WHOIS Inaccuracy Study Session @ ICANN Brussels

June 23, 2010

Session; NORC study; KnujOn Response to NORC study; Who is Blocking WHOIS?; KnujOn Registrar Audit;

Our Findings

For Web-based WHOIS access:

• 11 Registrars have "look up" service instead of WHOIS
• 8 have clearly non-working engines or direct the visitor to some other WHOIS service
• A Technology Co(Namesystem.com) is manipulating it's own WHOIS record, returns: "Sorry Domain does not exist", and since we've published our report they pulled their port 43 offline completely. Note, this was ONLY for their domain name, all other queries worked.

• 30 Registrars have bad, inconsistent service
• 55 would not reveal their WHOIS address
• 6 gave us inaccurate data or the email to them was rejected. One Registrar, Domain Factory, said they were not a Registrar

• Namescout and Network Solutions refused to offer the service

  Network Solutions does not sell bulk access to the Whois. Sincerely, Network Solutions Partner Program

  Thank you for contacting [NameScout] Customer Service. Unfortunately we don't offer this service.

• eNom, Dotster, and Moniker did not respond to our request for information and price for bulk download

• Registrars are restoring or maintaining domains beyond the 45 day period of being inaccurate.
• 10 Registrars have false WHOIS for their own website domains

eNom plays weak hand against KnujOn

June 22, 2010

eNom (Demand Media) has issued a weak and irrelevant response to the KnujOn Registrar Audit. This response is actually the first time eNom has responded to any of our concerns about illicit pharmacy domains they sponsor, and they were initially sent comprehensive data six months ago. It is important to note that eNom does not refute any of our facts in the report concerning their sponsorship of illicit and illegal pharmacies linked to organized crime and dealing in diverted and counterfeit drugs all without prescription. Instead, they have responded with personal ad hominem attacks which are factually incorrect and border on slander. It is a common tactic, if you cannot challenge the data attack the author. This is Senior Vice President of Demand Media Quinn Daly's comment about KnujOn: " KnujOn is an individual whose research has been called into question in the past." KnujOn is a company not an individual, and Ms. Daly does not provide a single example of what she claims. This is their characterization of LegitScript: " LegitScript is a pharmacy trade organization." Wrong. This implies that LegitScript works for pharmacy groups. LegitScript works for the consumer to ensure that online pharmacies are safe. The idea that Ms. Daly completely dismissed LegitScript demonstrates eNom's lack of concern about rampant criminality occurring in their space and their lack of concern for the Internet consumer. This is at the heart of our issue with eNom, they don't care.

Ms. Daly also states: "We cooperate with multiple law enforcement agencies, as this is our policy and meets ICANN requirements." Not only is this wrong, because they have ignored letters from the National Association of Boards of Pharmacy (NABP), which is the regulatory enforcement body for pharmacies, but the last portion about eNom's policy meeting ICANN requirements sounds as if this is their only concern and crime can exist in their space as long as it does not break ICANN policy. Additionally, their sponsorship of illicit pharmacies DOES violate ICANN policy.

The statement is also self-contradictory. In one sentence they dismiss LegitScript and KnujOn out of hand, and in another Ms. Daly states "We can confirm that we received the complaint issued by LegitScript and KnujOn, and the complaint is currently under review." Why? If our reports are irrelevant, why bother reading them? The fact that they are just now reading the notices after six months only because of recent publicity is extremely cynical.

The idea that they have to be "told by the police" to remove an illegal domain they know is illegal is ridiculous. This response may violate the law because they are admitting they know about illegal activity but will not take action and not report the illegal activity themselves. eNom is now in the odd position of using policy to preserve the illicit pharmacies. This response also violates their contract with ICANN because their contract obligates them to "abide by applicable laws and governmental regulations." This is a condition of the contract, it does not say anything about court orders or notifications from law enforcement.

This story is ongoing...

KnujOn Releases Internet "Doomsday Book"

June 21, 2010

Reporting from Brussels, Belgium ahead of the ICANN conference starting Monday and KnujOn has a critical report set to be released at the opening. Since January KnujOn has been conducing its own audit of Registrar contractual compliance and our findings are shocking. Among them:

• 162 Registrars may be in breach of the RAA, several of them seriously so
• Some Registrars are knowingly facilitating illicit drug traffic on the Internet
• As stated in our recent release, Who is Blocking WHOIS? http://www.circleid.com/posts/who_is_blocking_whois, over 80 Registrars are blocking, hiding or just providing poor WHOIS access
• Several Registrars have bad WHOIS for their own websites
• We've caught Registrars flat-out refusing services they're contracted to perform
• Several Registrars have not posted required customer policies on their websites
• There are a dozen or so terminated Registrars still selling gTLD and claiming ICANN accreditation
• As you may be aware, the Registrars have developed tools that help trademark infringement. We link these cases to criminal activity as well.
And much more.

LegitScript challenges 60 fraudulent .NAME Internet pharmacies

June 17, 2010

This week, LegitScript challenged several hundred domain name registrations used by Rogue Internet pharmacies. One of the interesting dimensions to this week’s suspension requests was a new focus on 60 .NAME domains. What makes .NAME domains unique and interesting? Unlike .com, .info or any other domain names, .NAME domains are only supposed to be used for “Personal Names” (e.g., johnsmith.name or amandajones.name). Indeed, ICANN has imposed that requirement, and Registrars are supposed to adhere to it. (legitscript.com)

BING Drops Fake Pharmacy Ads

June 10, 2010

The National Association of Boards of Pharmacy announced today that bing.com, Microsoft’s decision engine, will now require Internet pharmacies and any other website that facilitates the sale of prescription drugs to be accredited by the NABP as part of its Verified Internet Pharmacy Practice Sites (“VIPPS”) program. In February, Google updated its ad policy, becoming the first search engine to require VIPPS accreditation for all Internet pharmacy advertisers. LegitScript assists Google in implementing the updated policy by monitoring sponsored search results for ads that violate Google’s policy. (legitscript.com)

Last year we reported on this issue heavily. We are glad Microsoft has changed its policy.

GoDaddy Hack Hits KnujOn

June 9, 2010

Today an alert KnujOn member informed us of an attempt to redirect the browser to a site that tried to download malicious software and load a "scareware" site selling fake anti-virus software. KnujOn techs immediately located the infected page and disabled it. We analyzed the code and it. The encrypted insertion tries to load this string of Base64:

PHNjcmlwdCBzcmM9Imh0dHA6Ly9jbG91ZGlzdGhlYmVzdG5vdy5jb20va3AucGhwIj48L3NjcmlwdD4

Which decoded is: cloudisthebestnow[DOT]com

We have filed complaints against this site, which is sponsored by the problem Registrar BIZCN, and their NameServer, OKLAHOMACITYCOM.COM.

We were not the only ones hit, according to sucuri.net GoDaddy customers were hacked on a massive scale at the server-level. This was not a targeted attack on KnujOn. More information as it arrives.

WordPress-based, GoDaddy-hosted websites hacked(net-security.org)

BP Buys Top Google Result for “Oil Spill”

June 8, 2010

BP has purchased sponsored links that appear at the top of Google and Yahoo’s search results for terms like “oil spill” in its attempts to improve its public image in the wake of its massive oil spill in the Gulf of Mexico. (mashable.com)

Who is Blocking WHOIS?

June 7, 2010

On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. WHOIS is a critical resource that makes the Internet function the way it is expected to. It is also at tool of consumer trust and investigation. Without Port 43 access ICANN's WDPRS compliance system does not work. The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. Fake WHOIS records are typically initiated by the registrant and only technically become the Registrar's problem after a complaint is filed. The issue of blocking access to the WHOIS record is strictly the province of the Registrar. (circleid.com)

Who is Blocking WHOIS?

June 6, 2010

For a period 71 days KnujOn tested the Port 43 WHOIS accessibility of each unique Registrar, we did not test multiple accreditations held by the same companies and only tested once per day to avoid being blacklisted. Our findings were disappointing with 27 Registrars having major or regular Port 43 outages. More troubling 60 Registrars would not disclose their Port 43 location. In most cases the Port 43 is logically located at WHOIS.[REGISTRARDOMAIN].[TLD], for example “whois.networksolutions.com” for NetworkSolutions. Sometimes it is located at a different domain as in the case of Xin Net, the Port 43 is hosted at whois.paycenter.com.cn. In most cases we were able to find alternate Registrar WHOIS locations easily but for scores of them we had to ask the Registrar. A handful quickly responded with the correct location, but most never responded, and in a few cases our email was rejected from the ICANN-listed Registrar contact email. A small minority wanted to know why we were asking, but we logged this as non-response since the RAA does allow for Registrar discrimination in the access to WHOIS. Registrars who only failed once during the study period were treated the same as ones that never failed since minor interruptions in service are to be expected, the focus of this study is to determine if Registrars have frequent or persistent Port 43 issues.

Marcaria.com International, Inc. was the worst, their Port 43 WHOIS worked at beginning of test period and stopped responding on March 30 for a total of 14 successful days out of 71. That Darn Name, Inc., which became intrustdomains.com during the test period, had serious regular outages only responding a total of 38 days, slightly more than a 50% success rate. South America Domains Ltd. dba namefrog.com also started off ok but ceased responding after 46 days on May 10.

