Malware

The Sunbelt Blog reports a new rogue program, eAntivirusPro.

eAntivirusPro is a new clone of Antivirus XP 2008 rogue security product.
AntiMalware 2009 is yet another clone of Antivirus XP 2008 rogue security product.
ekerberos is another rogue security product from Innovagest 2000.

I checked out Innovagest2000.com, don’t try this at home.

On the site they advertise:
alfacleaner.com
anti-virus-pro.com
spydeface.com
system-defender.com

Clicking on the picture for System Defender brought up this warning:

324 threats and viruses found on a clean machine, yeah right…
This is the kind of ’scareware’ Microsoft and Washington State’s AG has filed suit against.
Microsoft and Washington State’s lawsuits reveal ’scareware’ defendants

Explorer asks:

No surprise:

{ 0 comments }

Fright Fight: Washington Attorney General leading battle against scareware with Microsoft
SEATTLE – Attorney General Rob McKenna stood at the frontlines with Microsoft Corp. in the war against spyware in 2006. Now armed with tougher legislation, the state’s top law enforcement officer, with the world’s largest software company, is charging forward with new lawsuits targeting scareware purveyors.

“The Attorney General’s Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them,” McKenna said.

“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” McKenna continued. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”

The Attorney General’s Office along with Microsoft announced the filing of new cases under Washington’s recently improved Computer Spyware Act during a joint press conference today in Seattle.

“Microsoft is honored to assist Washington Attorney General McKenna in helping to protect consumers from online threats,” said Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team. “Cybercrime continues to evolve, but with public/private collaboration such as this, we can work to champion tougher laws, greater public awareness and, ultimately, stronger protections for online consumers.”

In 2005, Washington became one of the first states to adopt a law explicitly prohibiting spyware activities and imposing serious penalties on violators. The statute doesn’t stop at outlawing programs that collect personal information, but uses a broader definition of “spyware” and punishes those who mislead users into believing software is necessary for security. The law was updated last session to create additional liability for third-parties that permit the transmission of spyware and to address new types of deceptive behaviors, such as misrepresenting the need for computer repairs.

As of today, the Attorney General’s Office has filed seven suits under the statute.

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP. The civil suit brings five causes of action against James Reed McCreary IV, of The Woodlands, Texas, and two businesses: Branch Software, of The Woodlands, Texas, doing business as Registry Cleaner XP, and Alpha Red, Inc., of Houston, Texas. McCreary is the sole director of Branch Software and CEO of Alpha Red.

McKenna said Microsoft referred the case to the Attorney General’s Consumer Protection High-Tech Unit and has been helpful in assisting the office with enforcement issues.

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

Computers capable of receiving Windows Messenger Service pop-ups, also known as Net Send messages, were vulnerable to the attacks. Windows Messenger Service, not to be confused with the instant-messaging program Windows Live Messenger, is primarily designed for use on a network and allows administrators to send notices to users.

“Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

The filings today bring the number of civil spyware actions brought by Microsoft since the Computer Spyware Act was first enacted in 2005 to 17. In 2006, Microsoft and the Attorney General each brought lawsuits against the same group of defendants under the Washington Computer Spyware Act, obtaining permanent injunctions and settlements. Additionally, Microsoft has routinely worked with the FTC and other state and federal law enforcement agencies in the battle against spyware.

Spyware has arguably become the biggest online threat to consumers and businesses since the advent of the Internet. Microsoft has said that 50 percent of its customer-support calls related to computer crashes can be blamed on spyware.

Complaint

Registry Cleaner XP demo

- 30 –

Media Contacts:
Janelle Guthrie, APR, Communications Director, Office of the Attorney General, 360-586-0725 or janelleg@atg.wa.gov
Dan Sytman, Media Relations, Office of the Attorney General, 360-586-7842 or dans@atg.wa.gov

Editor’s Note: The Attorney General’s Office has also brought enforcement actions against companies that market products named Registry Cleaner, Registry Cleaner Pro, Registry Cleaner 32 and related names. Those cases are unrelated and involve different defendants.

Press release

Update
Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.

Antivirus 2009
Malwarecore
WinDefender
WinSpywareProtect
XPDefender

The lawsuits were filed under Washington’s Computer Spyware Act.
Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

A few names should ring a bell.

Antivirus 2009
This site is currently under construction!
ICANN Registrar: 1 & 1 INTERNET AG
registrant-firstname: Oneandone
registrant-lastname: Private Registration

Malwarecore
ICANN Registrar: ESTDOMAINS, INC.
Registration Service Provided By: ESTDOMAINS INC
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

WinDefender
ICANN Registrar: TUCOWS INC.
Registrant: Whois Anonymizer

WinSpywareProtect
ICANN Registrar: GODADDY.COM, INC.
Registrant: Domains by Proxy, Inc.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

{ 0 comments }

Backbone provider Global Crossing, which previously “de-peered” from Atrivo/Intercage, More on Atrivo-Intercage-Estdomains, has negated the decision by transit provider UnitedLayer to give Intercage upstream service.

