Security

Critical update, version 9.0.151.0 for Flash 9 users unable to update to Flash 10.

In addition to issues previously reported in Security Bulletin APSB08-18, the update addresses several other security vulnerabilities.

http://www.adobe.com/support/security/bulletins/apsb08-20.html

Certifiedbug, October 15, 2008.
Adobe Flash Player update 10.0.12.36

{ 0 comments }

ICANN received a response from EstDomains regarding the notice of termination. http://www.icann.org/correspondence/poltev-to-burnette-29oct08-en.pdf [PDF, 853K] To assess the merits of the claims made in EstDomains’ response, ICANN has stayed the termination process as ICANN analyzes these claims.

{ 0 comments }

Stacy K. Burnette, Director of Contractual Compliance at ICANN, sent an official letter to Vladimir Tsastsin, President of EstDomains Inc., informing him that the company’s accreditation as a registrar is being terminated.

Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for Estdomains, Inc. (Customer No. 919, IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.

The attached Estonia Court records state that you were convicted of credit card fraud, money laundering and document forgery on 6 February 2008. EstDomains’ has submitted official documents to ICANN that state you are the President of EstDomains. Absent receipt by ICANN of any document indicating that you were removed from the position of President, ICANN concludes that you maintained the position of President of EstDomains since the date of your conviction. Estdomains’ RAA is being terminated based on your conviction and your status as President of EstDomains.

Notice Of Termination Of ICANN Register Accreditation Agreement. (PDF)

ICANN’s notice informs that approximately 281,000 domains currently sponsored by EstDomains will be transferred to another ICANN-Accredited Registrar in accordance with the De registration Transition Procedure and that EstDomains has the right to suggest the transfer recipient by November 6, 2008.

Certifiedbug: http://certifiedbug.com/blog/tag/estdomains/

Edit
ICANN - Expressions of Interest Sought for Bulk Transfer of Registrations

As the result of the de-accreditation of EstDomains, Inc. (IANA ID 832), ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains. EstDomains managed approximately 280,000 gTLD registrations, including registrations in the biz, com, info, mobi, net, and org registries, including approximately 7 second-level internationalized domain names. EstDomains, Inc. is organized in Delaware, United States

Whack-A-Mole.

http://www.domainnews.com/en/general/icann-expressions-of-interest-sought-for-bulk-transfer-of-registrations.html

{ 2 comments }

decitu.com is one of estdomain’s October registrations, checking it out my browser was redirected to porno-tube-online.com/porn/. Obviously an adult content site.

Snippet from my log,
/banners/flash/24368/json_400×600_005.swf 11,524 application/x-shockwave-flash
Host: banners.adultfriendfinder.com.

By the way, if your Adobe flash is up to date and you think you are protected from SWF exploits see Sandi’s article at Spyware Sucks.
Adobe Flash 10 does NOT stop malvertizement hijacking

A lot of malware victims end up in help forums because they were redirected to a bad site, or intentionally downloaded video codecs so they could watch such content.

The dialog informs that a codec is needed to view the video, this is where you should stop already before infecting your computer.

The anti virus program alerted.

Hiding in the background waiting for an unsuspecting user to download the codec was a rogue, the link on its own produced an error.

Domain Name: DECITU.COM
ICANN Registrar: ESTDOMAINS, INC.
Created: 2008-10-23
Expires: 2009-10-23
Updated: 2008-10-23
3 other sites hosted on this server.

Certifiedbug October 24, 2008. EstDomains, Inc. PR

From EstDomains’s Press release,

Once again EstDomains, Inc would like to address the interactive community and ask for co-operation to make the Internet clear and safe. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

The support link they provided produced,
“The requested site did not respond to a connection request and the browser has stopped waiting for a reply.”
I went directly to their website and clicked the red ‘Report Abuse’ button, same thing.

The rest of the site loads normally, it is the ’support’ page that was kapoot at time of writing.

