicit transaction domain, and often, these companies are distributed through different countries. And this is done on purpose. Within this complex structure, there is significant misdirection and falsification deliberately put into place to frustrate investigators and consumers. The deep manipulation of registrars and resellers can only happen if the registrars and ICANN allow it. In these cases, we can use policy, not just technology, to fix this." (

ICANN RAA Amendments, a step towards security

March 7, 2009

At the ICANN meeting in Mexico City, the various GNSO constituencies worked diligently to arrive at a supportive motion that will advance the RAA amendment package and provide for additional follow-up efforts that will be pursued over the coming months. This motion was adopted unanimously and the amendment package has been advanced to the Board for final approval.

( There are a number of new or modified sections to the Registrar Accreditation Agreement that provide better protection for consumers and Internet users, including a new section based on a proposal submitted by KnujOn:

3.16 Registrar shall provide on its website its accurate contact details including valid email and mailing address.

As KnujOn users will recall, this was part of a big push by our members due to a fiasco of 70 Registrars in mystery locations. We believe this disclosure is crucial to security and consumer trust.

Other useful amendments:

  1. Enforcement tools
    1. Registrar Audits – Allowing ICANN to conduct site visits and audits of registrars upon at least 15 days notice.
    2. Sanctions & Suspension – Providing for escalated compliance enforcement tools such as monetary sanctions and suspension of registry access.
    3. Group Liability – Preventing "serial misconduct" by registrars when another affiliated (by common control) registrar's RAA is terminated.
    4. Registrar Fees – Revising registrar fee provision to be aligned with recent and current ICANN budgets; assessing interest on late fee payments.
    5. Registrations by Registrars – Creating liability by registrars to ICANN for any registrations created by a registrar for its use in providing Registrar Services.
    6. Arbitration Stay – Eliminating the existing automatic 30-day stay of termination registrars receive by initiating arbitration or litigation to challenge an RAA termination.
  2. Registrant protections
    1. Private Registration & Registrar Data Escrow Requirements – Registrars are required to either escrow underlying customer data in the case of private or proxy registrations, or alternatively, give prominent notification that such data will not be escrowed.
    2. Registrant Rights and Responsibilities – Requiring registrars to include on their websites a link to a "Registrant Rights and Responsibilities" document to be created in consultation with the ICANN community.
    3. Contractual Relationships with Resellers – Protecting registrants who are customers of resellers by obligating resellers to follow ICANN policies and requiring that they either escrow privacy/proxy customer data, or alternatively, give prominent notification that such data will not be escrowed.
  3. Promoting stable and competitive registrar marketplace
    1. Accreditation by Purchase – Requiring registrars to notify ICANN upon a change of ownership and to re-certify the registrar's compliance with the RAA.
    2. Operator Skills Training and Testing – Providing for mandatory training of registrar representatives to ensure better registrar understanding of ICANN policies and RAA requirements.
    3. Use of ICANN-Accredited Registrars – Maintaining ICANN's general policy of requiring registries to use ICANN-accredited registrars (in the absence of a reasonable and noted exception).
  4. Agreement modernization
    1. Notice Provision – Streamlining ICANN's obligation to provide notice to registrars of new consensus policies applicable to registrars.
    2. References to the Department of Commerce – Acknowledging ICANN's movement toward independence from the DOC by removing certain references within the RAA to a requirement of DOC approval.
    3. Registrar Data Retention Requirements – Clarifying data retention requirement for registrars to allow for more uniform practices.

Colonies of 'Cybots' May Defend Government Networks

March 6, 2009

The Cybot Age could soon be upon us. But be not afraid; this isn't Star Trek. We're not talking droves of evil cyborgs bent on galaxy domination. If all goes as planned, in just a few years colonies of software robots -- "cybots" -- linked into a "hive" mind could be defending the largest computer systems in America against network intruders. Researchers at the Oak Ridge National Laboratory say the program behind the cybots "T Ubiquitous Transient Autonomous Mission Entities (UNTAME)" T will be very different from current cybersecurity systems. Joe Trien, who leads the team at the lab's Computational Sciences and Engineering Division, said what will make cybots so useful is that they will be able to form groups, function autonomously and respond almost immediately. (

Bad, bad, cybercrime-friendly ISPs!

March 5, 2009

Interestingly, what we’re witnessing for the time being is a mixed abuse of, both, legitimate infrastructure and purely malicious one. For instance, the bad actors that FireEye is profiling, will receive traffic coming from abused legitimate infrastructure such as the Digg, Google Video and YouTube’s latest malware campaigns. Moreover, we cannot talk about cybercrime-friendly ISPs without mentioning the domain registrars of choice for the majority of cybercriminals, which KnujOn keeps profiling. Their February, 2009 Registrar Report states that 10 registrats are responsible for 83% of the fraudulent sites that they’ve analyzed, with the Chinese registrar XIN NET topping the chart for a second time. (

e-Crime and Abuse of the DNS Forum: A Global Perspective

March 4, 2009

Tuesday, 4 March, 2009 14:00 - 17:30

WG5 Policy Proposal Statement: Internet users want all reasonable steps taken for a more secure internet.

This is from the Working Group operating nextdoor to KnujOn's (Working Group 5: DNS Security Issues within ICANN's Mandate) . It addresses many of the same issues from a different perspective. This group more or less came to the same conclusions as Garth Bruen and Rudi Vansnick independently. There is broad security industry support for these concerns. Serious problems exist within DNS, the registry system and within the Registrar community. Anyone failing to acknowledge this does not understand the problem, anyone denying this is part of the problem.