“It has come to our attention that United Layer is now routing traffic for Intercage (AS 27595) over the Global Crossing network,” Andrew Ramsey, Global Crossing’s manager of information security operations, wrote in an email sent to UniterLayer on Wednesday morning. “Intercage was removed from our network for violating our acceptable use policy, and is not welcome to return under any circumstance.”

The Register: Net pariah Intercage back among the dead

Edit:
Robert McMillan, IDG News Service.

After being notified of more problems on the network this week, UnitedLayer pulled the plug on Intercage late Thursday afternoon, said UnitedLayer Chief Operating Officer Richard Donaldson. “We decided that, given the stuff that was going on and with a couple of infractions that we were made aware of, that they needed to purge themselves of any [malicious] stuff that remained,” he said.

Notorious ISP Intercage goes dark again

Hat Tip to Sandi at Spyware Sucks: Atrivo/Intercage have been knocked offline again?

The Report for AS27595 remains as it was before UnitedLayer became Intercage’s provider.
Certifiedbug; September 22, 2008. Atrivo-Intercage offline

{ 0 comments }

EstDomains, Inc: Improved Detection and Prevention System is Live

EstDomains, Inс (http://estdomains.com), announces the launch of new improved and even more efficient version of detection and prevention system oriented to the avoidance of potentially fraudulent transactions, spamming and harmful software distribution that might be performed from the company customers’ accounts.

From the very beginning, EstDomains, Inc (http://estdomains.com), a domain name registration services provider, has undertaken the obligations to provide Internet community with most secure solutions for network presence establishment and running of successful and stable online enterprise. The management of the company also realizes the great necessity of keeping the Internet clean of the fraudulence, harmful software or any disposal of obscene materials. According to the Acceptable Usage Policy, valid for EstDomains, Inc (http://estdomains.com), the appropriate measures are taken against customers who take a risk of using provided services for spam delivery, phishing attempts, distribution or storage of data that may damage user’s computer equipment such as viruses or any other kinds of malware, corrupted codes that are designed with an intention to steal personal data and credit card information or any related materials involved in cybercrime arrangements. Carefully elaborated account monitoring system is used to reveal AUP violation cases among company’s customers. The corrupted account holders are deprived of their account without any refund along with the ultimate right of companies’ services further usage.

In order to prevent crooked customers from being able to continue with their illegal enterprises, the new advanced and more efficient account monitoring system has been applied to the services provided for domain name registration. The improved system is equipped with a whole pack of advanced features that use smart schemes for detailed analyses of the activity performed by an account holder, whose account has been suspended due to violation of AUP terms and conditions. On top of everything else, carefully elaborated clusters also reveals accounts that are registered under different name but in reality belong to a person who has been involved in AUP infringements. Various details, such as IP addresses, minute payments descriptions, personal data analysis, accounts sign up logs and so on, are used for the creation of a common pattern, which indicates characteristic features of one particular person. These patterns are indispensable tool in the further investigations that are led in order to recognize corrupted account holders from other law-abiding customers. The revealed accounts violating AUP are deactivated. As usual, in order to avoid wrong accusations, the domain name holder, whose account contains domain names that violate company’s Acceptance Usage Policy, will receive a notification with a warning and further detailed instruction how to report a mistake. The required information proving that the account is not privy to the delinquent activity of any kind must be submitted within 24 hours.

Once again EstDomains, Inc would like to address the interactive community and ask for help in making the Internet space more safe and user-friendly. Please report infringements that involve the activity of EstDomains, Inc customers to: https://support.estdomains.com.

Wilmington, DE (PRWEB) September 21, 2008.
http://www.prweb.com/releases/2008/9/prweb1357644.htm

Uh huh, kept for historical purposes.

{ 0 comments }

Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations

“The truth is that nobody’s been reporting this stuff, but it’s illegal for me to just sniff around each and every site on my network and say, ‘Hey, what are you up to?,’” Kacperski said. “But if there’s a complaint, then I can deal with it, I have to deal with it. Instead of complaints, I get people labeling me as some kind of mafia kingpin or crime boss.”

“nobody’s been reporting this stuff,” ?

http://www.google.com/search?hl=en&q=atrivo+malware
http://www.google.com/search?hl=en&q=intercage+malware

No doubt people will keep monitoring…

{ 0 comments }

AS Report.

