It's actually starting to look like WHT. On Wed, Sep 24, 2008 at 1:35 AM, Pedram M <[EMAIL PROTECTED]> wrote:
> > define:nanog > > North American Network Operators Group A membership organization that > provides for the exchange of tecnical information among public, commercial > ... > > I think this conversation should have ended way long time ago. > > My $0.50 cents + $1.00 or $2 > > Regards, > Pedram > > > On Wed, Sep 24, 2008 at 1:29 AM, Russell Mitchell <[EMAIL PROTECTED]>wrote: > >> Hello Mark, >> >> What's YOUR motivation to consistantly attack my company? >> >> What's my motivation to continue working @ InterCage? >> To keep a roof over my family's heads, and to keep them well-fed: >> 1.) Myself >> 2.) My Wife >> 3.) My near 2 year old Son (November) >> 4.) My near 3 week old Daughter (Born Sept. 4th) >> >> It's great that you finally accepted the claim of InterCage being >> associated with the famed "RBN" as being "alledged". >> You've taken the first step into seeing how much BS information has been >> spread out about our company. >> >> Whether you support me in my anti-abuse endeavor or not, as long as you >> get FACTUAL information, I'm happy. >> However someday, I trust you will find and accept the truth about >> InterCage. From what I see now from the claims your making, that day may not >> come soon. >> >> Thank you for your time. Have a great day. >> --- >> Russell Mitchell >> >> InterCage, Inc. >> >> ----- Original Message ---- >> From: Mark Foo <[EMAIL PROTECTED]> >> To: Russell Mitchell <[EMAIL PROTECTED]> >> Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow < >> [EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco < >> [EMAIL PROTECTED]> >> Sent: Wednesday, September 24, 2008 1:14:01 AM >> Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer >> >> Russell: >> >> Oh I got the memo, you'll be getting served one soon too. >> >> I just wonder why you don't consider playing both sides of the fence >> -- with your >> knowledge of who's who in the cyber crime field, you could probably get >> paid >> more as an informant (either to LEO or one of the "Intel" companies than >> whatever you're doing for Emil and (allegedly) the RBN. You can't >> possible >> sleep well knowing what your up to now so I figure it's the money that >> motivates you. >> >> Or, maybe you don't really know anyone, you just respond to their demands >> and >> they end up with all the money, pr0n chicks, etc. Doesn't that bother >> you -- don't >> you want more? >> >> Plus, no one would know you were pulling two pay checks -- you manage >> systems >> on one side and pass info to the other. It's actually fairly simple -- >> maybe you already >> know this ;). >> >> If not, please explain this: >> >> http://www.spamhaus.org/news.lasso?article=636 >> >> Without exception, all of the major security organizations on the >> Internet agree that the 'Home' of cybercrime in the western world is a >> firm known as Atrivo/Intercage, based in California. We ourselves have >> not come to this conclusion lightly but from many years of dealing >> with criminal operations hosted by Atrivo/Intercage, gangs of >> cybercriminals - mostly Russian and East European but with several US >> online crime gangs as well - whose activities always lead back to >> servers run by Atrivo/Intercage. We have lost count of the times we >> have tracked a major virus botnet's "command and control" to >> Atrivo/Intercage servers, readers can view here some of the current >> and historic SBL records for Atrivo for a taste of what has been >> happening in this network. At almost every Internet security >> conference, or law enforcement seminar on cyber-crime, a presentation >> will detail some attack, exploit, phish or financial crime that has >> some nexus at Atrivo/Intercage. >> >> The person who runs Atrivo/Intercage, Emil Kacperski is an expert at >> playing the "surprised janitor", unaware of every new criminal >> enterprise found on his servers and keen to show he gets rid of some >> criminals once their activities on his network are exposed. His >> Internet hosting career first came to the attention of most anti-abuse >> organizations when he pinched (or 'purchased stolen goods' as he put >> it) and routed an unused block of 65,536 IP addresses belonging to the >> County of Los Angeles. >> >> Spamhaus has dealt with over 350 incidents of cyber-crime hosting on >> Atrivo/Intercage and its related networks in the last 3 years alone, >> all of which involved criminal operations such as malware, virus >> spreaders