• 목록
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

You'll be able to see right here that the IP address belongs to InterCage, xxx tube previously referred to as Atrivo.

Whois Record

OrgName: InterCage, Inc. OrgID: INTER-359 Address: 1955 Monument Blvd. Address: #236 City: Concord StateProv: CA PostalCode: 94520 Country: US

ReferralServer: rwhois://rwhois.intercage.com:4321/

NetRange: 69.50.160.Zero - 69.50.191.255 CIDR: 69.50.160.0/19 NetName: INTERCAGE-Network-GROUP NetHandle: Net-69-50-160-0-1 Parent: Net-69-0-0-0-zero NetType: Direct Allocation NameServer: MAIL.ATRIVO.COM NameServer: PAVEL.ATRIVO.COM Comment: RegDate: 2003-06-04 Updated: 2005-09-01

OrgAbuseHandle: ABUSE735-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-925-550-3947 OrgAbuseEmail:

OrgNOCHandle: NETWO670-ARIN OrgNOCName: Network Operations OrgNOCPhone: +1-925-550-3947 OrgNOCEmail:

OrgTechHandle: INE4-ARIN OrgTechName: IP Network Engineering OrgTechPhone: +1-925-550-3947 OrgTechEmail:

Tracert from dnsstuff.com shows it as 69.50.188.35 AS27595 Intercage. The upstream supplier seems to be nlayer.net.

Two elements make this significantly enraging, the primary being InterCage/Atrivo’s lengthy history of known abuse. Just look on the comments on this SPEWS report.

Hosting spammers.

Interesting ARIN information. 1995 to 2003? Hmmm…

Meaning the sudden re-start of a dead /sixteen is puzzling in these times of ARIN block piracy. More particulars would certainly be welcome.

Update: "more details" =>

Update: More crime, proxy hijacking:

That’s just a fraction of ths story. I’ve blogged about InterCage/Atrivo beforehand, several occasions, as have others here, here and right here, to name a number of.

The second factor is the content of the trackback spams -not just run of the mill spam for pills and such. These were all excedingly disgusting, with links to porn sites, nasty onerous core porn. Stuff like this:

Little girls movies photos Sex anal movie preview Desi porn password Incest prrn thumbs Xxx desi ladies videos free Roberts sex comics Boyladysexteaching Free porn videos watch Farm incest cartoons Free xxx video college Virgin young sex Download free sex sizzling Free outdated males fu…

and worse.

And whoever is chargeable for this used some type of software or bot that was able to show off the e-mail notification I ought to have gotten for each trackback.

I’ve sent an abuse complaint to Emil Kacperski, the man behind InterCage/Atrivo, the abuse reporting address at InterCage, and the abuse reporting handle at nLayer. We’ll see what sort of response I get.

One other thing-this isn't the first time Emil Kacperski’s identify has been brought up in regard to blog remark spam. Check out this hyperlink for the story.

Update-in my haste to delete remark spam, I accidently deleted the feedback that went with this publish.

CastleCops responds to trademark troll Leo Stoller

Follow up on the story last week about Leo Stoller, nicely known as a trademark troll, attack on CastleCops over the identify "Castle"-see CastleCops responds to Leo Stoller here.

Dear Mr. Stoller:

I write you on behalf of my clients Paul Laudanski and Computercops, LLC. I have spoken with my purchasers about your earlier correspondence and your allegations that you've rights in the mark "CASTLE." Briefly, we find no basis in your potential opposition and imagine that you're engaging in vexatious, harassing litigation with no goal.

My consumer objects to any further extensions of time for you to file your opposition and will oppose any further delays caused by you or entities you management. 37 CFR § 2.102© states in pertinent part:

Read the remaining and keep tuned for the comply with up as CastleCops’ policy is to maintain the general public informed on these issues.

6/27/2006

Trademark Troll Leo Stoller targets CastleCops

That is sickening really. My good mates at CastleCops are now the goal of a well-known figure, Leo Stoller, who apparently makes a residing doing this sort of thing. (Extortion?) From Wikipedia:

Leo D. Stoller (born c. 1946; cited as "59 years old" in July, 2005 New York Times article) is a self-styled entrepreneur based mostly in Chicago, Illinois who claims rights to a big stock of trademarks and engages in the assertive enforcement of those trademark rights in the United States, threatening infringement action towards individuals and companies who try to infringe these marks, which Stoller refers to as "famous".