{ 0 comments }

To read history see http://certifiedbug.com/blog/tag/estdomains/

October Press releases:
EstDomains, Inc Takes Next Step in Combating Spam and Malware
http://www.prweb.com/releases/2008/10/prweb1504344.htm

EstDomains, Inc Combating Cyber Crime — Thousands Domain Names Suspended
http://www.prweb.com/releases/2008/10/prweb1511704.htm

Edit
The Spamhaus Project.
SBL68934
89.108.95.135/32 agava.ru
24-Oct-2008 10:41 GMT estdomains.com / esthost.com / Cernel - dirty host/registrar

SBL68935
89.108.73.87/32 agava.ru
24-Oct-2008 09:03 GMT estdomains.com / esthost.com / Cernel - dirty host/registrar

SBL68936
89.108.74.33/32 agava.ru
24-Oct-2008 09:04 GMT estdomains.com / esthost.com / Cernel - dirty host/registrar

SBL68937
83.171.76.96/28 ptt.spb.ru
24-Oct-2008 10:41 GMT estdomains.com / esthost.com / Cernel - dirty host/registrar

http://www.spamhaus.org/sbl/index.lasso

{ 0 comments }

Someone thought it funny to put up a site called downloadmalware.com and offer a malware download. “I’m pretty sure it’s harmless”, he said.

The .exe was a malicious infection as pointed out by Alex at the Sunbelt Blog: A sick joke

Site Advisor, reviewer comments: http://www.siteadvisor.com/sites/downloadmalware.com/postid?p=1160990

IP Blocklist for Outpost Firewall. Calender Of Updates. (COU)

hpHosts. http://www.hosts-file.net/?s=Download&f=Partial

http://www.mywot.com/en/scorecard/downloadmalware.com

Update
Google cache.

Oh boo, I ended up finding out thanks to The Sunbelt Blog that the malware I was handing out on downloadmalware.com was actually a quite harmful vondu …
www.lifeofahuman.com/ -

http://maru.lunarmania.com/suspended.page/

Visitors, we are sorry, however, this site is experiencing difficulties at this time. Please return later.

{ 0 comments }

Judy Devenow pleaded guilty to fraud and conspiracy charges Tuesday in federal court in Michigan, admitting she had sent millions of spam e-mails a day helping spam kingpin Alan Ralsky.

Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. She, Ralsky and nine other people were charged in January 2008. Thomas Dukes, who specializes in computer crimes at the U.S. Justice Department in Washington DC, is quoted as saying that Ralsky sent tens of millions of e-mails over a 20-month period - and that’s a “conservative number,” Dukes told the judge. We agree; Spamhaus regularly sees spammers like Ralsky and his gang sending tens of millions of spam e-mails each day. They use innocent people’s virus infected PCs to do this and also forge the addresses of innocent people onto the spam’s “From:” line (”spoofing”) causing untold damage and costs.

Spamhaus

{ 0 comments }

Adobe Product Security Incident Response Team (PSIRT)

Flash Player 10 addresses Flash Player-specific aspects of the overall clickjacking issue that has been making news recently, and also includes a mitigation for recent clipboard attacks as well as other security enhancements.

Adobe will be providing an update to Flash Player 9 for customers who cannot upgrade to Flash Player 10 in early November.

Vulnerability identifier: APSB08-18, categorized as a critical update.
Flash Player update available to address security vulnerabilities

If you use multiple browsers, verify the Adobe Flash Player version number for each browser you have installed on your system.

http://www.adobe.com/products/flash/about/

{ 0 comments }

A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages. At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.

According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.

The defendants include two individuals – Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith of Texas – and four companies they control: Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC’s complaint alleges that both Atkinson and Smith are liable for the spamming. It holds Lance Atkinson responsible for all product claims, and Smith liable for claims made for the pharmaceutical products. In June 2005, the FTC obtained a $2.2 million judgment against Atkinson and another business partner for running a similar spam affiliate program that marketed herbal products.

News Release: http://www.ftc.gov/opa/2008/10/herbalkings.shtm

Civil Action No. 08-CV-5666
FTC File No. 072 3085

Complaint for Injunctive and Other Equitable Relief
http://www.ftc.gov/os/caselist/0723085/081014atkinsoncmpt.pdf

Memorandum Supporting Plaintiff’s ex parte Motion for a Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsonmemo.pdf
Interesting read. Snippet:

SanCa$hSupport i guess so… they’ll never find you
sancashl well they bought me up, but nothing linked to me, most i do is provide services for spammers

O what a tangled web we weave when first we practise to deceive.
(Sir Walter Scott. Marmion, Canto VI, Stanza 17)

Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsontro.pdf

Certifiedbug: March 30, 2007.
Fake pharmaceuticals on-line, buyer beware

{ 0 comments }