OnlineNIC had the worst record in terms of consistency, failing 25 times, intermittently during the study period making their reliability about 65%. OnLineNic was in fact worse during the study period than Alantron, which received a breach notice for failing to consistently provide Port 43 service(http://www.icann.org/correspondence/burnette-to-acir-16apr10-en.pdf) as recorded by KnujOn for at least 12 days during the study period. In addition to OnlineNIC being worse than Alantron during this period, World Biz Domains had the exact same Port 43 record responding only 79% of the time. The following is a chart of all Registrars who had regular failures or less than perfect performance.

Registrars who did not respond to our inruiry for a Port 43 location
21Company, Inc. dba 21-domain.com, Hu Yi Global Information Resources (Holding) Company, Abansys & Hostytec, S.L., 1st Antagus Internet GmbH, AOL LLC, Aruba SpA, Aust Domains International Pty Ltd dba Aust Domains, Inc., Brights Consulting Inc., Service Development Center of the Service Bureau, China Springboard, Inc., Cronon AG Berlin, Niederlassung Regensburg, AllGlobalNames, S.A. dba Cyberegistro.com, VocalSpace LLC dba DesktopDomainer.com, Digitrad France, Samjung Data Service Co., Ltd, Netdorm, Inc. dba DnsExit.com, French Connexion dba Domaine.fr, Domain Jamboree, LLC, Domain Monkeys, LLC, Webagentur.at Internet Services GmbH d/b/a domainname.at, DomainRegistry.com Inc., DomainSpa LLC, Ledl.net GmbH dba: Domaintechnik.at, DotArai Co., Ltd., Gee Whiz Domains, Inc., Hetzner Online AG, Digirati Informatica Servicos e Telecomunicacoes LTDA dba Hostnet.com, Hostway Services, Inc., ID Genesis, LLC, Instra Corporation Pty Ltd., Interdomain S.A., Intermedia.NET, Inc., InterNetworX Ltd. & Co. KG, Internet Solutions (Pty) Ltd., FBS Inc., iWelt AG, Key-Systems GmbH, Launchpad, Inc., Advantage Interactive Ltd., Add2Net Inc., Planete Marseille SARL dba MailClub, Melbourne IT DBS, Inc., M. G. Infocom Pvt. Ltd. doing business as MindGenies, Nameshield, New Great Domains, Inc., GMO Internet, Inc. d/b/a Discount-Domain.com and Onamae.com, Porting Access B.V., AB RIKTAD, Sedo.com LLC, Simply Named Inc. dba SimplyNamed.com, Domain Services Rotterdam BV, UK2 Group Ltd., HooYoo (US) Inc., Verelink, Inc., Web Business, LLC, Xiamen ChinaSource Internet Service Co., Ltd

Woman sues Google over Utah walking directions

June 5, 2010

SALT LAKE CITY—A pedestrian injured by a motorist while following an online route has filed a lawsuit claiming Google Inc. supplied unsafe directions. Lauren Rosenberg filed a lawsuit on Thursday seeking more than $100,000 in U.S. District Court in Utah. It also named a motorist she says hit her. Rosenberg used her phone in January to download directions from one end of Park City to the other. Google Maps led her to a four-lane boulevard without sidewalks that was "not reasonably safe for pedestrians," according to the lawsuit filed by the Northridge, Calif., resident. (boston.com)

As the Sun Awakens, Communication can be Knocked Out

June 4, 2010

The National Academy of Sciences framed the problem two years ago in a landmark report entitled "Severe Space Weather Events—Societal and Economic Impacts." It noted how people of the 21st-century rely on high-tech systems for the basics of daily life. Smart power grids, GPS navigation, air travel, financial services and emergency radio communications can all be knocked out by intense solar activity. A century-class solar storm, the Academy warned, could cause twenty times more economic damage than Hurricane Katrina. (nasa.gov)

iRipoff? First iPad Knock-Off Goes On Sale

June 2, 2010

Knock-offs of Apple's iPad are starting to hit the Chinese market, including a model called -- no fooling -- the iPed. According to a report on the Japan News Network (JNN), the cheaper alternative device is manufactured by a company called Orphan Electronics. The gadget was released over the weekend, and reportedly runs version 1.5 of Google's Android operating system rather than the Apple iPhone OS. (foxnews.com)

Google Ditches Microsoft's Windows Over Security Issues, Report Claims

June 1, 2010

Google employees are slamming Microsoft's Windows operating system, claiming security vulnerabilities in the OS left the company open to Chinese hackers in January 2010, a new report says. According to the Financial Times, Google will ditch the internal use of Windows in exchange for alternative operating systems including the Mac OS, Linux, and Google's own forthcoming Chrome OS operating system. (pcworld.com)

4Chan Man Gets Year in Prison for Cyber Attack on Scientology

May 28, 2010

LOS ANGELES — A Nebraska man has been sentenced to a year in federal prison for his role in a cyber attack on the Church of Scientology's websites two years ago. Brian Thomas Mettenbrink, of Grand Island, Neb., was also ordered Monday to pay $20,000 in restitution and serve a year on supervised release after he gets out of prison. (foxnews.com)

Various Stories of Interest

May 27 , 2010

Internet Crunch 2012(cnn.com)
Feds bust child porn social networking site(foxnews.com)
iphone factory suicides(foxnews.com)
Man Charged with conning millions into bogus anti-virus software(foxnews.com)
Hackers Control BP Twitter Feed(foxnews.com)
DOJ questions Apple's business practices involving digital music(cnn.com)
In e-mail age, still nothing like a handwritten letter(cnn.com)

Cops Charge Man for Youtube Post

May 26, 2010

Maryland State Police charge a motorcyclist in connection with videotaping a traffic stop, then posting it on YouTube. [Video] (cnn.com)

ISP slapped with $807,000 fee for 'groundless' spam case

May 25, 2010

An internet service provider that has brought more than 20 lawsuits alleging spam abuses has been ordered to pay one of the defendants almost $807,000 for filing "groundless claims" that mired the company in years of costly litigation. (theregister.co.uk)

"Three strikes" Policy in Ireland

May 24, 2010

"Three strikes" will start striking out the Irish today. The Irish Times reports that one of the largest ISPs in the country, Eircom, has agreed to process 50 content industry complaints each week, and to disconnect users who rack up three complaints. (arstechnica.com)

'Everybody Draw Mohammed' Page Briefly Vanishes Due to Facebook Glitch

May 21, 2010

The original "Everybody Draw Mohammed Day!" Facebook page -- with more than 80,000 followers -- vanished briefly from the website Thursday, causing some users to accuse the social networking giant of censorship before the controversial page reappeared on the site.(foxnews.com)

Pakistan Widens Online Ban to Include YouTube

May 20, 2010

ISLAMABAD, Pakistan — Pakistani authorities broadened what started as a ban on a social networking site on Thursday, blocking YouTube and about 450 individual Web pages over what they described as “growing sacrilegious content.” (nytimes.com)

following the money part II

May 19, 2010

A leading Russian politician has accused a prominent Moscow businessman of running an international spam and online pharmacy operation while serving as an anti-spam adviser to the Russian government. Russian investigators now say they plan to create a special task force to look into the allegations. In an open letter to investigators at the Ministry of Internal Affairs (MVD) of the Russian Federation, Ilya V. Ponomarev, a deputy of the Russian State Duma’s Hi-Tech Development Subcommittee, in March called for a criminal inquiry into the activities of one Pavel Vrublevsky, an individual I interviewed last year in an investigative report on rogue security software (krebsonsecurity.com)

Fake Rx Site Uses Image of Gen. Wesley Clark

May 18, 2010

In an unusual case of celebrity identity theft an illicit online pharmacy is using an image of retired U.S. Army general and former Democratic Presidential canidate Wesley Clark that has apparently been lifted from his employee photograph at WaveCrest Labs when he was installed as chairman in 2003 (See original Photo).

Bogus online pharmacies frequently use stock images and images lifted from other websites, but in this case we can only guess that the pharmacy claiming to be in Arizona but really in The Ukraine selected it because it looked good and not for any specific association with General Clark. But, it tells us no one is safe, not even the former NATO commander.

Steve Jobs vs Porn

May 17, 2010

Valleywag's Ryan Tate had one too many drinks the other night and while he was watching 30 Rock a particular Apple iPad ad sent him over the edge. The following is an e-mail exchange between Tate and Jobs. The gist being that Steve and co. are only trying to protect our freedom against porn. And Flash. It's interesting to see how candid Jobs is about the closed nature of the iPhone OS. Tate: If Dylan was 20 today, how would he feel about your company? Would he think the iPad had the faintest thing to do with “revolution?” Revolutions are about freedom. Jobs: Yep, freedom from programs that steal your private data. Freedom from programs that trash your battery. Freedom from porn. Yep, freedom. The times they are a changin', and some traditional PC folks feel like their world is slipping away. It is. Tate: Honest, my MacBook Pro 13 battery holds up fine against Flash. The battery is boos. So is my iPad battery. I'd rather have Wired magazine app that some interactivity rather than one that is a glorified PDF. So why not? Just because Adobe tried to f*ck you guys in the late 90s? It's not a question of pure Cocoa vs. Flash cross compile. It's a question of weak content in an approved wrapper vs. something interactive that happens to be cross compiled by Adobe. And you know what? I don't want “freedom from porn.” Porn is just fine! And I think my wife would agree. Jobs: "Wired is doing a native Cocoa app. So is almost every publisher. And you might care more about porn when you have kids… They then go back and forth about which programming language publishers should use to create interactive versions of their respective magazines. Tate hates TIME but loves Wired and so on."