Stoller’s companies embrace Rentamark.com, Stealth Industries Inc., S Industries Inc., Sentra Sporting Goods U.S.A., and Central Manufacturing Company. Through these corporations or in his personal name, Stoller has registered trademarks over 25 years including STEALTH, SENTRA, Dark STAR, AIR Frame, TRIANA, STRADIVARIUS, HAVOC, CHESTNUT, TRILLIUM, WHITE LINE FEVER, Fire Power, LOVE YOUR Body etc.

Based on Stoller, a number of massive and small firms have resolved trademark controversies. When approaching infringers, Stoller is reported to document his claims with copies of letters which display capitulation along with his demands. Such letters are stated to be from companies equivalent to KMart, and often marked "Confidential".

Stoller has filed oppositions to others’ trademark purposes with the Trademark Trial and Appeal Board quite a few occasions, and filed purposes for extention of the deadline to file such oppositions even more instances.

Stoller object to using the phrase "Castle". Can you consider that? You may learn the letter CastleCops’ legal professional acquired from Leo Stoller and additional data about Stoller might be seen right here and here. There are five pages (!) of instances listed at the Trademark Trial and Appeal Board Inquiry System site.

CastleCops is a well known safety web site, also the house of anti-phishing effort PIRT, with numerous help in the neighborhood. Here’s what among the CastleCops supporters have mentioned so far. SunbeltBLOG says:

Well, there’s also trademark trolls. And one such fellow is Leo Stoller (BoingBoing calls him a "trademark bully"). Stoller makes cash by suing corporations over using trademarks like "Stealth", "Chestnut" and "Stradivarius".

Obviously, CastleCops is just not inflicting any confusion out there with Leo Stoller’s "Castle Brand Products and Services". All Leo is making an attempt to do is make some money off the laborious-gained efforts of Paul and Robin Laudanski.

BoingBoing wrote final year: Leo Stoller is the jackass who registered a trademark on the word "Stealth" and now has a racket bullying folks into paying him for a "license" to make use of the word (individuals give him small sums of money to get misplaced, though often they sue and get large judgments in opposition to him).

Paperghost at Vitalsecurity has a few alternative words about Stoller, too.

here’s the deal. This guy registers tons of quite bland sounding words as Trademarks, then goes on an uber-offensive towards anyone found utilizing those words, just about no matter context.

Others carrying this story include Microsoft MVP Donna at her Security News Flash and SecuriTeam weblog. The story has been Digged (dug?) with a mention that Stoller went after Google at one time. I suppose you may say this for Stoller-he has balls. But can he make an trustworthy living? It seems like he needs to prey on the little guy and do what I feel quantities to extortion. There’s a 3 web page discussion at BroadbandReports.com and the parents there don't have a excessive opinion of Stoller, what a shock.

Stay tuned as a result of we'll cover this story to the top.

6/19/2006

Spyware fighter beneath assault by trojan from DollarRevenue

In my last weblog post, I wrote about adware/spyware company DollarRevenue and their affiliate program together with why associates like to trash your machines with enormous bundles of adware/spyware. It’$ all concerning the $Money$.

Now one of the best and most revered spyware fighters round is under assault by a trojan from that very similar DollarRevenue group.

Webhelper, whose actual name is Patrick Jordan, Senior Malware Researcher for Sunbelt-Software, has posted this message on his site.

Updated: 19 June, 2006 05:12 PM

As of June 16, 2006, I have been under a DDos assault from a trojan installer that DollarRevenue.com began utilizing which was referred to as from one of many Russian VladZone gangs websites and which with my current internet hosting company, I can't block the attacks which in three days went over 125 Gig in bandwidth utilization of my alloted 200Gig monthly. They're placing url addressess to free web pages designed to load my websites pages as if they were photographs and with the use of a trojan from the VladZone and bundled in DollarRevenue.com infestations, I can not and will not put all my time into preventing teams which were operating since 2003 and authorities all over the world haven't been in a position to stop.

I deliberately did not link to the location in order to conserve bandwidth there.

This isn’t the primary time anti-spyware websites have been attacked by spyware pushers. In 2004 Spywareinfo.com, Tom Coyote’s site and CastleCops were hit by massive DDoS assaults.