Summary of recommendations

We strongly encourage ICANN to promote the prompt implementation of the recommendations from the 2005 Hijacking report:

Fighting exploitation of the DNS
APWG Best Practices (
El objetivo del portal es brindar información y consejos a la comunidad sobre las medidas tendientes para evitar los casos de robo de datos personales, fraudes bancarios y los delitos informáticos. (
wg5 proposal.doc
WG5 Background

From yesterday's Registries, Registrars and the Abuse of Domains session:
Slides for Registries Registrars Abuse Domains (.ppt)
Audio Recording of session (.mp3)

“Important” Registrar Parava Gets Breach Notice (

Registries, Registrars and the Abuse of Domains

March 3, 2009

Tuesday, 3 March, 2009 16:45 - 18:15

Slides for Registries Registrars Abuse Domains (.ppt)
Audio Recording of session (.mp3)

Rolling commentary from General Assembly of the North-American Regional At-Large Organization
In a discussion with ICANN's new Compliance chief David Giza we have again raised the issue of verifiable contact information for Registrars. (see: news2008.html#11022008)

Also concerning Section 3.7.8 of the RAA we have requested a change in the language of one word "or" for "and".

"Registrar shall abide by any specifications or policies established according to Section 4 requiring reasonable and commercially practicable (a) verification, at the time of registration, of contact information associated with a Registered Name sponsored by Registrar OR (b) periodic re-verification of such information. Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."

The word "or" should be changed to "and". This is an ambiguous situation that could be easily remedied by requiring both activities. Verification at registration and regular checking should go hand in hand. Checking at the origin point can prevent the need for checking later and would improve security and general stability of the registry system. Also, how is one to determine which action a Registrar opted to use? How is this verified? It is better to know that both verifications are occurring, it will save the Registrars many headaches in dealing with abusive registrants BEFORE they get in as opposed to after. Comments have been made that this process will increase the cost of domain registration. Wrong. Simple form verification is commonplace in Internet commerce, the scripting is easy. This is the first line of defense against forgery. Second level verification: Registrars must email registrants a transaction receipt when a domain name is purchased. Sending this notification to the posted Whois contact email will provide instant verification of accuracy. Other items should at least match the payment information which the Registrars are assured of verifying.

Parava Networks Receives Breach Notice

March 2, 2009 - Rolling

Parava Networks, AKA received a breach notice from ICANN Friday for among other issues, failure to correct Whois inaccuracies including the records for the Registrar's own sites. This was reported by KnujOn in July, 2007. This came to our attention while investigating Registrars sponsoring unlicensed steroid domains. Official requests sent to Parava's office were returned as undeliverable. However, Parava to this day still uses this obviously bogus address for their whois record.

ICANN CEO Paul Twomey Resigns

March 2, 2009 - Rolling

Mexico City, Mexico — 2 March 2009 — Founders and leaders of the Internet today praised the achievements of Dr Paul Twomey, the President and Chief Executive Officer of ICANN, after learning that Twomey had advised ICANN's Board of Directors that he will not seek renewal of his contract and will move on from ICANN at the end of 2009. (

Connecting to an Unsecured Network?

March 2, 2009

KnujOn At ICANN, Working Group 4: Transparency and Accountability of ICANN

March 1, 2009

Working Group 4 will prepare a statement of the At-Large community on the subject of transparency and accountability in ICANN. This subject is regularly discussed in the community - especially at present, as community members reflect on the level of transparency and accountability that ICANN should have as a part of the “Improving Institutional Confidence” process, which is being handled by Working Group 2 of the Summit. Over the years, the At-Large community has provided significant input regarding the development of transparency and accountability of ICANN within statements on related topics. Details of this communication are available at: (Note that some statements are available in English only at the present time).

ICANN - Mexico City

February 28, 2009

After being stranded in Atlanta for one night, KnujOn's Garth Bruen is finnaly in Mexico City at the ICANN meeting. He will be presenting at several e-crime sessions and participating in serious policy discussions.
Let Your Voice Be Heard!

Spam and obscene profits

February 27, 2009

Obscene profits occur when registrars knowingly permit spammers to buy huge blocks of web addresses to further their questionable activities. In an age where analytic applications are becoming pervasive, why wouldn’t a registrar develop analytic measures to detect and halt improper behavior? It’s got to be money related. They’re addicted to the easy, straight to the bottom line money that this activity generates for them. Let’s call this obscene profit.
Knujon is an interesting organization. It is a small, volunteer group that wants ICANN, registrars and others to follow the rules that supposedly govern the Internet. Please read their reports, send them your spam and help them pressure the registrars to make the Internet a safer place for us all.

MIT Spam Conference - Call for Papers

February 23, 2009

The Expanded MIT Spam Conference 2009 invites the submission of original, unpublished papers on all aspects of spam and other types of electronic communications brand malware. Topics of interest include:

The common thread remains the same - dealing with undesired and unsolicited electronic communications; that's the central theme of this conference and proposals should relate to that. We welcome submissions from anyone doing work in the spam, anti-spam, or other related cyber crimes is welcome to submit their results, including, but not limited to: academic, corporate, or private researchers; everyone competes on an equal footing. Even spammers are welcome to share their point of view!

* Submission deadline: March 9, 2009
* Rolling Notification of acceptance: Two weeks after submission.
* Conference: March 26 - 27, 2009

Report: Most Spam Sites Tied to Just 10 Registrars (

Discuss Registrar Report at Nabble

February 22, 2009

"Really the problem is with the apparently irresponsible domain registrars at the top of the Knujon list who seem perfectly happy to sell hundreds of thousands of domains to apparent criminals. The outright criminal ISPs and registrars (like Estdomains, Intercage, McColo, etc.) need to be kicked off the Internet, and the non-criminal ISPs and registrars need to do much more to stop abuse of their services and networks." ( - Phantom Cash Offers and Phantom Companies (Part 3)

February 21, 2009
  • 8771 Junk Domains Touting Phantom Cash Offers
  • 144 Fake Companies Registering Domains
  • 46,183 Spam emails to KnujOn members
Domain registered by Web Angeles, a non-existent
company not found at the Pennsylvania address used to purchase
the domain from
This fictitious company, Exim Merchant, gives their address
as "RAINBOW 6, LAS VEGAS". Rainbow Six is a Tom Clancy Novel and
Rainbow Six Las Vegas is a video game based on the novel.
Oriicon, another fake company using a MailBoxes Etc. address
to get their domains sponsored by
Fake company Corinthian Designs also uses a
MailBoxes Etc. address to purchase domains from
Tomorrow we'll look at more fake companies with domains and estimate how much money received for sponsoring them.