And then there was this from Jobs to Tate: "By the way, what have you done that's so great? Do you create anything, or just criticize others work and belittle their motivations?" (techland.com)

Why is canadianhealthcaremall[DOT]net still online?

May 16, 2010

On December 23, 2008 the National Boards of Pharmacy issued a letter to eNom(care of Sarah Akhtar Cooper) expressing concern over their continued sponsorship of illegal online pharmacies. A copy of the letter may be found at http://www.legitscript.com/download/NABP-Letter-to-eNom.pdf

Subsequently, it was confirmed with the Pharmacy Boards of Manitoba, Minnesota, Ontario, Quebec, and Texas that the “pharmacy licenses” posted by the eNom-sponsored domains were forgeries. It is important to understand that local pharmacy boards are the primary regulatory bodies in this area. Notices of the forgeries were also sent to eNom.

Most troubling, investigators were able to purchase drugs from an eNom-sponsored domain without a prescription. The drugs were shipped into the United States from India, which is illegal. The site in question is canadianhealthcaremall[dot]net and presents additional problems. Canadianhealthcaremall[dot]net uses a WHOIS privacy protection service. This practice was recently called “material falsification” by a 9th Circuit Court Judge in the decision of US v. Kilbride (http://www.ca9.uscourts.gov/datastore/opinions/2009/10/28/07-10528.pdf). Regardless of your views on WHOIS, it is clear this is being used to mask criminal activity.

eNom received a request to terminate canadianhealthcaremall[dot]net and 3000 other unlicensed pharmacy domains on December 1, 2009. The full report, along with all relevant letters from pharmacy regulators, were made public last week. However, as of this writing, eNom has not responded or complied with the requests.

From our perspective it would appear that eNom is in grave violation of Registrar Accreditation Agreement Section 3.7.2: “Registrar shall abide by applicable laws and governmental regulations.” In this case the pharmacy boards are the appropriate government regulators.

NABP Member Boards Help LegitScript Shut Down Rogue Sites

May 14, 2010

Supported with evidence from NABP members, including two state boards of pharmacy and three Canadian pharmacy regulatory agencies, LegitScript notified 16 domain name registrars that rogue Internet pharmacies were using their services. The Minnesota Board of Pharmacy and the Texas State Board of Pharmacy provided proof of forged pharmacy licenses displayed by certain rogue sites, as did the following Canadian regulatory agencies: the Ontario College of Pharmacists, the Manitoba Pharmaceutical Association, and the Quebec Order of Pharmacists. In response to LegitScript’s letters and documentation, which also included proof that sites were selling prescription drugs without a valid prescription, 11 of the registrars suspended service to the Web sites in question. Five other registrars were either noncompliant and did not shut down services to rogue Internet drug sites or were partially noncompliant. A LegitScript report (PDF) includes information on these registrars. (nabp.net)

U.S. airport security officers targeted in ID theft

May 13, 2010

A federal grand jury accused Michael Derring, 48, and Tina White, 47, on Wednesday of conspiracy and aggravated identity theft, alleging they stole personal information including the Social Security numbers of dozens of TSA workers at Boston's Logan International Airport. (reuters.com)

7 Things to Stop Doing Now on Facebook [consumerreports.org]

May 12, 2010

Using a Weak Password, Leaving Your Full Birth Date in Your Profile, Overlooking Useful Privacy Controls, Posting Your Child's Name in a Caption, Mentioning That You'll Be Away From Home, Letting Search Engines Find You, Permitting Youngsters to Use Facebook Unsupervised(yahoo.com)

Internet Drug Rings & Their 'Killer' Online Pharmacies

May 10, 2010

Rogue online pharmacies ("fake pharma") are one of the worst forms of criminal activities on the Internet. They prey on the sick, hide behind false identities and false certifications, and provide the basis for most of the spam in the world. Worst of all, there is a 50 percent chance the drugs you receive are fake, which can and does kill people. Sadly, if you simply Google “deaths caused by fake online pharmacies” and set the search for, say, the last month, you will gain around 200,000 results. One harrowing account describes a young woman’s death in the UK due to fake prescription drugs bought online. (internetevolution.com)

Rogue pharmacies turning to Twitter to peddle drugs

May 9, 2010

A Canadian website classified as a rogue online pharmacy by LegitScript is using Twitter to advertise medicines, indicating the battle against the illegal medicines trade must also be fought on social media platforms. In a news alert citing a blog on The Guardian newspaper's website, the Partnership for Safe Medicines reports that Canadian-Drugshop.com has set up a Twitter account called '@canadianshop' to offer prescription-only medicines for sale, linking directly to pricing and ordering pages. (securingpharma.com)

U.S. Internet Registrars Continue To Host Phony Online Pharmacy

May 7, 2010

How a major fake online pharmacy out of Russia is able to continue selling drugs despite evidence of criminal operations. Not even a letter from a national pharmacy licensing board identifying a license on EvaPharmacy's Website as fake could pressure a handful of domain registrars some in the U.S. to cut off their paid services to the phony pharmacy, which sells drugs like Viagra and OxyContin without a prescription. A new report, published today by Internet pharmacy verification organization LegitScript, gives the inside story on how Russia-based EvaPharmacy which until recently encompassed more than 8,000 online pharmacies has remained afloat for so long, despite efforts to expose its illegal activities. LegitScript and antifraud organization KnujOn during the past five months sent 16 domain registrars evidence that their services were being abused by phony pharmacies. The evidence included verifications that the sites' licenses were fake and screenshots demonstrating how the sites were selling prescription drugs without a prescription. (darkreading.com)

When Registrars Look the Other Way, Drug-Dealers Get Paid

May 6, 2010

Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not. The issues were explained in detail here on CircleID in: What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Online Drug Traffic and Registrar Policy, and Internet Drug Traffic, Service Providers and Intellectual Property. Registrar issues were also voiced by other authors here like Statton Hammock Domain Registrars & Registries: Don't Say You Weren't Warned.

With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. The shadowy network claims to be located in the U.S. but is actually run from Russia and uses multiple layers of fraud to mask its illegitimacy. The fraud in question has been clearly documented, not just by LegitScript and KnujOn but by the Pharmacy Boards of Manitoba, Minnesota, Ontario, Quebec, and Texas. All issued letters to the non-complaint Registrars explaining that the pharmacy licenses being used were forgeries.

Additionally, eNom (DemandMedia) received a letter from the National Association of Boards of Pharmacy (pdf) indicating that domains sponsored by them posted fake pharmacy licenses. Investigators were able to order drugs without a prescription from an illicit eNom-sponsored site without a prescription. The drugs were shipped into the United States from India, which is illegal also. At the time of this writing, the domain is still actively selling drugs (canadianhealthcaremall[DOT]net). The domains in question also have their WHOIS records concealed by a privacy service, a practice called "Material Falsification” by 9th Circuit Judge. Beyond the obvious legal and moral issues, this could be a material breach of eNom's contract with ICANN, as the Registrar Accreditation Agreement requires Registrars to follow all laws and government regulations. Unfortunately, ICANN has been strangely silent on this issue. ICANN was issued all preliminary documents concerning EvaPharmacy and the Registrars months ago but has not responded in meaningful way as of yet.

The good news is that most Registrars worked with us to shut the networks down. 11 Registrars including Godaddy, Directi, and Network Solutions all did their part to bring EvaPharmacy down. Five others including eNom still sponsor these sites. This is the key, cybercrime only profits with the tacit support of the Internet Industry. Remember this when you get your next piece of spam or malware.

None of this is speculation of hypothesis, it is all documented fact. The entire report can be downloaded and read here: http://legitscript.com/download/Rogues-and-Registrars-Report.pdf. (circleid.com)

Fake Pharmacy Licenses, No-Prescription Meds OK with Internet Companies, LegitScript Reports

May 5, 2010

Study blasts eNom, four other Registrars as 'safe havens' for rogue online pharmacies PORTLAND, Ore., May 4 /PRNewswire/ -- A new report identifies five Internet companies, including Bellevue-based eNom, providing domain name registration services to "rogue" Internet pharmacies that display fake pharmacy licenses or sell prescription drugs without a prescription. Between December 2009 and April 2010, Internet compliance firms LegitScript and KnujOn provided sixteen domain name registrars with evidence that their services were being abused by rogue Internet pharmacies. The evidence included letters from pharmacy licensing boards stating that the pharmacy licenses displayed on the websites were forgeries and screen-shots showing that the websites were selling prescription drugs like OxyContin or Viagra without a prescription. According to the report, eleven of the registrars suspended services to the websites, but five others, eNom (DemandMedia), UK2Group, Moniker, CentroHost and Realtime Register, allowed some or all of the websites to continue using their paid services. (prnewswire.com)

Rogues and Registrars Report

May 4, 2010

In this report, we examine how Domain Name Registrars, companies that are supposed to follow those rules, responded when put to the test. From November 2009 through April 2010, the authors provided evidence to over a dozen Domain Name Registrars establishing that each company's paid domain name registration services were being used by one or more Internet drug rings to register websites engaged in criminal and fraudulent activity. The authors then asked the Registrars to enforce their own Terms and Conditions regarding each website. (legitscript.com)

Return to Security with Returnil

May 21, 2010

As you slump at your desk, gazing with despair at the jeering messages from the botnet that now owns your computer and sobbing over the files and data you've lost forever, you pinch yourself and hope to wake up from this horrible nightmare. In truth, your tribulations really could be as evanescent as a dream if you had Returnil Virtual System installed. With Returnil, nothing that happens to your system is permanent. Just reboot and presto! Everything is back the way it was. Of course, if you've done anything good and useful on the computer, you don't want to lose that work by stepping into the wayback machine. Returnil offers numerous ways for you, the noble user, to sidestep virtualization and save important data to the real disk. (pcmag.com)

Do you get e-mail rage?