5/26/2006

Gimmy some Cash and Dollar Revenue!

Subtitled "of mousepads and keyboards" or "how to cheat your affiliate program".

I’ve been wanting to blog this for a while because some of the most persistent and pervasive adware bundles being found within the wild for the previous couple of months appears to be coming from affiliates of these two packages, GimmyCash! and DollarRevenue. The hyperlinks are to the area registration whois data, to not the actual sites, but the sites appear secure enough if you want to see them.

GimmyCash is an adware company using an associates program to distribute their software program, GimmyGames and GimmySmileys. (Links to area registration data.)

Take a look at the fee construction as seen on the GimmyCash.com site. Click image for bigger picture.

Forty cents per set up within the US and Canada feels like a superb incentive as affililiate programs go. Note the text that says:

You may choose to advertise Gimmycash by:

Software bundles -> combine your software with Gimmy. Advertising our free GimmyGames concept into your site. Advertising our free GimmySmileys concept into your site.

This feels like it’s begging for abuse, Software bundles -> mix your software with Gimmy.

Interestingly sufficient, when downloaded from the Gimmy websites, GimmyGames and GimmySmileys install Zango.

So, what about DollarRevenue? See screenshot for DollarRevenue’s cost structure, but observe there isn't any details about what content material DollarRevenue supplies. Click for larger picture:

The faq page doesn’t enlighten us on that either. All it talks about is how they pay their associates. There is an affiliate settlement however judging on what I’ve seen within the wild, it doesn’t mean a lot. Note the cost is 30 cents per set up within the US. Again, observe the distribution strategies-activeX and:

2) Software bundle (exe) You personal a software application and like to maintain it without cost? DollarRevenue is what you want! You may easily combine your software program applications with the DollarRevenue application and make money with every set up.

Begging for abuse? Just like GimmyCash? Let’s look at what I’ve seen taking place in the wild and what we’re seeing in the spyware help forums. I’ve encountered quite a few installations of DollarRevenue software bundled with any variety of other adware/spyware packages together with what appears to be like like GimmyCash software.

Files named keyboardx.exe (x representing a number), mousepadx.exe and newnamex.exe point out DollarRevenue’s presence as shown in HijackThis logs, click for instance log.

O4 - HKLM..Run: [keyboard] C:windowskeyboard11.exe O4 - HKLM..Run: [mousepad] C:windowsmousepad11.exe O4 - HKLM..Run: [newname] C:newname11.exe

Other information indicating the presence of DollarRevenue are drsmartload.exe, in installer for DollarRevenue and other adware. See CA write up on DollarRevenue. A DollarRevenue set up is often accompanied by a bucket stuffed with different adware together with SurfSideKick, Webhancer, Newdotnet, Command Service, generally with Look2Me, Virtumonde (aka Vundo) and others thrown in for good measure.

So what happened to GimmyCash? HijackThis log strains like this indicate the presence of GimmyGames or GimmySmileys:

O4 - HKLM..Run: [gimmygames] C:windowsgimmygames11.exe O4 - HKLM..Run: [gimmysmileys] C:windowsgimmysmileys1.exe

Analysis of gimmysmilyes.exe here. What’s puzzled me is that I’ve usually encountered the gimmygames.exe and gimmysmiley.exe information in giant infestations together with DollarRevenue and the other purposes listed above, however I’ve never once seen the precise GimmyCash purposes put in throughout an infestation. So, I’m left questioning what the DollarRevenue and GimmyCash affiliates are doing…

Are the GimmyCash associates dishonest by bundling the gimmy information with DollarRevenue and others? Are they getting paid that 40 cents for each obtain of a gimmygames.exe and gimmysmileys.exe file regardless that the appliance are by no means actually put in? If every other spyware researchers have any observations or ideas on this, I’m most fascinated.

At any fee, some affiliates are apparently making lots of 40 cents and 30 cents based on all the complaints, HijackThis logs and studies seen on the net. It’s no surprise associates of these kinds of applications bundle as many pay-per-set up adware applications into one infestation and push them through exploits. It’s all about the money folks, the cash, the moola, the dollar revenue and gimmy cash- nothing else.