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at CircleID (
Discuss KnujOn Registrar Report at ( - Phantom Cash Offers and Phantom Companies (Part 2)

February 20, 2009

When first contacted by Brian Krebs stated: we take the issue of domains used in spamming campaigns -- or any other inappropriate activities -- very seriously. We have a process that lets the public alert us to any inappropriate or illegal uses of the domains under our management by emailing Once notice of a potential abuse is received, either through our abuse process or any governing agency, we take prompt action to investigate the report. If any inappropriate use of the domain is found we take the domain offline immediately.

However, KnujOn notified on February 3rd of a massive fraud network operating within their space but so far they have neither responded to us or taken any action. Additionally, we offered to help them clean the illicit sites out of their space for free. We understand that this is a daunting task and take into account as stated: "[] does not judge domain usage or proactively monitor/govern how our customers use their domains", however we specifically told them how the domains were being improperly used and still no response. Therefore we have no option but to detail the completely fictitious and fraudulent entities has sold domains, each of which has been advertised in spam.

Fake companies with domains sponsored by
Topography Network Pvt Ltd.
Alegedly located in New York, there is no registered business under this name anywhere in the state of New York. The phone number used to register this domain with is a dead Verizon cell phone number. The Topography Network domains are all phantom cash offers advertised with spam:

Click Webster
This company does not exist in California and infact applied for the domains with using the address of a computer repair shop completely unaffiliated with "Click Webster". More spammed phantom cash offers:

Mindspace Consulting
The contact information used to create these domains at is actually a UPS office in New York. We spoke to the manager of this UPS office and he did not know that this so-called Mindspace Consulting was misusing UPS' office for forged registrations. Yes, more phantom cash offers:

Prism Tech Store Pvt Ltd.
Laughably, Prism Tech gives its address as being in Lexington, Kansas which is a vast region of open, unoccupied space. A patchwork of farms and dusty roads, no tech companies. The phone number is dead. But this lack of existence does not stop Prism Tech from registering domains at and making phantom cash offers:

More imaginary customers tomorrow.

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at CircleID (
Discuss KnujOn Registrar Report at (

Flaws In the Registrar Accreditation Agreement (RAA)

February 19, 2009

Questions have been arising lately as to the real protective power of the Registrar Accreditation Agreement (RAA) which is a commitment that governs the relationship between ICANN and its accredited registrars. Following in the footsteps of, has been investigating the serious flaws within the framework of the RAA and invites our readers to push ICANN to further amend the Registrar Accreditation Agreement and take a tougher stance against the accreditation of spam and malware hosts. (

Spam's supply and demand

February 18, 2009

The spam industry has taken some hits during the past year. In May 2008, the anti-spam organization KnujOn issued a report that identified 20 registrars — companies that issue domain names — as responsible for 90 percent of the domains associated with high levels of spam or other abusive activities. Only two of the top 10 offenders from the original list made it onto the most recent list, released by KnujOn this month. The others went out of business or cleaned up their acts. Unfortunately, the new list shows that a new group of registrars has taken their place at an even greater level of concentration, with 10 registrars responsible for 83 percent of spam domains. And the amount of spam is not decreasing. Spam volumes took a sharp dive in November with the shutdown of McColo, a hosting company based in San Jose, Calif., that was identified as the source of a lot of unwanted e-mail messages. However, according to Symantec’s State of Spam report for February, spam quickly rebounded from a low of about 50 percent of all messages scanned at the mail gateway immediately after the shutdown to about 80 percent. (

Alleged Software Counterfeiters Indicted

February 17, 2009

Two U.S men have been indicted on several software counterfeiting related charges for allegedly selling pirated software on eBay and through Web sites. The indictment, announced this week, was returned by a federal grand jury for U.S. District Court for the District of Arizona in November. Christopher Loring Walters, 28, of Newport Beach, California, and Matthew Thomas Purse, 32, of Gilbert, Arizona, were charged with conspiracy, mail and wire fraud, criminal copyright infringement, and trafficking in counterfeit labels, packaging or containers, according to the U.S. Attorney's Office in Phoenix. (

Data loss costing companies $6.6 million per breach

February 16, 2009

The total average cost of a data breach last year reached $202 per record, a 2.5% increase since 2007, a study published Monday revealed. The study was conducted by the Ponemon Institute, a privacy and data-protection research group, and PGP, a data-encryption vendor. It was based on the costs incurred by 43 organizations following actual data breaches. According to the report, the total average cost per company surveyed was more than $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. The highest reported total cost among the 43 respondent organizations was $32 million. Of the average $202 per record cost, $139 was attributable to lost businesses as a result of the breach. As a percentage of the total cost per record, that represents 69%, which is up from 67% in 2007 and 54% in 2006. Customers, it seems, lose faith in organizations that can't keep data safe and take their business elsewhere. "This finding reinforces the message delivered by leading enterprise IT managers and industry analysts that organizations must focus on proactively protecting their data instead of relying exclusively on written policies, procedures, and training," the report says. (

Mystery Calls From 231-732-2059

February 15, 2009

Auto warranty scams continue, this time from Morley, Michigan. Everytime KnujOn gets one of these calls we try to keep them on the line as long as possible to get information out of them but they inevitably hang up the more we push.

Auto warranty firms launch sleazy scam (
Car warranty scam keeps phones ringing (
Better Business Bureau Warns Consumers of Auto Warranty Scam (

Valentine Spam Part of a Junk-mail Resurgence

February 14, 2009

Valentine's day spam and scams are showing up in inboxes in anticipation of the upcoming holiday. The messages, with timely sales pitches like "Increase your length, the best valentine's gift," join a flood of other crap mail that has spam levels back up to where they were prior to the McColo shutdown success in November.
Krebs covers work done by a group called Knujon that shows how most of the Web sites advertised by all this junk mail are registered with only a small handful of domain name registrars (out of 900 or so total, Krebs writes). His post doesn't explicitly come out and say so, but I'd say identifying outfits central to helping spammers is the first step towards cleaning up - or shutting down - those outfits and perhaps scoring another victory against Internet crime. I'll be keeping my fingers crossed.