April 28, 2010

You're scanning e-mails and suddenly you're triggered by someone's words or a tone you sense -- or even see; the e-mail is filled with "ALL CAPS" or "Exclamation points!!!" or bold formatting. (cnn.com)

Internet Explorer losing grip on browser market

April 27, 2010

IE remains dominant today. But, compared to its heights in the early 2000s, it's slipping. This week, the market researcher NetApplications released a report saying IE has fallen to less than 60 percent of the browser market. (scitech.blogs.cnn.com)

Police Seize PCs of Editor Who Posted iPhone Prototype Pics

April 26, 2010

In a post on its website, Gizmodo reveals that a California computer crime unit raided the home of the editor who posted an extensive review and photographs of an unreleased iPhone prototype. (foxnews.com)

Goldman Sachs’ Secret Web War with the White House Over Google Search Ads

April 24, 2010

ABC News is reporting that the Obama White House, in response to the SEC’s suing Goldman Sachs for fraud, bought an ad for the Google search terms “Goldman Sachs SEC“ as part of an online ad campaign for financial reform. A simple search for those terms led to a page titled Organizing America that serves as a call to action for people frustrated with Wall Street. (geekosystem.com)

State Rebate Site Crashes

April 23, 2010

The money was gone is less than two hours - and an additional $2 million wait list only lasted another half hour. Consumers hoping to cash in on the state’s cash-for-clunker-appliances program this morning had to act fast amid a crashing Web site and busy phone lines. (bostonherald.com)

Few Answers After McAfee Antivirus Update Hits Intel, Others

April 22, 2010

After distributing a buggy antivirus update that apparently disabled hundreds of thousands of computers on Wednesday, McAfee is still at a loss to explain exactly what happened. (news.yahoo.com)

Apple demands missing iPhone's return

April 20, 2010

Apple confirmed that the next-generation iPhone obtained by a technology blog is the company's, and has asked for it back. In a letter yesterday to Gizmodo, the site that paid $5,000 for the iPhone prototype, Bruce Sewell, Apple's general counsel, requested that the smartphone be returned. (computerworld.com)

Spammers Turn to Social Networks

April 9, 2010

"Social networking spam may be more dangerous than regular old spam because it creates a trust factor not available through blindly sending out mass e-mail," says Garth Bruen, creator of software called Knujon, which classifies and tracks spam. By mining social networks, he says, criminals can get access to personal details such as where a person lives, where they go out to drink, or what movies they like. "It is very good intel for establishing trust with strangers," he says. Though Bruen notes that working within a social network costs spammers more resources than traditional methods, he believes the payout could be much bigger. (technologyreview.com)

French Anti-Piracy Law Actually Increasing Piracy

April 8, 2010

new research is indicating that HADOPI's effect on filesharing might not be as pronounced as lawmakers might have hoped, even given the law's tough stance toward online piracy. Ars Technica reports that French researchers at the University of Rennes have found a three-percent increase for online copyright infringement since HADOPI's inception. (foxnews.com)

Report: China-Based Hackers Stole India Secrets

April 7, 2010

China-based hackers stole Indian national security information, 1,500 e-mails from the Dalai Lama's office and other sensitive documents, a new report said Tuesday. (npr.org)

FCC loses key ruling on Internet `neutrality'

April 6, 2010

A federal court threw the future of Internet regulations into doubt Tuesday with a far-reaching decision that went against the Federal Communications Commission and could even hamper the government's plans to expand broadband access in the United States. (yahoo.com)

First iPad Jailbreak Demoed... With Video!

April 5, 2010

Here comes the iPad jailbreak! iPhone Dev Team member musclenerd has released a video showing a rough demo of a jailbreak that's given him access to the iPad's software inner workings. While it's more of a developmental hack than a full-functioning, consumer-grade jailbreak at this point, it's only matter of time before iPad amateurs will be able to unleash the tweak on their own devices. And, of course, that means third-party application installers like Cydia are but a touch or two away. (pcmag.com)

'RapeLay' video game goes viral amid outrage

April 4, 2010

The game begins with a teenage girl on a subway platform. She notices you are looking at her and asks, "Can I help you with something?" That is when you, the player, can choose your method of assault. With the click of your mouse, you can grope her and lift her skirt. Then you can follow her aboard the train, assaulting her sister and her mother. As you continue to play, "friends" join in and in a series of graphic, interactive scenes, you can corner the women, rape them again and again. (cnn.com)

Debit Card Fraud: Is Your Money at Risk?

April 3, 2010

Debit card fraud occurs when a criminal gains access to your debit card number and, in some cases, PIN, to make unauthorized purchases and/or withdraw cash from your account. There are many different methods of obtaining your information, from unscrupulous employees to hackers gaining access to your data from a retailer's unsecure computer. (finance.yahoo.com)

Boston students call cyberbullying hot line with complaints

April 2, 2010

Students at Boston public schools have reported several cyberbullying complaints, including Facebook pages with derogatory captions and crude remarks directed at females who attend Charlestown High. (boston.com)

Tiffany's Loses Latest Battle With eBay Over Counterfeit Jewelry

April 1, 2010

The federal Second Circuit Court of Appeals ruled that the luxury jeweler should get a second shot at trying to prove that the popular online auction house engages in false advertising through search-engine ads and hyperlinks to "Tiffany" items available on eBay. (foxnews.com)

Google says Vietnam mine opponents under cyber attack

March 31, 2010

Internet giant Google says malicious software has been used to spy on tens of thousands of Vietnamese web users. The company said the cyber attacks appeared to target opponents of bauxite mining in Vietnam. (bbc.co.uk)

'Cybercrime Central' Identified in China

March 30, 2010

A city in eastern China has been identified as the world capital of cyber-espionage by an American Internet security company. The firm traced 12 billion e-mails in a study which showed that a higher number of “targeted attacks” on computers come from China than previously thought. Researchers for Symantec found almost 30% of “malicious” e-mails were sent from China and that 21.3% came from the city of Shaoxing alone. They were able to identify key targets for the hackers as experts in Asian defense policy and human rights activists, strongly suggesting state involvement. (foxnews.com)

Shoplifters Hawked $20K In Stolen Goods On ebay

March 29, 2010

Barnstable police arrested a 43-year-old woman, her daughter and another teenager on Friday who were allegedly part of a shoplifting ring that sold an estimated $20,000 of stolen makeup and retail goods online. Police said the three women targeted CVS stores in Cape Cod, swiping hundreds of dollars in cosmetics and beauty supplies at a time, then selling them through the Web site eBay and mailing them out to customers from a home in Hyannis. (beforeitsnews.com)

Ten Faces of Fraud in 2010 - RSA Conference Edition

March 28, 2010

In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations. Here is a roundup of the 10 predominant types of fraud that institutions and their customers can expect to see in 2010, according to industry experts. (bankinfosecurity.com)

A new look at spam, by the numbers

March 27, 2010

Some news from Twitter this week could leave you with the impression that spam is becoming a dinosaur of the Web. As of February, slightly less than 1 percent of posts on the micro-blogging site were unwanted spam, according to a blog written by Twitter's chief scientist, Abdur Chowdhury. Not too long ago, spam was more rampant on the site, according to an info-graphic published by Twitter. In August of 2009, for example, nearly 11 percent of all Twitter posts were spam. (scitech.blogs.cnn.com)

Idiot users still intentionally opening, clicking on spam

March 26, 2010

Internet users are still opening their spam e-mail with abandon and clicking the links and/or opening the attachments within. These are the latest findings from the Ipsos Messaging Anti-Abuse Working Group (MAAWG), which found once again that people continue to practice poor e-mail habits despite awareness of the consequences. A healthy dose of denial and ignorance about who should protect them is apparently enough to keep users clicking away. (arstechnica.com)

MIT 2010 Spam Conference Continues Friday...