and botnet command and control servers. Malware found by >> Spamhaus on Atrivo/Intercage/Cernel/Hostfresh just in the last few >> months included the Storm Worm installer and controller and a MySpace >> spambot amongst others. Spamhaus currently sees a large amount of >> activity related to malicious software and exploits being hosted on >> Atrivo/Intercage which include DNS hijack malware, IFRAME browser >> attacks, dialers, pirated software websites and blatantly criminal >> services. >> >> We assume that every law enforcement agency with a cyber-crimes >> division has a dossier bursting at the seams on Atrivo/Intercage and >> its tentacles such as Esthost, Estdomains, Cernel, Hostfresh. The only >> question on everyone's mind is which agency will beat the others to >> shutting the whole place down and indicting the people behind it. >> Because if shut down, one thing is certain: the amount of >> malware-driven crime on the Internet would drop overnight as >> cyber-criminals rush to find a new crime-friendly host - difficult to >> find in the US, as Atrivo/Intercage is one of the very few remaining >> dedicated crime hosting firms whose customer base is composed almost, >> or perhaps entirely, of criminal gangs. More importantly, millions of >> Internet users currently being targeted by the malware gangs operating >> from Atrivo/Intercage will be, for a while, safer. >> >> Perhaps one may be wondering about the costs of hosting at >> Atrivo/Intercage or how to sign up? Well, don't expect to find this >> information at the company's websites as they were empty for years and >> for the last year have just shown "Website Coming Soon." >> >> http://www.atrivo.com => "InterCage, Inc.. INTENSE SERVERS. Website >> Coming Soon:" >> Last Updated: Thursday, September 06, 2007 4:32:59 PM >> >> http://www.intercage.com => "InterCage, Inc. INTENSE SERVERS. >> Website Coming Soon:" >> Tuesday, September 04, 2007 6:45:52 PM >> >> At one time after being asked, "how on earth does your company get >> business?" an Atrivo/Intercage representative coyly said, "by word of >> mouth." That seems to be quite obvious. >> >> >> >> >> On Wed, Sep 24, 2008 at 12:45 AM, Russell Mitchell <[EMAIL PROTECTED]> >> wrote: >> > Hello Mark, >> > >> > It really seems YOU _DID_ miss the memo. >> > I think that since no one else is responding to your non-sense, there is >> no reason for me to either. >> > >> > If you have something accurate to say, I'll be happy to listen. >> > Until then, there's not much I can say. There's no sense in repeating >> myself. >> > --- >> > Russell Mitchell >> > >> > InterCage, Inc. >> > >> > >> > >> > ----- Original Message ---- >> > From: Mark Foo <[EMAIL PROTECTED]> >> > To: Russell Mitchell <[EMAIL PROTECTED]> >> > Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow < >> [EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco < >> [EMAIL PROTECTED]> >> > Sent: Wednesday, September 24, 2008 12:27:50 AM >> > Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer >> > >> > Russell: >> > >> > Ferg was just being coy -- what you don't understand is there are about >> 3 other >> > security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law >> > Enforcement might not take action against you (but appear to be >> interested now), >> > but the community can. GET OFF THE NET WITH YOUR MALWARE! >> > >> > You mistake me for someone who believes you pack of lies! Don't you >> > understand each >> > time you post to this list gives those of us who know the opportunity >> > to post MORE EVIDENCE >> > of your MALWARE? >> > >> > You disconnected Hostfresh and think that's the extent of your cimes? >> > Gimme a break. >> > Only those who are easily socially engineered would believe your >> > pathetic claims of innocence. >> > You've BEEN HOSTING MALWARE since 2003 -- SEE Nanog post: >> > >> > Re: The in-your-face hijacking example >> > http://www.irbs.net/internet/nanog/0305/0038.html >> > >> >> Let me know if there's anything else you'd like me to state to the >> public. >> > >> > Answer Ferg's question -- Why are you moving to CERNAL? Do you think >> this >> > is going to work? That's just another of Emil's networks. >> > >> >> We're on a rocky road right now. But it IS starting to smooth out. >> > >> > That's just the calm before the storm. >> > >> > Go ahead and post a response to each of these allegations: >> > >> > Cybercrime's US Hosts >> > http://www.spamhaus.org/news.lasso?article=636 >> > >> > Report Slams U.S. Host as Major Source of Badware >> > >> http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html?nav=rss_blog >> > >> > A Superlative Scam and Spam Site Registrar >> > >> http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html?nav=rss_blog >> > >> > ICANN cast as online scam enabler >> > http://www.theregister.co.uk/2008/09/03/cyber_crime_reports/ >> > >> > 'Malware-friendly' Intercage back with the living >> > http://www.theregister..co.uk/2008/09/24/intercage_back_online/ >> > >> > >> > >> > >> > >> > >> > >> > >> > On Tue, Sep 23, 2008 at 11:50 PM, Russell Mitchell <[EMAIL PROTECTED]> >> wrote: >> >> >> >> Hello John Doe, >> >> >> >> I welcome any further comments you have. >> >> We have to get past people such as yourself, and your blasphemous and >> false statements. >> >> >> >> This is the same issue with the recent media and self-proclaimed >> "Security Researchers". Fly-by-night mind you. >> >> >> >> To help you out in your claims: >> >> Yes, we did house a client whom had quite a run with their client's >> from various locations, such as Russia. >> >> That Client is no longer hosted on our network. I myself spent all of >> monday afternoon, night, and tuesday morning shutting off EVERY machine they >> had leased in our Billing System. I'm currently working to scan further and >> see if there's anything I may have missed. >> >> >> >> Yes, Russia is very well known for Virus and Malware writer's. >> >> >> >> Yes, we have had issues with malware distribution from our network. >> >> This was directly and near singularly related to the former client of >> ours. We did have another client, Hostfresh, whom had their share of malware >> issues. >> >> >> >> Both have been completely and effectively removed. The server's leased >> to both of them have been canceled, and their machines have been shutoff. >> >> >> >> Let me know if there's anything else you'd like me to state to the >> public. >> >> We're on a rocky road right now. But it IS starting to smooth out. >> >> >> >> Thank you for your time. Have a great day. >> >> --- >> >> Russell Mitchell >> >> >> >> InterCage, Inc. >> >> >> >> >> >> >> >> ----- Original Message ---- >> >> From: Mark Foo <[EMAIL PROTECTED]> >> >> To: Bruce Williams <[EMAIL PROTECTED]> >> >> Cc: Christopher Morrow <[EMAIL PROTECTED]>; nanog@nanog.org; >> Joe Greco <[EMAIL PROTECTED]> >> >> Sent: Tuesday, September 23, 2008 11:08:21 PM >> >> Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer >> >> >> >> NANOG: >> >> >> >> Look, the people posting here who are trashing Intercage are pure >> security >> >> analysts -- they >> >> know and understand the evil that is Intercage. STOP TRYING TO ASSIST >> >> INTERCAGE >> >> -- you are effectively aiding and abetting the enemy. >> >> >> >> Intercage/Atrivo hosts the malware c&c botnets that DDoS your systems >> and >> >> networks. >> >> >> >> Intercage/Atrivo hosts the spyware that compromises your users' >> passwords. >> >> >> >> Intercage/Atrivo hosts the adware that slows your customers' machines. >> >> >> >> Don't take my word for it, DO YOUR OWN RESEARCH: >> >> http://www.google.com/search?hl=en&q=intercage+malware >> >> >> >> You don't get called the ***American RBN*** for hosting a couple bad >> >> machines. They >> >> have and will continue to host much of the malware pumped out of >> America. >> >> THEY >> >> ARE NOT YOUR COMRADES.. >> >> >> >> These people represent the most HIGHLY ORGANZIED CRIME you will ever >> >> come across. Most people were afraid to speak out against them until >> this >> >> recent ground swell. >> >> >> >> This is the MALWARE CARTEL. GET THE PICTURE? >> >> >> >> Many links have been posted here that prove this already -- instead of >> >> asking >> >> what customers they cut off, let them show WHAT CUSTOMERS ARE LEGIT-- >> >> because there are NONE. >> >> >> >> >> >> >> >> >> >> >> >> > >> I would suggest a different Step 1. Instead of killing power, >> simply >> >> > >> isolate the affected machine. This might be as simple as putting >> up a >> >> > >> firewall rule or two, if it is simply sending outgoing SMTP spam, >> or >> >> > > it's probably easiest (depending on the network gear of course) to >> >> > > just put the lan port into an isolated VLAN. It's not the 100% >> >> > > solution (some badness rm's itself once it loses connectivity to >> the >> >> > > internets) but it'd make things simpler for the client/LEA when >> they >> >> > > need to figure out what happened. >> >> > > >> >> > > -chris >> >> > > >> >> > > >> >> > >> >> > >> >> >> >> >> >> >> >> >> >> >> > >> > >> > >> > >> > >> > >> >> >> >> >> >> >> >