KnujOn at MAAWG

February 13, 2009

KnujOn's Dr. Robert Bruen is presenting at the 15th General Meeting of the Messaging Anti-Abuse Working Group (MAAWG) with keynote speaker Brian Krebs. About MAAWG:
The Messaging Anti-Abuse Working Group is a global organization focusing on preserving electronic messaging from online exploits and abuse with the goal of enhancing user trust and confidence, while ensuring the deliverability of legitimate messages. With a broad base of Internet Service Providers (ISPs) and network operators representing almost one billion mailboxes, key technology providers and senders, MAAWG works to address messaging abuse by focusing on technology, industry collaboration and public policy initiatives. - Phantom Cash Offers

February 12, 2009

Due to new raw data concerning the specifics we are suspending the reporting on them until we can review the new information.

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at CircleID (
Discuss KnujOn Registrar Report at ( - Phantom Cash Offers

February 11, 2009

Note: was notified of the details in this report on February 3, 2009 and has not responded.

Reviewing the details that brought each Registrar to this list is a useful exercise. As we saw Xin Net holding thousands of illicit pharmacies and eNom sponsoring spammed domains for sale at inflated prices, we again see another type of spam site with ones that offer phantom cash, prizes or coupons in exchange for personal information. KnujOn has recorded 8,771 spammed domains with content similar to or redirecting to sites with the similar content below:


We will begin to untangle this issue tomorrow and discuss some of the companies behind this type of spammed domain.

With all the negativity to reflect upon in the world of IT security these days, there has been a pretty cool trend emerging over the last year or two as grassroots researchers have experienced greater success in calling out online miscreants in public and then seeing those organizations snap-to or go under. Witness the successful effort to take down notorious hosting provider McColo last November as proof - it does seem like the people can and will be heard on matters of security when they can find the right constituencies to speak to, and when they have the right things to say. KnujOn, a research effort aimed at stemming the tide of spam and e-mail-borne malware attacks, is one of the parties who have had some success to that end, specifically in shining a light on some of the Internet's least ethical registrars. (

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at Slashdot (
Discuss Domain Inflation at SpamCop (
Re-Ranking KnujOn’s Spam Domain Registrar List (
Report: Most Spam Sites Tied to Just 10 Registrars (
10 Registrars Responsible for 83% of Spam Websites (

NetworkSolutions - Stepping Up

February 10, 2009

Many were surprised by NetworkSolutions appearance on our abused Registrar list, and we were too. They are facing many of the same issues as other Registrars in terms of online crime, fraud, and abuse. But, there is one big difference, they're doing something about it. Unlike the previously discussed Xin Net and eNom, Network Solutions contacted us immediately and responded to items we sent them quickly, including fixing one customer domain that had been hijacked to distribute viruses. Yesterday, Network Solutions' Shashi Bellamkonda blogged about this report:

We laud and appreciates the efforts of Knujon and other organizations like APWG in their anti-spam/abuse efforts. Network Solutions is passionate in this war against spam and has a common goal to combat abuse on the Internet.

Not just making empty statements we can confirm that action was taken:

From the details that Knujon provided us yesterday we notified registrants of the domain names and most have taken action immediately.

If Xin Net and eNom responded like this, instead of just claiming to, the Internet would be a significant degree safer.

Full KnujOn Registrar Report
Hundreds of Houston computers infected by virus (
Link-spamming spreads to NHS, police (

eNom - Pill Sites and Suspicious Domain Advertising (Part 2)

February 9, 2009

continued from Friday...

We have shown that eNom had the largest number of spammed domains in the last six months (32,610). This is 0.4% of their portfolio, but to put that into perspective the average Registrar has 0.001% of their domains spammed. Anything over 0.05% is bad.

These are the overall numbers. Yesterday we looked specifically at illicit pharmacies sponsored by eNom. Anyone who wants to test the validity of eNom's statement that: "customers suspected of using its products and services for sending spam are investigated" just needs to ask if,, and are being investigated. But, you don't have to take our word for it! Within notorious drug trafficking forums, pill-pushers have advised fellow illicit substance providers to move their domains to " Because he is a reseller of ENOM." What could eNom do to change this perception that they are friendly to illicit pharmacy? In September, 2008 Directi took a pledge to help end the illicit pharmacy menace, and we are now calling on eNom to take that same pledge. Like we have stated, we are interested in correcting these issues and helping the Registrar

But, let's talk more specifically about spam, and even more specifically about which of eNom's customers benefit the most from spam traffic. KnujOn has collected thousands upon thousands of spams like the one below:

The source code of these emails are jammed full of nonsense URLs. The domains featured change with each iteration and seem unrelated until you discover the common thread: they are all for sale. The email featured above has the following domain names linked or embedded in the email: is one of the more interesting examples because its owner has over 10,000 spammed domains in our database, and every single one of the eNom-sponsored domains redirects to this site:

The plot thickens as we find that AskMySite is a reseller of Godaddy, which feeds right into Ben Butler's belief that "the majority of abuse appears to be coming from customers who abuse the company's reseller model."

"In one case you may have a reseller who sells domains using our service as company 'abc,' which can then set up reseller accounts for anyone who buys a reseller account through them," Butler said. "Company 'def' is underneath that reseller, 'ghi' is under them, and so on, so that if you're using different names under each of those, due to the nature of the reseller agreement, we may have no idea initially if we're dealing with the same reseller. There's no immediate feeback that tells us all of these resellers are the same individuals." eNom, Butler said, is "almost certainly dealing with the same problem for much the same reason. Their whole model is designed for resellers." (

What do domain resellers have to do with your spam? Domain resellers are speculators in the domain name market. Domains have become a currency unto themselves, like stocks, the value of a domain name goes up and down. Some companies buy and hold thousands of domain names and trade them when the price goes up. Sometimes the Registrars and resellers have auctions for domain names. Spam fits into the picture when it comes to valuing a domain name. Domains that have value often do because there is great interest or perceived interest. Interest can be artificially increased through click fraud and spam which can change the number of times a particular domain was visited. In the case of a domain no one has ever hear of, like, as site that has no content making in relatively invisible to search engines, the only real way to get visitors to the site in order to inflate the value is through spam. In fact, the next domain featured in the spam sample above is which is being offered for $4,825.00.