March 25, 2010

On Friday we are honored to have Cisco Fellow, Patrick Peterson (http://blogs.cisco.com/authors/bio/372) giving the first keynote followed by author of The Dot Crime Manifesto (http://www.amazon.com/dotCrime-Manifesto-Stop-Internet-Crime/dp/0321503589/ref=sr_1_1?ie=UTF8&s=books&qid=1269455924), Phillip Hallem-Baker. A paper from Cloudfare’s Matthew Prince will educate us on the insights from Five Years of Project Honey Pot (http://www.projecthoneypot.org/). Matt Hines from eWeek (http://securitywatch.eweek.com/) will give us a keynote expounding the view of a journalist following Internet security issues. Sagar Mehta also of CISCO will present the paper “A better insight into network level spam statistics from the vantage point of an Autonomous System.” Finishing off the conference we have Mikko Voipio from Aalto University (http://www.aalto.fi/fi/), with a Paper on Header Fields and UBE Detection. Closing the session Alexandru Catalin returns with “The curse of URL Scanning” (projects.csail.mit.edu)

MIT 2010 Spam Conference Starts Tomorrow

March 24, 2010

Opening session will be from this author (knujon.com/bios) with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference (knujon.com/bios). Rutger’s Naftaly Minsky (http://www.cs.rutgers.edu/) will present a paper on Reducing Spam via Trustworthy Self Regulation by Email Senders. After lunch George Petre of BitDefender (http://bitdefender.com) discusses his paper “Facebook - Another breach in the wall” immediately followed by CSO Magazine (http://www.csoonline.com/) senior editor Bill Brenner diving deeper into threats presented by social networking. More... (projects.csail.mit.edu)

Google-China showdown is turning point

March 23, 2010

The showdown between Google and the government of world’s most populous country marks a turning point in what was one of the great late 20th century alliances: the bond between Western capital and Beijing’s authoritarian system. (boston.com)

Verizon Sues Registrar DirectNIC/Intercosmos

March 22, 2010

Verizon has filed a cybersquatting complaint in Florida US District Court [pdf] against several companies and individuals. The complaint alleges over 288 cybersquatting violations. Among those named in the case are domain name registrar DirectNic.com and Sigmund Solares, the CEO of Directnic. Others named in the case include The Producers, Inc, Intercosmos Media Group, Domain Contender, Michael Gardner, Noah Lieske and ten “John Does”. Solares, Gardner and Lieske are named in the document as being believed to be owners of Intercosmos, The Producers Inc, Domain Contender and Directnic. (domainnamewire.com)

What's the Riskiest City for Web Surfing?

March 21, 2010

You probably won't be mugged in smaller cities like Portland, Ore., but you're more likely to have your cyberwallet picked. Those same factors that are likely to boost a city's civic pride -- prevalence of Wi-Fi hot spots, a cyber-savvy populace and so on -- also make citizens more likely to be at risk for cybercrime, finds a new study released Monday morning. (foxnews.com)

YouTube and Viacom battle gets nasty

March 20, 2010

A bitter feud between Google's online video site YouTube and media conglomerate Viacom turned ugly on Thursday, as both companies hurled accusations at one another about engaging in deceptive and illegal practices. (cnn.com)

Banned ... by Google

March 19, 2010

In Turkey, it's a crime to defame the country's founder, Mustafa Kemal Ataturk or to ridicule "Turkishness." So Google restricts access to videos that the government of Turkey deems illegal on google.com.tr. In Germany, France and Poland, it is illegal to publish pro-Nazi material or content that denies the Holocaust. To comply with those countries' laws, Google (GOOG, Fortune 500) does not display links to those sites on its search results pages on the company's German site google.de, French site google.fr or Polish site google.pl. And in Thailand, denigrating the Thai monarch is against the law, so Google blocks YouTube videos in Thailand that ridicule King Bhumibol Adulyadej. (cnn.com)

Iran Says it Broke Up U.S.-Backed Cyber War Networks

March 17, 2010

Iran said Saturday it has dismantled several U.S.-backed opposition networks that were gathering information on nuclear scientists and finding ways to circumvent controls on the Internet meant to deprive the opposition of its most crucial tool. (foxnews.com)

Corey Haim's death linked to prescription drug probe, AG says

March 16, 2010

Corey Haim's death is linked to an "illegal and massive prescription-drug ring," California Attorney General Jerry Brown said Friday. (cnn.com)

Panda discovers malware on HTC Magic phone

March 15, 2010

A Panda Security employee discovered three malware programs on a recently purchased HTC Magic phone when it was plugged it into a Windows computer. (macworld.com)

Effort to Widen U.S. Internet Access Sets Up Battle

March 14, 2010

The Federal Communications Commission is proposing an ambitious 10-year plan that will reimagine the nation’s media and technology priorities by establishing high-speed Internet as the country’s dominant communication network. (nytimes.com)

Brazen Conn. warehouse heist nets $75M in pills

March 13, 2010

In a Hollywood-style heist, thieves cut a hole in the roof of a warehouse, rappelled inside and scored one of the biggest hauls of its kind — not diamonds, gold bullion or Old World art, but about $75 million in antidepressants and other prescription drugs. (yahoo.com)

DNS Could Fail at Any Time

March 12, 2010

The Internet's critical domain name system is under constant attack and could buckle at any time, according to ICANN president Rod Beckstrom. Without naming names, Beckstrom went on to say that some DNS providers, such as ISPs, in some countries are engaging in destabilising activities, such as “wildcarding” and abusing DNS to send users to incorrect sites for commercial gain. (thinq.co.uk)

Virus Claim may be 'Net Censorship

March 11, 2010

The unusual e-mail sent to Senate staffers this week warning them not to visit The Drudge Report for fear of a virus has some critics crying foul, suggesting the missive is the latest attempt by Democrats to stifle dissent in the media. The Drudge Report, a popular Web site which aggregates news links, often trumpets headlines critical of Democratic leaders. Known for getting insider news, Drudge's scoops on the primitive-looking site commonly show up in mainstream media coverage every day. (foxnews.com)

Cisco unveils ultra-fast Internet technology

March 10, 2010

Cisco unveiled a new Internet technology Tuesday that it says will provide the ultra-fast data speeds necessary to stay ahead of users' rapidly growing online video demands. The new technology, known as "CRS-3," is a network routing system that will be able to offer downloads of up to 322 Terabits per second, according to the company. (cnn.com)

Bogus Web Site Reportedly Trying to Rip Off Madoff Victims

March 9, 2010

A bogus Web site is targeting victims of Bernard Madoff's record Ponzi scheme in an apparent identity-theft scam, the Securities Investor Protection Corp warned today, The New York Post reported. The site claims that $1.3 billion in Madoff money was recently found hidden in Malaysia, and displays photos of huge stacks of cash allegedly stashed by the mega-crook. (foxnews.com)

Being Stalked Through Your Cell Phone

March 8, 2010

Software on cell phones can be used to track the phone's owner. (news.yahoo.com)

Mariposa botnet

March 4, 2010

Authorities have arrested three Spaniards suspected of infecting 13 million computers with a program that allowed them to steal personal and financial data worldwide, Spain's Civil Guard said Wednesday. (cnn.com)

Pentagon Allows Social Networking on Military Computers

March 3, 2010

Reversing a 2007 decision banning social networking on military computers, the Department of Defense announced a new policy allowing users on Pentagon servers to access Facebook, Twitter, YouTube, MySpace, Flickr and other similar sites. (politicsdaily.com)

Stalking: There's an App for That?

March 2, 2010

Smartphone facial recognition software links photos to online personal information. (video.foxnews.com)

US government rescinds 'leave internet alone' policy

March 1, 2010

The US government’s policy of leaving the Internet alone is over, according to Obama’s top official at the Department of Commerce. Instead, an “Internet Policy 3.0” approach will see policy discussions between government agencies, foreign governments, and key Internet constituencies, according to Assistant Secretary Larry Strickling, with those discussions covering issues such as privacy, child protection, cybersecurity, copyright protection, and Internet governance. (theregister.co.uk)

ICANN Ombudsman roughs up Air Canada flight attendant

February 28, 2010

During Flight AC871, Dr. Fowlie did not get his meal choice and he complained to the flight attendant. A dispute between Dr. Fowlie and the flight attendant ensued. The flight attendant reported the problem to the service director. Another dispute resulted from the exchange between the service director and Dr. Fowlie. The service director then reported the incident to the captain and a warning card was issued to Dr. Fowlie for unruly behaviour. Upon arrival in Montréal, the crew of the connecting Flight AC195 was informed of the incident and the captain determined that there was a risk of further disruption and refused to transport Dr. Fowlie. (otc-cta.gc.ca)

Top Five Threats to Data Security

February 27, 2010

Securing a financial services network environment can be a daunting challenge. At issue is not only meeting the basic business requirement of ensuring that a customer's financial information remains private and secure, but to do so in accordance with the variety of regulations that have been implemented by state and federal governments, and the credit card industry as well. Security breaches can have a far-reaching impact to not only a company's finances, but to their reputation as well. Companies are required to prove their compliance with these regulations and will be held liable for their failure to do so. Offering a wider range of online services alone will not be sufficient to reduce customer churn; it must be accompanied by enhanced security features that provide the customer with confidence and, in turn, results in winning their long-term trust and loyalty. (bankinfosecurity.com)

Mass. Data Privacy Law: Are You Compliant?