180solutions and botnets again

180solutions managed to remain out of the information for a few weeks, but now they're back. Discovered and blogged in living color by Paperghost at VitalSecurity, get the details there. Also blogged by yours truly at SpywareConfidential.

5/5/2006

Spamford Wallace busted and owes $four million

Anyone who’s been reading this weblog for some time may keep in mind that I used to be very concerned preventing the SpyWiper and SpyDeleter assaults on laptop customers that started in late November 2003, and was, in actual fact, considered one of my inspirations for starting this blog devoted to the struggle in opposition to spyware. It additionally spurred me to open my forum the place we helped a lot of people get rid SpyWiper and SpyDeleter. I've a whole blog class on the topic and the scumbags behind it.

The saga isn’t over yet, but a very significant announcement was made yesterday by the FTC.

Court Halts Spyware Operations

One Operator to Pay Greater than $four Million; Another Ordered to Stop Collecting Consumers Personal Information

An operation that deceptively downloaded spyware onto unsuspecting consumers’ computer systems, changing their settings and hijacking their search engines, has been halted by a federal courtroom on the request of the Federal Trade Commission. The decide has ordered the operators to offer as much as greater than $4 million in sick-gotten features. The courtroom also ordered a halt to a different spyware operator’s stealthy downloads and barred the gathering of consumers’ personal data, pending trial.

More:

The FTC alleged that Sanford Wallace and his firm, Smartbot.Net, exploited a security vulnerability in Microsoft’s Internet Explorer’s Web browser to be able to distribute spyware. The spyware caused the CD-ROM tray on computer systems to open after which issued a "FINAL WARNING!!" to computer screens with a message that said, "If your cd-rom drive’s open . . .You DESPERATELY Have to rid your system of spyware pop-ups Immediately! Spyware programmers can management your laptop hardware when you failed to guard your laptop right at this moment! Download Spy Wiper NOW!" Spy Wiper and Spy Deleter, purported anti-spyware products the defendants promoted, bought for $30.

Sanford "Spamford" Wallace has to pay the hefty sum of $4,089,500 in unwell-gotten positive factors and ad-broker Jared Lansky has to pay $227,000 Two different perps in this case have but to be dealt with.

Walt "picklejar" Rines and his company, Odysseus Marketing, have been sued by the FTC as well but the case isn't resolved but. Documents for the case are here.

A revised preliminary injunction has been issued in opposition to Odysseus and Rines. It bars them from downloading spyware without consumers’ consent, and from disclosing, utilizing, or further obtaining consumers’ private info, pending trial. The FTC will ask the courtroom to order a permanent halt to their actions and order them to quit their in poor health-gotten beneficial properties.

Rob Martinson, the proprietor of SpyWiper and SpyDeleter, was added to the case in April of final year.

Through this action, the FTC is searching for to name as further defendants Optintrade, Inc.; Jared Lansky; Mailwiper, Inc.; Spy Deleter, Inc.; and John Robert Martinson. The amended complaint alleges that, on behalf of the Seismic defendants, OptinTrade, Inc., and its principal Jared Lansky disseminated Internet pop-up ads inflicting consumers’ computer systems to be sent to the Seismic defendants’ Web sites, to have their Web browser residence pages changed, and to have spyware and other software program put in without authorization. The amended complaint additionally alleges that Mailwiper, Inc.; Spy Deleter, Inc.; and John Robert Martinson retained the Seismic defendants to unfairly market the purported anti-spyware merchandise, Spy Wiper and Spy Deleter.

I heard from a reliable supply that the FTC is searching for $2 million from Martinson. I’m wanting forward to the decision on Picklejar and Martinson.

4/17/2006

180solutions at it again, this time with a baby porn browser and CoolWebSearch

This is fairly unbelievable, but it’s true, and several other spyware researchers have the evidence. See my write up at Spyware Confidential known as 180solutions sponsors Yapbrowser and… youngster porn?

I can’t wait to hear the 180 spin on this one.

4/6/2006

DirectRevenue’s soiled laundry

Tuesday I blogged at Spyware Confidential concerning the lawsuit in opposition to DirectRevenue by New York State AG Eliot Spitzer and now in the present day, due to Ben Edelman, DirectRevenue’s dirty laundry is out of the closet. More particulars and my feedback right here. Don’t neglect to bring the clothes pin.