The same is the case for the other domains featured in this spam sample. The bottom line is that someone in this vast chain is making money by spamming millions of Internet users. If this is a case, as many claim, of resellers manipulating the market through abuse then the Registrars are the only ones in a position to fix the problem since they sponsor and profit off of the resellers. If the Registrar world is secretive and unknown, the resellers are even more so. There is no question that regulation of the secondary domain market is demanded by this wide-spread abuse.

Chez quels registrars sont les noms de domaine qui posent le plus de problèmes en terme de spam ou autres actions abusives type phishing ? Pour répondre au mieux à cette question, KnujOn compile chaque année une "liste noire", dont la version 2009 vient de sortir. En parlant de cette liste l'an dernier, j'avais déjà expliqué la méthodologie de KnujOn (on ne prononce pas le "K", le nom vient en fait de l'anglais "no junk" (pas de saletés) écrit à l'envers). Le "Top 10" de la liste 2009 montre que certains registrars pointés du doigt en 2008 en su réagir. Mais ce n'est certainement pas le cas de Xin Net, ce registrar chinois étant pour la deuxième année consécutive en tête de ce triste classement. (

Full KnujOn Registrar Report
A Plan to Stop Fast Flux Networks Begins to Form (

eNom - Pill Sites and Suspicious Domain Advertising (Part 1)

February 6, 2009

This information is offered as a public service to help consumers and industry make informed decisions when conducting business on the Internet in addition to raising concerns about public health and safety.

Number 2 on our recent Top Ten Abused Registrars Report is eNom. Along with Xin Net, eNom is the only Registrar to remain on our list from the previous report. eNom has also appeared in our reporting several times in the last year, notibaly for having atleast 116 ICANN Accreditations. KnujOn has asked around as to why a company would need so many different accreditations and the common answer is market manipulation. The sale of domain names is an industry unto itself beyond sponsoring domain names for actual commercial use. Auctions of domain names have often lead to sales of thousands and even millions of dollars for a single domain name. The domain "after-market" is an area that allows Registrars to bid on previously owned expired domain names. Companies with more than one accreditation have more opportunities to bid on these domain names than a company with only one accreditation. It's a practice that many Registrars call unfair. But more on this later.

Our primary interest in eNom is its apparent sponsorship of illicit domains including unregulated Internet pharmacies. While eNom has claimed it investigates and takes action against problem sites they have not removed the following pharmacy domains we notified them about last week. eNom has also not responded to our inquires eventhough they have stated they want to review our research. In their statement to the Washington Post eNom said: "[We] also questioned the reliability of Knujon's data", but there is no need to question our data. All one has to do is check the sites listed below which are sponsored by eNom and have been sent to their abuse department yet continue to be active illicit online pharmacies.

One of the so-called "Canadian Pharmacies" (none of which are in Canada and actually get their illicit drugs from India or China, counterfeiters and market diverters), This is one of the more interesting cases because it involves the manipulation of the very fabric of the Internet in order to conceal location and ownership.

The other day we reported that some illicit pharmacy redirects (a redirect means one website is advertised in spam, but when loaded transfers the Internet browser to a second location) had no Whois records. Whois records are required of all domain names and not having a record violates ICANN policy.

In fact, the very IP address is also part of a secret network:

So, in short the domain that forwards Internet users to eNom-sponsored illicit pharmacy is more or less invisible. There are no publicly available records to locate the owner. With this method domains like can escape being blocked in spam filters and blacklists and the trail to the spammed site runs cold.

The tools ordinarily used to find details are blocked:

Tracing route to over a maximum of 30 hops
1     2 ms     4 ms     1 ms
2     *        *        *     Request timed out.
3    reports: Invalid source route specified.

Trace complete.
However, the site at this IP address still resolves:

An NSLOOKUP of the IP reveals:
Server:  www
*** www can't find Non-existent domain
However, we know the following domains are hosted there: (wild west, redirects to - not active - (eNom, redirects to - (Moniker/
And we know this range is owned by in San Diego, CA. is one of several sites we featured in our July, 2008 joint report with We requested that eNom terminate this and other site offering steroids and other illicit substances. eNom flatly refused to take any action indicating that the domains did not violate their policies and they did not control the customer's content.

Same as above. A site eNom was notified of in July but has not been terminated by eNom.

We have so much data on eNom that this article needs to be continued tomorrow...

Full KnujOn Registrar Report
The Top 10 Internet Registrars Hosting Spammers, Illicit Sites (
KnujOn Updates Top 10 Spam-Friendly Registrars List (
Top 10 Spam-friendly Registrars Named and Shamed (
Just 10 registrars responsible for 83% of all spam (

Xin Net - The Leader in Illicit Domain Traffic

February 5, 2009 - Special Coverage

Yesterday KnujOn released a report on the most heavily abused Registrars and Number 1 for the second time is Xin Net (AKA: Xin Net is continuous source of problems. KnujOn has recorded 34,283 illicit domains at Xin Net since June, 2008 dealing in unregulated prescription drugs, pirated software, and general counterfeit consumer goods. Last May we documented the vast array of rogue pharmacies sponsored by Xin Net. KnujOn also made an offical request to issue a Breach Notice to Xin Net, but this advice was not heeded.

The University of Milan has done an excellent study of "Fast Flux" traffic that showed Xin Net domains to be the biggest recipient of this scheme.

Recently, the Waldec Trojan seems to be favoring Xin Net sponsored domains.

While Xin Net claims to want to fix these problems, we so no evidence of this. Xin Net professes to want to work with us but they have not responded to our requests. They have also stated that they delete illicit domains (however, we have documented suspended domains at Xin Net going right back up after a short period), but this is meaningless if they keep selling new domains to the same abusive customers. We sent Xin Net a list of 13 customers(registrants) that should be banned from purchasing new domain names. Xin Net knows who these clients are.