February 26, 2010

Monday, March 1, is the current deadline for entities doing business in Massachusetts to comply with a tough new state law designed to safeguard residents' personal information. But given how many times this deadline has been moved, is this one real? "Yes," is the answer from some industry analysts. But how the new law will be enforced - that's the real question. (bankinfosecurity.com)

Law agencies call for tighter domain registration controls

February 25, 2010

Domain registration procedures could be tightened up in a bid to help clamp down on cyber crimes. Following concerns expressed by law enforcement agencies around the world, the Internet Corporation for Assigned Names and Numbers (Icann) investigated the issue of false or incomplete information being used to set up websites. The not-for-profit organisation which oversees internet tasks such as managing the assignment of domain names, commissioned a report, the Draft Report for the Study of the Accuracy of WHOIS Registrant Contact Information. This uncovered the scale of the problem facing the authorities. (computeractive.co.uk)

China Rejects Reports Investigators Traced Hacking Attacks Back to Schools

February 24, 2010

China has rejected a news report that U.S. investigators traced hacking attacks against Google Inc. to two Chinese schools and said suggestions the government might be involved were irresponsible. A foreign ministry spokesman, Ma Zhaoxu, said Chinese law prohibits hacking and the government will take steps to stop it. (foxnews.com)

Oops! KnujOn "Caught"

February 23, 2010

IP Investigator Caught Selling Fake Rolexes! (ipcybercrime.com)

District Spied on Student

February 22, 2010

A suburban Philadelphia school district is accused of secretly spying on a student and his parents at their home using a school-issued computer, MyFoxPhilly.com reported. A law suit filed by a Lower Merion teen and his parents alleges Harriton High School Assistant Principal Lindy Matsko showed the student a picture taken remotely by school software on a Web camera on his laptop. The assistant principal allegedly told the unnamed student the image showed he was doing something wrong inside his house, MyFoxPhilly.com reported. When the boy's father confronted Matsko, the suit claims Matsko acknowledged the school could turn on the Web cam and take pictures whenever it wanted to. The family says the district is violating federal wiretapping laws and as many as 1,800 students could be affected, because every high school student has a district-issued laptop with a Web cam, MyFoxPhilly.com reported. The computers were reportedly paid for with federal and state money. (foxnews.com)

Don't Lose That Web Site

February 20, 2010

Your Web site is a crucial part of your business. How would you like it if it were to disappear overnight, with you having no quick way of getting it back? This is what's happened to many unlucky Web site owners who didn't know the most basic facts about domain name registration. If your domain isn't properly registered to you--if, say, it is in the name of the outfit that developed your Web site--you could be in trouble. Your site may vanish, taking your e-mail with it. Or you might want to switch your Web hosting service only to find you can't. (forbes.com)

77% of domain registrations stuffed with rubbish

February 19, 2010

An incredible 77 per cent of internet domains - nearly 90 million internet addresses - are registered with false, incomplete, or unverifiable information. An extensive review of 1,419 representative domain names conducted by overseeing body ICANN, including direct contact with over 500 individual domain owners, produced some startling results. Example: only 23 per cent of domain registrations display the owner's correct name and physical address. Worse, an extraordinary 29 per cent of domains are registered with patently false or suspicious information - a shady sign of online criminalty. The remaining 48 per cent of faulty registrations are in a grey area where people are either unaware or unwilling to hand over their identifying details. (theregister.co.uk)

Iran Shuts Down Gmail, Announces National E-Mail Service

February 12, 2010

Iran's telecommunications agency announced Wednesday that it has permanently suspended Google's e-mail services and that a national e-mail service for Iranians will be rolled out soon. (foxnews.com)

Google Dumps Illicit Pharmacy Advertisements

February 11, 2010

We understand how important it is for users to be able to purchase pharmaceuticals online for themselves or for loved ones, and we've decided to update our Google AdWords online pharmacy policy. The change will go into effect towards the end of this month. There are two main aspects to this change: Only VIPPS and CIPA certified pharmacies will be allowed to advertise We've made the decision to further restrict the ads we accept for online pharmacy sites in the U.S. and Canada. Starting at the end of this month, Google AdWords will only accept ads from online pharmacies in the U.S. that are accredited by the National Association Boards of Pharmacy VIPPS program, and from online pharmacies in Canada that are accredited by the Canadian International Pharmacy Association (CIPA.) Pharmacies can only target ads within their country These pharmacies may only target ads to users in the country in which they are accredited. This policy change does not affect our online pharmacy policy for countries outside the U.S. and Canada. Accordingly, we'll no longer be using any 3rd party verifier of online pharmacies other than VIPPS and CIPA. AdWords advertisers who aren't accredited by VIPPS or CIPA will no longer see their online pharmacy ads displayed once this policy change comes into effect We'll post to this blog again once the changes go into effect towards the end of this month. For more information on our current pharmacy policy, please see this link: http://adwords.google.com/support/aw/bin/answer.py?hl=en&answer=7463. (adwords.blogspot.com) More...

House Passes Cybersecurity Bill

February 10, 2010

The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online. The bill, which passed 422-5, requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation. (nytimes.com)

Global gov's shrugging lets cybercrims frolic

February 9, 2010

Brian Krebs, investigative journalist and former editor of the Washington Post SecurityFix blog was joined by Joseph Menn, journalist for Financial Times USA and author of the newly released cyber-crime book Fatal System Error to debate the state of internet security. The panel session also included this writer, as a representative of El Reg, as one of a group of ten panelists. Krebs, whose work was instrumental in leading to the takedown of rogue ISP McColo in 2008, and later in illustrating the dangers of corporate ID theft, compared the cybercrime economy to the drug trade during his 15-minute opening presentation. Menn backed up this analysis, adding that the most serious cybercrooks are protected by some of the largest governments in the world. (theregister.co.uk)

11.1 Million IDs Stolen in 2009

February 8, 2010

The number of identity fraud victims increased 12 percent to 11.1 million people in 2009 -- the second consecutive annual increase. At the same time, the total amount of fraud also increased by 12.5 percent to $54 billion. These are the headlines of the newly-released 2010 Identity Fraud Study by Javelin Strategy & Research. (bankinfosecurity.com)

US cyber security tzar gets to work on cloud computing

February 7, 2010

US national cyber security co-ordinator Howard Schmidt is formulating a plan on how best to ensure cloud-based computing is secure. Schmidt resigned from his UK-based role as president of the Information Security Forum (ISF) in December, when he was appointed to the top US cyber security job by US president Barack Obama. Since his appointment, Schmidt has been working with federal chief technology officer Aneesh Chopra and federal chief information officer Vivek Kundra on the requirement for secure cloud computing architectures and other issues, according to US reports. (computerweekly.com)

Utilities, Refineries and Banks Are Victims of Cyber Attacks

February 6, 2010

Companies that run key public infrastructure assets like electric utilities, oil refineries and banks are regularly victims of the kind of cyber attacks that recently penetrated Google Inc., according to a new report by a former top homeland security official. Cyber attacks are often coupled with extortion demands, according to the report commissioned by the computer antivirus company McAfee, which found that 20% of the 601 companies and government agencies surveyed said they had been a victim of such an attack within the past two years. It wasn't clear whether any companies actually paid extortion demands. Stewart Baker, a former senior official at the Department of Homeland Security and the National Security Agency, led a team that surveyed executives at companies responsible for critical infrastructure. One hundred executives were American, and 20 to 50 participated from each of 13 other countries, including China, Russia, and the U.K. The report was funded by the antivirus company, but Mr. Baker said his team at the Center for Strategic and International Studies think tank had a "free hand" in constructing the survey and report. Among the executives surveyed, 54% said their company had been the subject of infiltration, according to the survey, and two thirds of those companies said the attacks had harmed company operations. (wsj.com)

US oil industry hit by cyberattacks: Was China involved?

February 5, 2010

At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show. The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show. (csmonitor.com)

Intel Chief: U.S. at Risk of Crippling Cyber Attack

February 4, 2010

The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Wednesday. Blair, speaking to the House Intelligence Committee, said U.S. tools are not yet up to the task to fully protect against such an attack. "What we don't quite understand as seriously as we should is the extent of malicious cyberactivity that grows, that is growing now at unprecedented rates..." (foxnews.com)

Need a job? Cyberthieves are hiring

February 3, 2010

The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online. Two companies that are hiring -- at least on a contractor basis -- advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday. What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on -- like a picture of Britney Spears getting out of her car. These people then collect a fee for each 1,000 times that the malware is downloaded. One site, for example, pays $180 for each 1,000 times that malware is downloaded onto a U.S. computer but less for computers elsewhere. It refuses to pay for any downloads to Russian computers, causing Stevens and others to strongly suspect that it, like other similar sites, are based in Russia. (foxnews.com)

Germany to Buy Stolen Swiss Bank Data

February 2, 2010

German Finance Minister Wolfgang Schaeuble said in a newspaper interview that Germany will buy stolen information on Swiss bank accounts, backed by a poll showing majority support among voters if it helps tackle tax evasion. Information on secret Swiss accounts held by German nationals could yield 200 million euros ($278 million) in lost tax revenue to the German government, Handelsblatt reported yesterday. Tax authorities were offered a CD that contained 1,500 names in exchange for 2.5 million euros. (bloomberg.com)

Should a Domain Name Registrar Run from a PO Box?