Report for AS27595

Name

INTERCAGE - InterCage, Inc.

NOT Announced

This AS is not currently used to announce prefixes in the global routing table, nor is it used as a visible transit AS.

Prefixes added and withdrawn by this origin AS in the past 7 days.

- 64.28.176.0/20 Withdrawn
- 67.210.0.0/21 Withdrawn
- 67.210.8.0/22 Withdrawn
- 67.210.14.0/23 Withdrawn
- 69.22.162.0/23 Withdrawn
- 69.22.168.0/21 Withdrawn
- 69.22.184.0/22 Withdrawn
- 69.31.64.0/20 Withdrawn
- 69.50.160.0/19 Withdrawn
- 85.255.113.0/24 Withdrawn
- 85.255.114.0/23 Withdrawn
- 85.255.116.0/22 Withdrawn
- 85.255.120.0/23 Withdrawn
- 85.255.122.0/24 Withdrawn
- 216.255.176.0/20 Withdrawn
- 216.255.176.0/22 Withdrawn
- 216.255.180.0/22 Withdrawn
- 216.255.184.0/22 Withdrawn
- 216.255.188.0/22 Withdrawn

http://cidr-report.org/cgi-bin/as-report?as=AS27595

NANOG:
Atrivo/Intercage: NO Upstream depeered at 2:25am est

Emil Kacperski started this topic: Re: Atrivo/Intercage: NO Upstream depeer

It gets a little heated, I guess this sums it up.

> Anything else you’d like to throw at me here on NANOG?
Sure, but I havn’t figured out how to hit someone with a two-by-four
over the Internet.

{ 1 comment }

Alex Eckelberry,

So… what kind of domains are on Intercage?

Gary Warner wanted to find out and has now posted the Mother of all Lists of (almost) all Intercage domains.

What kinds of domains does Intercage host?

{ 0 comments }

Apparently it has proved difficult for Registers to prevent malware domains from registering, and swiftly cleaning up those with a history of abuse.

At least not without headlines and community outrage which has recently resulted in thousands of bad sites being closed down.

As I said before, “Does it take articles in the Washington Post before anything gets done.” If it does then something is remiss in Kansas.

Of course I am glad that stuff is now being cleaned up, less infected computers for starters.

{ 0 comments }

EstDomains, Inc: Global Struggle Against Malware Distribution
http://www.prweb.com/releases/2008/09/prweb1325214.htm

Hah…

Wilmington, DE (PRWEB) September 14, 2008 — EstDomains, Inc (http://estdomains.com), a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders’ private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.

The term “malicious software” or commonly called “malware” speaks for itself. The software of this kind may not only interrupt work process by displaying annoying trifles on the user’s desktop but corrupt important files and damage hard disc as well as causing considerable losses to computer’s owner. Slowing down the whole computer system or spamming from one’s email account is the smallest troubles that cunningly written software may cause. Unfortunately, there are many widely known precedents of unauthorized credit card usages performed with stolen passwords and codes. The most unpleasant thing about malware is that usually it is installed on a computer without user’s consent from a website that may seem to be utterly innocent.

The EstDomains, Inc management does not deny the fact that no one is secured from having a customer who uses provided services for delinquent purposes. But it must be noted that the carefully planned infrastructure of EstDomains, Inc makes the special provision for the cases of malware distribution that may originate from the domain name registered under the company’s name. Such domain names are suspended immediately along with domain holder’s account if there is an evidence of malware presence on the web site. According to the most recent statistics over five thousand domain names were detected and ruthlessly suspended by EstDomains, Inc specialists only last week.

The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance.

In addition to the constant monitoring of its infrastructure, EstDomains, Inc (http://estdomains.com) has created a unique system that allows reveal direct malware sources along with potentially dangerous web sites. Further, the detailed reports with warnings are sent to hosting companies and Registrars in order to notify them about the threat and to ask for the measures to be taken. In addition to independently lead investigations, EstDomains, Inc relies on the information available from such influential anti-malware organizations and listings as webhelper4u.net, malwaredomainlist.com, hosts-file.net, malwaredomains.com, malwarebytes.org and many others.

Today, EstDomains, Inc (http://estdomains.com) would like to urge all Internet users to join this world-wide campaign against malware distributions and distributors and report every single display of corrupted codes to: https://support.estdomains.com. It does not matter whether the domain name for suspected web site is registered with EstDomains, Inc or with any other Registrar. There is one common goal for everyone. Namely, keep the Internet space clean and safe for both business and leisure.

Certifiedbug:
Cyber Crime USA
More on Atrivo-Intercage-Estdomains
Directi
Atrivo, EstDomains Inc.,
Directi continues to suspend malware sites

{ 0 comments }