  Attributed Spam Messages
Customer #1 1,233
Customer #2 333
Customer #3 117,699
Customer #4 1,116
Customer #5 1,288
Customer #6 32,570
Customer #7 174,749
Customer #8 6,094
Customer #9 6,106
Customer #10 190,445
Customer #11 123,178
Customer #12 438,015
Customer #13 2,225

Bottom line, if Xin Net keeps selling domains to the people above we can't take any of their statements about abuse compliance seriously. Xin Net has our offer. If anyone reads somewhere else that they want to work with us on these issues, it's not true, they haven't spoken to us. Without their compliance it may be easier in the future to simply block any traffic featuring Xin Net domains.

Full KnujOn Registrar Report
'Spam-friendly' domain registrars named and shamed (

China's counterfeiters are the biggest pirates of them all: Earlier this month the sentencing of 11 members of a huge international software piracy ring in Guangdong province closed the book on a business that is thought to have raked in more than $2 billion selling fake Microsoft programs. It is hard to imagine that another has not simply taken its place overnight. The market is certainly there: in 2007, 82 per cent of all software installed on Chinese PCs was thought to have been illegal copies of the original. (

CNN Covers OnLine Pharmacy Verification and Illegal Sales

February 5, 2009

According to our research illicit prescription drug traffic accounts for 80-90% of the abuse online. Most of the spam, Registrar abuse, domain abuse, Whois fraud, malware distribution and general noise is used to push diverted, unregulated and counterfeit pills. So what is being done to protect the consumer? Sadly, not much as we see in this CNN story:

Or: Easy to buy drugs online? - Video (

Online pharmacies often have a seal from a verification company called PharamacyChecker, but is this just a rubber stamp? The CNN story features This film shows how Google advertisments lead to the site where a purchase for Xanax can be made without a prescription., a PharamacyChecker-approved site, accepts the order for Xanax and then processes the transaction on, a non-PharamacyChecker site. Without a prescription and without full verification of the entire operation it seems this pharmacy is in violation of the PharmacyChecker standards and should have its verification revoked. Unless these policies are enforced, the seals placed on websites become meaningless.

Fake Medications On Rise As Economy Worsens(

Report: Most Spam Sites Tied to Just 10 Registrars

February 4, 2009

Nearly 83 percent of all Web sites advertised through spam can be traced back to just 10 domain name registrars, according to a study to be released this week.

The data come from millions of junk messages collected over the past year by Knujon ("no junk" spelled backwards and pronounced "new john"), an anti-spam outfit that tries to convince registrars to dismantle spam sites.
While there are roughly 900 accredited domain name registrars, spammers appear to register the Web sites they advertise in junk e-mail through just one percent of those registrars. Knujon's rankings include:

  1. XinNet Cyber Information Company Limited
  2. eNom
  3. Network Solutions
  5. Planet Online
  6. Regtime Ltd.
  7. OnlineNIC Inc.
  8. Spot Domain LLC
  9. Wild West Domains
  10. Hichina Web Solutions
Knujon co-founder Garth Bruen said registrars made his list based on several factors, including: the number of reported illicit domains held by the registrar; the number unsolicited messages used to advertise those domains; the percentage of illicit domains compared to the registrar's total portfolio; the rate of unsolicited emails for the total illicit domains. If two registrars earned the same ranking after all of these factors were considered, the tiebreaker was the registrar's volume of unlicensed online pharmacies. (

Full Report

FBI Uncovers Worldwide $9M ATM Card Scam

February 3, 2009

MYFOXNY.COM - A Fox 5 investigation exposes a worldwide ATM scam that swindled $9 million and possibly jeopardized sensitive information from people around the world. Law enforcement sources told Fox 5 it's one of the most frightening well-coordinated heists they've ever seen. The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people's ATM cards. (

See FBI's Wanted Poster

Illicit Pharma Redirects Have Blank Whois

February 2, 2009

KnujOn has found that some domain names that redirect to illicit unlicensed pharmacies have blank Whois records. One example being, a site advertised in spam that redirects to, has no Whois record.

We have frequently found that illicit domains find ways around full disclosure and have methods of subverting the system for their own gain.

She's Not a Terrorist, But She Plays One on the Web

January 30, 2009

It's 3:30 a.m. ET, and the female holy warrior Oum Obeyda, the Baghdad Sniper, Ihrabi 007, and Abu Zeida, an al Qaeda financier, are in furtive online debate within one of the estimated 5,000 insurgency forums or Websites. They are planning an attack against the U.N. Headquarters in Afghanistan. A few weeks later, the plans go horribly wrong for the insurgency group. Those who have not been arrested have to go into hiding -- they been exposed. But by whom? If it sounds like the pitch for some Hollywood blockbuster, fact is even better than fiction. Abu Zeida, the Al Qaeda financier, is actually the "Queen of Cyber Warriors," a Montana-based mother of three, Shannen Rossmiller, working from her home PC. On January 8, she presented "Penetrating Minds of Mayhem: Inside the Psyche of an Islamic Extremist," at the final day of the Fordham/FBI International Conference on Cyber Security. As the U.K.'s Daily Telegraph said, "Global jihad has more to fear from Shannen Rossmiller than a squadron of F-16s." (

Troubled Ukrainian Host Sidelined

January 28, 2009

A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider. Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers.

Hackers Crack Into Texas Road Sign, Warn of Zombies Ahead

January 28, 2009

Transportation officials in Texas are scrambling to prevent hackers from changing messages on digital road signs after one sign in Austin was altered to read, "Zombies Ahead."