February 1, 2010

In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location (http://www.knujon.com/news2008.html#06102008). The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. It is difficult enough when registrants conduct illicit commerce and wrap themselves in mystery, for a Registrar to do the same shames the entire industry. Much to our shock, we found that Registrars were not required to publicly disclose their address. Since then the ICANN Registrar directory (http://www.internic.net/alpha.html) has been updated to include all the addresses and the Registrar Accreditation Agreement (http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm) has been amended to include the following language: “3.16 Registrar shall provide on its web site its accurate contact details including a valid email and mailing address.(http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm#3)” But what constitutes a “valid mailing address” other than it can accept mail. This probably would have been better worded as “valid business address” as we recommended (http://www.knujon.com/news2008.html#11022008), but that will have to wait for the next round of RAA changes. In the meantime we ask the question, does it support openness and accountability if the gatekeepers of domain registration run out of public mailboxes? Some may immediately argue that it is an immediacy of running a small business since they may not have to staff or facilities to accept mail. And I would guess this would be the case for companies like Domain Monkeys, LLC who use a P.O. box but have a real brick-and-mortar shop just up the street. The same goes for DomainsToBeSeen.com, DOMERATI and Sundance Group. But we are puzzled by Hosting.com, Inc., which has a P.O. Box in Kentucky when their business is really in Colorado. Honestly, the issue disappears if the Registrar clearly posts its business address where consumers can find it. Enetica Pty Ltd uses a PO box in Australia but clearly states its street address on their website. Contrast this with DomReg Ltd. (AKA LIBRIS.COM), which runs from a PO box in Russia and has no other contact information posted on its website not even a phone number. Now, we have many Registrars using P.O. boxes in the Cayman Islands and other Caribbean locations. DirectNIC, LTD, AKA Intercosmos, used to have an address in New Orleans but now has a PO box in the Caymans. Bargin Register also has a Caymans PO box listed as their address. It has been explained to us multiple times that “all addresses in Caymans are PO boxes,” but this is only partly true. For the purposes of mailing in the Caymans PO Boxes must be used, however, all businesses do in fact have street addresses. Example, The Royal Bank of Canada in the Caymans lists two addresses on its website: 24 Shedden Road, George Town, Grand Cayman (street address) and PO Box 245 Grand Cayman KY1-1104 (mailing address). In this case the Registrar can and should list both addresses but DirectNIC and Bargin Register do not. And then there are “suites.” Suite is a deceptive address term since it could mean a leased space in an office building or hotel, but suite is also the term UPS and other private mailbox services use to refer to their rented postal boxes. There are at least a dozen Registrars with suite numbers in their addresses that need to be clarified. Estdomains ran out of a Delaware proxy address and business registration. This was part of their overall policy of hiding any information concerning the true nature of the Registration business (http://www.informationweek.com/news/services/data/showArticle.jhtml?articleID=212002478). Secrecy and misdirection are primary indications of potential fraud. Of course all of these issues are moot in the face of a falsified address as in the case of Parava Networks, AKA 10-Domains (http://www.knujon.com/news2008.html#07222008). Parava were later de-accredited for other contract violations (http://www.icann.org/correspondence/burnette-to-valdes-27feb09-en.pdf). In the name of accountability and transparency we need to know that the Registrars are legitimate companies and the first step is identification. This brings us to the most extreme case of location obfuscation: OnlineNIC. OnlineNIC claims to be in the U.S. but they are not. The California address they feature on their website and in the ICANN directory is an auto-body shop or barren lot (http://dotsnews.com/domain-name-news/184). There are two other addresses they use and one is a residential address with no apparent business taking place. The second is an office building, but we could not find OnlineNIC there, but we did find a UPS Store. There are actually more red-herring California addresses for OnlineNIC, but the point is made. It is no surprise to many people that documents related to OnlineNIC lead back to Hong Kong and ultimately to mainland China. Does ICANN even know where OnlineNIC really is? Why are they pretending to be in the United States when other Chinese Registrars operate with full location disclosure? This is a shameful charade that has mislead consumers for too long. We’re calling for OnlineNIC to publicly disclose their address and for ICANN to post that real address in the directory. Address disclosure is critical to consumer trust and ICANN’s pledge of transparency and openness. The public should see the same address used in Registrar accreditation applications. (circleid.com)

One More Reason To Avoid Diet Drug Fakes: They're Dangerous

January 23, 2010

The Food and Drug Administration is reporting that some people have gotten fake Alli that contained twice the recommended dose of sibutramine (aka. Meridia), another diet drug. The issue is possible heart problems. The FDA discovered the illegal Alli-Meridia switch when otherwise healthy people reported feeling anxious, shaky, nauseated, and sleepless after taking the bogus Alli. Some even had heart palpitations. No deaths have been reported. (npr.org)

WHOIS Privacy Considered "Material Falsification" by 9th Circuit Court of Appeals

January 22, 2010

(blog.mailermailer.com)
No. 07-10528 and No. 07-10534, U.S. v. Kilbride and Schaffer (ca9.uscourts.gov)
No. 07-10528 and No. 07-10534; U.S. v. Kilbride and Schaffer (scribd.com)
Appeal Rejected
Whois Privacy Is ‘Material Falsification’ (domainnamenews.com)
U.S. v. Kilbride: 9th Circuit's Holding that Internet Obscenity Laws Should Be Governed by a National Standard Rests on Shaky Grounds
US v. Kilbride, No. 07-10528 (blogs.findlaw.com)

MIT Spam Conference: 2010 Call for Papers and Participation

January 21, 2010

I am proud (or disappointed) to announce the 8th annual MIT Spam Conference, March 25th and 26th at MIT in Cambridge, Massachusetts. A regular research competition that brings out the best minds in the fight against unsolicited email. At this point it would be helpful to provide a little background on the conference and remind everyone that the Call For Papers is still open. Just as the spammers have developed new tools, platforms, and tactics to deliver their message we need to match them and push it back. Spam is still the number one threat on the Internet today as it drives illicit commerce, delivers viruses, opens doorways for intrusions, and tricks the savvy and gullible alike to hand over cash and credentials. To this end, the conference has been broadened in the last two years to include a variety of subjects and revolutionary proposals. This top-talent but low-key session was started in 2003 by Paul Graham, the inventor of Bayesian spam filtering, which is the basis for current spam filters, in 1998. After a few years of chairing the Spam Conference Graham moved on to YCombinator, Yahoo’s start-up development project. In 2006, William “Bill” Yerazunis of Mitsubishi Electric Research Labs (MERL) took up the mantle and worked to expand the conference to two days. Yerazunis isn’t just a spam guy, he has worked in a number of technical fields including optics, computer graphics, transplant immunology, artificial intelligence, and other diverse disciplines. Yerazunis, who holds 29 patents, turned the Spam Conference over to University of Akron Computer Science Professor, Kathy Liszka. Last year, Liszka, coordinated and ran one of the most topic diverse conferences yet. Liszka will be accepting research submissions until February 1, 2010. For those who do not have research to submit, but are still interested in the subject, the conference is open to the public and held in the first floor of MIT's building 34. There is always a lively debate and discussion as well as a review of shocking developments in spam and predictions for the coming year. All points of view are welcome as some of the brightest minds take a deep look at this ongoing and troubling technology problem.

ICANN's Weak Accountability Remains a Problem

January 20, 2010

The JPA is dead, and in its place is the Affirmation of Commitments. Much debated, this change is anticipated to bring more global participation into ICANN's governance. Increased globalization may turn out to be beneficial for the Internet community, if it helps to shore up ICANN's institutional weaknesses. But the Affirmation leaves important questions unanswered, beginning with ICANN's fundamentally weak accountability. It remains unclear whether or how the Affirmation makes ICANN more accountable. (circleid.com)

spam(b)log - an experiment in spam

January 19, 2010

Reguarding the Spam(b)log : http://spam.stevenrutledge.com I have set up this blog to automatically receive email at spam@stevenrutledge.com and process those emails into online blog entries; so anything you send there will show up here for all the world to see. Next, I plan to sprinkle the email address liberally around, in hopes of snaring some spam. Why? Well, it is a measure of global zeitgeist in a way, and a measure of ourselves. Kind of like sending up a balloon to see which way the wind is blowing... I could use your help spreading the email around, so feel free to post it anywhere you like. (http://stevenrutledge.com)

Google cyber-attack from China 'an inside job'

January 18, 2010

Google employees may have assisted hackers who launched a cyber-attack from China, prompting the company’s threat to leave the country, it has emerged. The world’s most popular search engine is believed to be investigating whether one or more of its own workers bases in the Chinese offices helped those attempting to break into the e-mail accounts of human rights activists last month. (timesonline.co.uk)

Did Chinese Hackers Attack LA Law Firm?

