Botnet

Gadi Evron’s Time for self reflection after the downfall of Atrivo-Intercage.

{ 0 comments }

Backbone provider Global Crossing, which previously “de-peered” from Atrivo/Intercage, More on Atrivo-Intercage-Estdomains, has negated the decision by transit provider UnitedLayer to give Intercage upstream service.

“It has come to our attention that United Layer is now routing traffic for Intercage (AS 27595) over the Global Crossing network,” Andrew Ramsey, Global Crossing’s manager of information security operations, wrote in an email sent to UniterLayer on Wednesday morning. “Intercage was removed from our network for violating our acceptable use policy, and is not welcome to return under any circumstance.”

The Register: Net pariah Intercage back among the dead

Edit:
Robert McMillan, IDG News Service.

After being notified of more problems on the network this week, UnitedLayer pulled the plug on Intercage late Thursday afternoon, said UnitedLayer Chief Operating Officer Richard Donaldson. “We decided that, given the stuff that was going on and with a couple of infractions that we were made aware of, that they needed to purge themselves of any [malicious] stuff that remained,” he said.

Notorious ISP Intercage goes dark again

Hat Tip to Sandi at Spyware Sucks: Atrivo/Intercage have been knocked offline again?

The Report for AS27595 remains as it was before UnitedLayer became Intercage’s provider.
Certifiedbug; September 22, 2008. Atrivo-Intercage offline

{ 0 comments }

Apprantly IP transit provider UnitedLayer has agreed to provide upstream service to Intercage after Intercage agreed to completely sever ties with Esthost.

Intercage, Inc’s website has a holding page, it looks strangely familiar…

UnitedLayer operates out of the same San Francisco colocation facility as Intercage and Pacific Internet Exchange (PIE).

Kind of reminds me of Lizards that give up their tail to escape.

Is anyone else feeling dizzy yet.

Sources:
Report for AS27595
Controversial ISP Intercage now back online
‘Malware-friendly’ Intercage back among the living

{ 0 comments }

EstDomains, Inc: Improved Detection and Prevention System is Live

EstDomains, Inс (http://estdomains.com), announces the launch of new improved and even more efficient version of detection and prevention system oriented to the avoidance of potentially fraudulent transactions, spamming and harmful software distribution that might be performed from the company customers’ accounts.

From the very beginning, EstDomains, Inc (http://estdomains.com), a domain name registration services provider, has undertaken the obligations to provide Internet community with most secure solutions for network presence establishment and running of successful and stable online enterprise. The management of the company also realizes the great necessity of keeping the Internet clean of the fraudulence, harmful software or any disposal of obscene materials. According to the Acceptable Usage Policy, valid for EstDomains, Inc (http://estdomains.com), the appropriate measures are taken against customers who take a risk of using provided services for spam delivery, phishing attempts, distribution or storage of data that may damage user’s computer equipment such as viruses or any other kinds of malware, corrupted codes that are designed with an intention to steal personal data and credit card information or any related materials involved in cybercrime arrangements. Carefully elaborated account monitoring system is used to reveal AUP violation cases among company’s customers. The corrupted account holders are deprived of their account without any refund along with the ultimate right of companies’ services further usage.

In order to prevent crooked customers from being able to continue with their illegal enterprises, the new advanced and more efficient account monitoring system has been applied to the services provided for domain name registration. The improved system is equipped with a whole pack of advanced features that use smart schemes for detailed analyses of the activity performed by an account holder, whose account has been suspended due to violation of AUP terms and conditions. On top of everything else, carefully elaborated clusters also reveals accounts that are registered under different name but in reality belong to a person who has been involved in AUP infringements. Various details, such as IP addresses, minute payments descriptions, personal data analysis, accounts sign up logs and so on, are used for the creation of a common pattern, which indicates characteristic features of one particular person. These patterns are indispensable tool in the further investigations that are led in order to recognize corrupted account holders from other law-abiding customers. The revealed accounts violating AUP are deactivated. As usual, in order to avoid wrong accusations, the domain name holder, whose account contains domain names that violate company’s Acceptance Usage Policy, will receive a notification with a warning and further detailed instruction how to report a mistake. The required information proving that the account is not privy to the delinquent activity of any kind must be submitted within 24 hours.

Once again EstDomains, Inc would like to address the interactive community and ask for help in making the Internet space more safe and user-friendly. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

Wilmington, DE (PRWEB) September 21, 2008.
http://www.prweb.com/releases/2008/9/prweb1357644.htm

Uh huh, kept for historical purposes.

{ 0 comments }

Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations

“The truth is that nobody’s been reporting this stuff, but it’s illegal for me to just sniff around each and every site on my network and say, ‘Hey, what are you up to?,’” Kacperski said. “But if there’s a complaint, then I can deal with it, I have to deal with it. Instead of complaints, I get people labeling me as some kind of mafia kingpin or crime boss.”

“nobody’s been reporting this stuff,” ?

http://www.google.com/search?hl=en&q=atrivo+malware
http://www.google.com/search?hl=en&q=intercage+malware

No doubt people will keep monitoring…

{ 0 comments }

AS Report.