Thrift store MP3 player contains secret military files

January 27, 2009

The files included the home addresses, Social Security numbers and cell phone numbers of U.S. soldiers. The player also included what appeared to be mission briefings and lists of equipment deployed to hot spots in Afghanistan and Iraq. Most of the information appears to date to 2005. (

Microsoft Adds Clickjacking Protection to IE8 RC1

January 27, 2009

Protection against malicious Web attacks and tweaks to a feature that lets users browse the Internet privately are among updates Internet Explorer users can test in the first release candidate for IE8, which Microsoft made available Monday. As first reported by the IDG News Service Friday, Microsoft released the feature-complete version of IE8 to the Web Monday. Microsoft added performance tweaks to existing features and one major security update to block Web attacks known as "clickjacking" that the company said makes IE8 the only Web browser to offer such protection. (

Internet Porn, ICANN, and Families: A Call to Action

January 26, 2009

Although the International Corporation for Assigned Names and Numbers (ICANN) technically does not regulate Internet content, its day-to-day decisions consistently influence not only the structure of the Internet, but its content as well. ICANN policies concerning the approval of Top Level Domains and Internationalized Domain Names, maintenance of the WHOIS database, treatment of common vehicles for abuse, and requirements governing speech, for example, have far-reaching implications. Among the ramifications are the potential for protecting children online now or in the future, stopping the flow of child pornography, thwarting predators and sex traffickers, and maintaining legitimate free speech policy.

ICANN's mission and effectiveness depends, as its mission statement states, on "broad, informed participation reflecting the functional, geographic, and cultural diversity of the Internet at all levels of policy development and decision-making." However, in practice, only a handful of individuals who share a certain policy viewpoint have represented the billions of non-commercial Internet users around the globe in the ICANN policy-making process. At the crux of many ICANN policies is the debate on unfettered speech, access, and anonymity on the Internet. These issues are complex, culturally and nationally diverse, and changing as we understand more about the Internet and its potential.

This Article addresses reasons why advocates for families, consumers, and safety interests have not yet stepped forward to fill the gap in the stakeholder representation at ICANN. It then discusses the makeup, history, and voting power of the current ICANN Non-commercial Users' Constituency (NCUC), and the positions taken by the NCUC and its officers in policy debates. It explores the basis and implications of these positions, including the principle of "Net Neutrality." It compares this principle with the traditional parameters of the right to free expression. Finally, it urges a more robust and balanced discussion of competing rights and interests in the ICANN forum.

This Article concludes with recommendations for ICANN to respond to the narrowness of the non-commercial stakeholder representation. It suggests (1) considering further the reasons for keeping separate the NCUC and the At-large Advisory Committee; (2) using ICANN's travel support funding to encourage wider participation of groups and individuals representing the breadth of user interests; (3) developing integration and training programs; (4) maintaining standards for rotating officers and appointments; as well as (5) materially assisting in the revision of the stakeholder structure.

KnujOn 2008 News Archived

January 25, 2009

Each year we archive our news stories to keep this page as current as possible. But all news stories from 2008 are available here: 2008 News. All other previous years are also available: 2007, 2006, 2005. suffers database breach

January 24, 2009

For the second time in 18 months, employment search site has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed. The Massachusetts-based website is warning all its customers that their names, birth dates, phone numbers, user IDs and passwords, email addresses, sex, and ethnicity have been pilfered. It strongly urges users to change their login credentials immediately and to be on the lookout for phishing emails. The breach prompted this warning from USAJobs, which looks to Monster to run its website. (

That Letter to ICANN from the NTIA

January 23, 2009

A cranky letter from the NTIA to ICANN [PDF], submitted in late December during ICANN's comment period for new top-level domains, has encouraged the awkward coalition of those opposed to new TLDs. The NTIA (National Telecommunications and Information Administration), a division of the Department of Commerce, is the agency tasked with being ICANN's watchdog. So a letter from them carries some weight, though not as much as some people think. The letter basically says (read it, it's not long) that ICANN hasn't proven that new TLDs will benefit the consumer, which I suppose is true, although I wonder how anyone could prove that without actually trying it. Otherwise, the letter asks for many of the changes that others who support new TLDs (including me) have asked for, including justifying the excessive fees, come up with a way other than auctions for deciding which applications are better, come up with a better way of managing contracts, etc. etc. (

Obama to get spy-proof smartphone

January 22, 2009

E-mail has long been treated with suspicion by the Secret Service because of fears it could be hacked into by foreign espionage agencies, or that sensitive information could reach the public domain via a single mistaken strike of the "send" key. There are also concerns that mobile devices such as the BlackBerry, which contain built-in GPS technology, could be hacked, revealing the president's location within a few feet. But according to reports Thursday, Obama may actually have been issued a spy-proof alternative to his favorite toy. Writing on his blog for the Atlantic magazine, Marc Ambinder reports that the National Security Agency has approved a $3,350 smartphone -- inevitably dubbed the "BarackBerry" -- for Obama's use. The exclusive Sectera Edge, made by General Dynamics, is reportedly capable of encrypting top secret voice conversations and handling classified documents. (

Massive Credit Card Data Breach

January 21, 2009

A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported. Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month. (

The Downadup virus

January 20, 2009

The country is starting a new era today with the swearing in of Barack Obama as the 44th president, but in cybersecurity we might be going back to the bad old days. Hackers are using social engineering tied to the Obama inauguration to recycle the W32.waledac worm, which showed up last year for the holiday season. But a bigger threat might be the W32.Downadup worm, which could be building a large botnet of compromised computers. Security analysts tracking the latest high-profile worm to stalk the Internet say that W32.Downadup exploits a known vulnerability for which Microsoft issued an out-of-cycle patch in October. Despite the availability of the patch and of antivirus signatures, Symantec called the worm one of the most prolific seen in years and has clocked at least 3 million unique IP addresses infected. (

Botnets' Landscape Changes as Spammers Get Back in the Swing of Things

January 17, 2009

Spammers have been hard at work at regaining their past momentum. Over the past year, the botnet landscape has changed, especially since the McColo shutdown. It’s been roughly two months since the much-heralded shutdown of McColo, yet spam levels have remained below where they were previously. While the amount of spam hitting enterprise networks is building as botnet operators regain their momentum, the botnet landscape has changed significantly. Some of the former kings of the hill, botnets such as Srizbi, were badly hurt by the shutdown. (

Whiny Pill-Pushers Lament Domain Suspensions

January 16, 2009

It is infrequent we receive confirmation from the other side that our work is having an effect, but when we do it makes it all worth it. Electronic pill pushers are publicly complaining that previously friendly Registrars are giving them the boot. In a forum apparently dedicated to operators of unlicensed Internet pharmacies we find them discussing their plight:

" Can you guys suggest some safe registrars where we can register pharma domain names? As you know these days registrars like Directi and GoDaddy suspending domains like anything. I think its better to register new sites on some non US and transfer all existing sites to protect further ban. "

They make specific reference to Directi and Godaddy. KnujOn participants will recall a drastic shift in policies at Directi after a report we published detailed illicit sites sponsored there. Much of this activity was attributed to dirty resellers that were dumped by Directi after the report. An enormous amount of negative press and illicit traffic at Directi could also be blamed on the now defunct Registrar EstDomains. Directi has since voluntarily suspended thousands of rogue pharmacy domains, hence the instructions from pill traffickers:

" Move off Directi and any of their resellers."

The mention of Godaddy is also significant because KnujOn had collaborated with LegitScript to focus on websites offering steroids. Godaddy held the largest number of steroid domains until we discussed the issue with them. Interestingly, the pill-pusher forum recommends moving to eNom which is currently the only U.S.-based Registrar refusing to terminate the steroids domains it sponsors.

Q: Can you people suggest some[Regsitrars open to unlicensed pharmacy sites]?
A: Because he is a reseller of ENOM

Unrelated correction: An article on the decline in retail fraud after the McColo takedown was incorrectly attributed to ecommerce-journal. The article was actually written by Brian Krebs.

Fake Northwest Airlines E-Ticket Spreads Virus

January 14, 2009

The emails come from an apparently compromised node on BellSouth's network.

Date: Wed, 14 Jan 2009 09:26:06 -0800 
From: "Northwest Airlines"  
To: < > 
Subject: E-ticket #4766920495 


Thank you for using our new service 
"Buy Northwest Airlines ticket Online" on our website.
Your account has been created:

Your login:  
Your password: passJMF0

Your credit card has been charged for $492.54.
We would like to remind you that whenever you order tickets 
on our website you get a discount of 10%! Attached to this 
message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, 
and you are set to take off for the journey!

Kind regards,
Laurie Mcdonald
Northwest Airlines

Is using hijacked mailboxes and address books?

January 13, 2009

In the battle of social networking sites, is playing dirty. Previously on KnujOn's trusted list, will now marked as a spam site in our process. Reunion has been using these aggressive tactics for a while, but all of the sudden people are seeing more of it. Why? Because a California court just threw out a lawsuit against them. This has seemingly emboldened them to turn the spam hose on us and do so with apparent impunity.

Not only does's automatic message mislead e-mail recipients by saying that someone known to them is searching for them, it misrepresents the intentions of new members by giving the impression that they're actively seeking to communicate with the people in their address books.

"I thought I was just signing up to read my friend's message, At no time did I think I was authorizing them to access my online address book."

" They must have hacked into my yahoo address and got her from my address book. That is so upsetting to me." (

CAN-Spam-a-Friend? The Case Against

More on this later!

Mysterious credit card charge may have hit millions of users

January 11, 2009

Several Internet complaint boards are filled with comments from credit card customers from coast to coast who have noticed a mysterious charge for about 25 cents on their statements. The charge shows up on statements as coming from "Adele Services" in Melville, N.Y. There is no business by that name listed in Melville, or registered to any business anywhere in New York, for that matter. Two theories of what is going on have advanced on message boards and among consumer advocates: Someone is trying to find out whether an illegally obtained credit card number will work before making a bigger charge, or they're trying to rip off tiny amounts from tons of people. ( Using Hijacked Hotmail Accounts for Spam Campaign

January 8, 2009

It was reported to us yesterday that BIZCN-Sponsored (China) and Softlayer-hosted (Texas) is being advertised with spam from hijacked hotmail accounts (we have access to the originating account to document). This, of course, is not big news. Spam from spoofed and compromised accounts is de rigueur. But this gives us an opportunity to ask questions about why this practice is used.

Apparently located in China, vanigo sells electronics, name-brand electronics (maybe). The low prices being offered by vanigo are impossible which leads to the question of counterfeiting. If you become a "member" prices are even lower. Examples below (Note: we used the LOWEST discount prices available for comparison).

ProductVanigoReal Price
Apple MacBook Pro 15-inch Notebook PC$802.75$1,519.99
Sony Playstation 3 160 GB$304.77$499.99
Nintendo Wii$95.24$249.99
Nikon 12.1-Megapixel Digital SLR Camera$537.43$2,999.99
Sony Ericsson C905i$122.45$605.46
Pioneer InDash Navigation$217.69$1,195.09

Prophetically, the comment sections of the site contain postings like this:
"please i tried calling you but cant get through...please clarify if this is real or a duplicate." I think this shopper has answered his own question!

Vanigo is not someone driving around in a windowless van selling junk electronics, this is a large, commercial-style front operating out in the open. In most cases you simply end up with a junk product (and a sinking feeling of being ripped off), in the worst case these items can explode or cause fires.

No response from BIZCN or SoftLayer.

Terrorists launder cash through online gambling

January 7, 2009

Islamic terrorist networks are using online gambling websites to launder money for attacks, security analysts have disclosed. The security services have been warned that the internet is increasingly being used to train terrorists, raise money and as the main form of media to promote radical Islam. Computer experts in al-Qaeda have created an "online University of Jihad" that is recruiting and training potential terrorists in Britain without them having to risk travelling to camps in Pakistan. (

Scale of Data Breach Revealed

January 4, 2009

In February, BNY Mellon discovered that one of ten boxes of back-up unencrypted computer tapes was missing from a delivery van that was transporting them to the bank’s shareholder services facility in New Jersey. The bank, recognizing the potential for massive identity theft, took months to admit that the tape contained personal and financial data for 12 million people nationwide, including 635,000 in Connecticut, many associated with People’s Bank. The tape was never recovered. (

BNY Mellon's data tape 'lost in transit' (

Archived Stories

News from 2009 has been archived
News from 2008 has been archived
News from 2007 has been archived
News from 2006 has been archived
News from 2005 has been archived
Privacy Policy and Mission Statement
All Content at Copyrighted by KnujOn, LLC.
KnujOn and Coldrain are not responsible for content at external sites