Report for AS27595

Name

INTERCAGE - InterCage, Inc.

NOT Announced

This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.

Prefixes added and withdrawn by this origin AS in the past 7 days.

- 64.28.176.0/20 Withdrawn
- 67.210.0.0/21 Withdrawn
- 67.210.8.0/22 Withdrawn
- 67.210.14.0/23 Withdrawn
- 69.22.162.0/23 Withdrawn
- 69.22.168.0/21 Withdrawn
- 69.22.184.0/22 Withdrawn
- 69.31.64.0/20 Withdrawn
- 69.50.160.0/19 Withdrawn
- 85.255.113.0/24 Withdrawn
- 85.255.114.0/23 Withdrawn
- 85.255.116.0/22 Withdrawn
- 85.255.120.0/23 Withdrawn
- 85.255.122.0/24 Withdrawn
- 216.255.176.0/20 Withdrawn
- 216.255.176.0/22 Withdrawn
- 216.255.180.0/22 Withdrawn
- 216.255.184.0/22 Withdrawn
- 216.255.188.0/22 Withdrawn

http://cidr-report.org/cgi-bin/as-report?as=AS27595

NANOG:
Atrivo/Intercage: NO Upstream depeered at 2:25am est

Emil Kacperski started this topic: Re: Atrivo/Intercage: NO Upstream depeer

It gets a little heated, I guess this sums it up.

> Anything else you’d like to throw at me here on NANOG?
Sure, but I havn’t figured out how to hit someone with a two-by-four
over the Internet.

{ 1 comment }

Alex Eckelberry,

So… what kind of domains are on Intercage?

Gary Warner wanted to find out and has now posted the Mother of all Lists of (almost) all Intercage domains.

What kinds of domains does Intercage host?

{ 0 comments }

EstDomains, Inc: Global Struggle Against Malware Distribution
http://www.prweb.com/releases/2008/09/prweb1325214.htm

Hah…

Wilmington, DE (PRWEB) September 14, 2008 — EstDomains, Inc (http://estdomains.com), a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders’ private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.

The term “malicious software” or commonly called “malware” speaks for itself. The software of this kind may not only interrupt work process by displaying annoying trifles on the user’s desktop but corrupt important files and damage hard disc as well as causing considerable losses to computer’s owner. Slowing down the whole computer system or spamming from one’s email account is the smallest troubles that cunningly written software may cause. Unfortunately, there are many widely known precedents of unauthorized credit card usages performed with stolen passwords and codes. The most unpleasant thing about malware is that usually it is installed on a computer without user’s consent from a website that may seem to be utterly innocent.

The EstDomains, Inc management does not deny the fact that no one is secured from having a customer who uses provided services for delinquent purposes. But it must be noted that the carefully planned infrastructure of EstDomains, Inc makes the special provision for the cases of malware distribution that may originate from the domain name registered under the company’s name. Such domain names are suspended immediately along with domain holder’s account if there is an evidence of malware presence on the web site. According to the most recent statistics over five thousand domain names were detected and ruthlessly suspended by EstDomains, Inc specialists only last week.

The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance.

In addition to the constant monitoring of its infrastructure, EstDomains, Inc (http://estdomains.com) has created a unique system that allows reveal direct malware sources along with potentially dangerous web sites. Further, the detailed reports with warnings are sent to hosting companies and Registrars in order to notify them about the threat and to ask for the measures to be taken. In addition to independently lead investigations, EstDomains, Inc relies on the information available from such influential anti-malware organizations and listings as webhelper4u.net, malwaredomainlist.com, hosts-file.net, malwaredomains.com, malwarebytes.org and many others.

Today, EstDomains, Inc (http://estdomains.com) would like to urge all Internet users to join this world-wide campaign against malware distributions and distributors and report every single display of corrupted codes to: https://support.estdomains.com. It does not matter whether the domain name for suspected web site is registered with EstDomains, Inc or with any other Registrar. There is one common goal for everyone. Namely, keep the Internet space clean and safe for both business and leisure.

Certifiedbug:
Cyber Crime USA
More on Atrivo-Intercage-Estdomains
Directi
Atrivo, EstDomains Inc.,
Directi continues to suspend malware sites

{ 0 comments }

Directi president Bhavin Turakhia said his company has disabled its registrant-anonymizing privacyprotect.org service for all Web site names registered through Klikdomains.com, which he said has sold roughly 100,000 Web site names through Directi during the past couple of years. Nearly half of those have been suspended due to abuse complaints, Turakhia said. More than 21,000 sites were suspended in the past 48 hours alone. Directi currently is investigating most of the remaining 50,000 domains registered through Klikdomains.com, Turakhia added.

Brian Krebs.
Fake Antispyware Purveyor Doubles as Domain Registrar

Domain registrars could be paying closer attention to the monitoring of resellers, how many computers have been infected over the years.

Does it take articles in the Washington Post before anything gets done.

{ 0 comments }