January 16, 2010

Gibson Hoffman & Pancione, which is representing a company suing China for allegedly stealing its software code, announced its computers have come under a cyber-attack that originated in the China and that the FBI is investigating the attempted intrusion. Click here for the WSJ story; here for the LA Weekly story. (blogs.wsj.com)

Researchers identify command servers behind Google attack

January 15, 2010

VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware. (arstechnica.com)

Google Hack Raises Serious Concerns, US Says

January 14, 2010

A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday. In a statement released late Tuesday night, Clinton said that the U.S. government is taking the attack -- which Google said came from China -- very seriously. "We have been briefed by Google on these allegations, which raise very serious concerns and questions," she said. "We look to the Chinese government for an explanation." (pcworld.com)

Searching for Safety: Addressing Search Engine, Website, and Provider Accountability for Illicit Online Drug Sales

January 13, 2010

Importantly, search engines such as Google, Yahoo, and MSN, although purportedly requiring “verification” of Internet drug sellers using PharmacyChecker.com requirements, actually allow and profit from illicit drug sales from unverified websites. These search engines are not held accountable for facilitating clearly illegal activities. Both website drug seller anonymity and unethical physicians approving or writing prescriptions without seeing the patient contribute to rampant illegal online drug sales. Efforts in this country and around the world to stem the tide of these sales have had extremely limited effectiveness. Unfortunately, current congressional proposals are fractionated and do not address the key issues of demand by vulnerable patient populations, search engine accountability, and the ease with which financial transactions can be consummated to promote illegal online sales (safemedicines.org)

Embezzlement (Part 1): When Everyone Lies, Cheats & Steals

January 12, 2010

Embezzlement has become the nation's favorite financial crime -- and losses attributed to embezzlement are greater than those from all other financial crimes combined. Understanding the crime of embezzlement is critical to every investigator. (govinfosecurity.com)

Online Gambling boss gets three years

January 11, 2010

David Carruthers, the former chief executive of Betonsports, was sentenced to 33 months' prison time last week. Carruthers, a British citizen, was arrested in Dallas in 2006 while changing planes on his way to Costa Rica, where the business was based. His arrest pre-dated the passage of US laws to ban online gambling - tacked onto the Safe Ports Act.
...
Assistant US attorney Steven E Holtshouser said: "The prosecution and conviction of Carruthers is significant to the Government's efforts at enforcement of U.S. laws against offshore Internet and telephone sports wagering businesses, because Carruthers was both a foreign national and a top executive of BetOnSports... Both the conviction of, and sentence handed down against Mr. Carruthers should send a message to any foreign business conducting illegal activities in the United States, that geography does not render it untouchable." (theregister.co.uk)

Google under fire for nuking blogs after spam reports

January 10, 2010

It's frustrating enough when your blog gets taken down because Google thinks it's spam. It's even more frustrating when there seems to be no way to prove you're a human and get it reinstated quickly. (arstechnica.com)

Attackers Buying Own Data Centers for Botnets, Spam

January 9, 2010

The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers. (threatpost.com)

Pharma link spammers invade Live Space

January 8, 2010

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties. Search engine poisoners are actively making use of Microsoft's Windows Live Spaces blog hosting environment, net security firm eSoft reports. Miscreants are creating accounts which they use only to push links to the pharma-fraud sites. As a result the search engine ranking of these spamvertised sites is pushed up. (theregister.co.uk)

A Scottish translation company has had its website design pirated by a company in China

January 7, 2010

Lingo24, based in Edinburgh, were alerted to the rip-off by a firm called Universecy when a Google alert threw up a reference hidden in code. The Universecy site uses almost identical wording, pictures and links and even has references to staff members and Lingo24's Aberdonian roots. Lingo24 said taking court action would be difficult and expensive. Christian Arno, founder and managing director, said: "The websites are virtually identical. Almost every page has been copied. "Anyone familiar with the Lingo24 site would be fooled into thinking it was ours. "It was the fact that they left the phrase Lingo24 in a meta-tag on one of the pages that notified us of its existence - via a Google Alert for our company name." He said they would be informing Google to ensure the pirated site did not pose a threat to business. "But apart from taking legal action in China, which is difficult and expensive, and complaining to their ISP or hosting company, there's very little we can do," he added. (bbc.co.uk)

Welcome to Krebsonsecurity.com

January 6, 2010

Welcome, everyone, to krebsonsecurity.com. Here’s to new beginnings, and a happy, healthy and prosperous New Year! Some of you may be familiar with my work at The Washington Post and the Security Fix blog. Krebsonsecurity.com will feature similar content: Original reporting and analysis on important security threats and trends. With a few exceptions, I will continue to eschew chasing the security story-of-the day, as there are plenty of sites you can go to for that. My focus will remain on publishing information and reporting that you won’t find anywhere else – and with a minimum of editorializing. Visitors who are unfamiliar with my work can browse through a collection of what I think represents some of my best reporting over the past few years. The About the Author and About this Blog tabs include a bit more detail about who I am and how this blog will be organized. (krebsonsecurity.com)

The World's Most Dangerous Country Code Top-Level Domains (By John Yunker at globalbydesign.com)

January 5, 2010

If you want to know the world's most dangerous country code Top-Level Domains (ccTLDs), ask an anti-virus software company. McAfee ( http://newsroom.mcafee.com/article_display.cfm?article_id=3600) has released its list of most dangerous country codes. Here are the top five: 1. Cameroon (.cm), 2. PR of China (.cn), 3. Samoa (.ws), 4. Philippines (.ph), 5. Former Soviet Union (.su) Why is Camerooon at the top of the list? Because .cm is a common typo by users who intended to type .com.

Internet Drug Traffic, Service Providers and Intellectual Property

January 4, 2010

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being "What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being "Online Drug Traffic and Registrar Policy." There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. Not only is this an Internet abuse issue but it also represents a grave public health risk since the entire chain of doctors, pharmacists, and patient education has been bypassed by criminals. We have also found that the lion's share of phony RX domains and IP hosts are in the U.S.( see Host Exploit's Top 10 Bad Hosts 2009). As we pointed out Registrars and ISPs have the technical ability and legal obligation to terminate these sites, but few of them are unless put under pressure. There is an additional threat, the one to Intellectual Property. Not just a threat to brand-holders, abuse of trademarks is a ticking time bomb for Registrars and ISPs.

Many ISPs and Registrars falsely believe they are protected from their customer's illicit activities by various statues. This is only true for certain types of crimes and lawsuits. Providers have even written in the Terms Of Service or Acceptable Use Policy that their customers are responsible for any legal action stemming from abuse, but this only covers some activities. Registrars and ISPs ARE in fact liable for Intellectual Property violations conducted by their customers. The Communications Decency Act only immunizes defendants from non-intellectual property claims and non-criminal complaints. Illicit pharmacy is both a criminal act as well as an IP violation since most deal in counterfeit or unauthorized sales of trademarked drugs. One critic of our first article was chagrined that we suggested that Registrars should act on abuse reports from the public, but doing just that is in their best interest. Failing to act can be seen as an act of complicity later when lawsuits begin.

We have a new proactive process that monitors IP abuse in the wild and during initial testing we found 85 compromised IP addresses at one provider's ASN that were hosting spam template content. These sites are never advertised themselves but rather provide low-level content delivery to thousands of spammed domains which are advertised, dumped and replaced. We found that many of the domains that used these templates had trademarks in the domain names. Words like Zoloft, Motrin, Norvasc, Celexa, Zyloprim and many others. None, of course, were the real sites controlled by the actual brand-holders.

One thing is for certain, they are making considerable amounts of money by abusing brands. So much so that they have gone beyond common spam, site hijacking, or paid search engine advertisements and are now issuing press releases to announce deployments of new illicit pharmacies. It seems mind-boggling that a completely illegal business would be so brazen as to use a press release but it shows us the lack of fear on their behalf.

So, folks may wonder why if there is an abundance of research data as well as legal authority. Reason is simple: no enforcement. Many IP attorneys have expressed their lack of faith in WIPO and ICANN enforcement. Brand holders feel that chasing IP violators on the Internet is like swatting at gnats. Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion. The pharma brands also share in the blame for not enforcing their marks. Some drug companies may have unfortunately lead to believe that there is no solution. Others fear the public perception of big pharma pursuing lost profits from illicit providers as if the rogue drug traffickers were some kind of Robin Hood. They are not. Illicit drug traffickers are only helping themselves and often replacing active ingredients with poison. Money in their pocket, garbage in your body.

Some Registrars and ISPs welcome the rogue pharmacy traffic because of the revenue generated by thousands of illicit sites that operate with impunity. Others are seemingly helping illicit pharmacies find variations of unclaimed trademark violation domains with "suggestion" utilities.

For those that are not familiar with domain registration, some companies will allow you enter any word, including the name of a trademarked product, and return a massive list of unused variations containing that word. For anyone wondering how the spammers come up with so many different URLs with the names of male enhancers, they actually don't have to because Registrars will make them up on the fly for the spammers to buy in bulk. It is a puzzle to many people how the Registrars can sell off someone's trademark. This is, of course, the fundamental question. Adding a warp-speed engine that generates lists of potentially abused trademarked domains is the injury to the insult.

This is a wake-up call the pharmaceutical brands, I am telling you that something can be done to put the pharmacy fraudsters out of business. The problem can be quantified, minimized and managed. And, honestly, this is the case for any trademarked product or service being abused on the Net. It's a new year, let's move in a new direction. The best solution to the whole abuse problem is a shared solution between government, Internet users, brand-holders and service providers. If everyone lifts their weight we all benefit.

Brian Krebs Leaves the Washington Post

January 3, 2010

This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company. Over the last 15 years, I've reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were "reverse published" in the newspaper, including eight front-page stories and a Post Magazine cover. Through it all, you - the reader - have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you. (washingtonpost.com)

No, Brian, Thank YOU! His new home: http://www.krebsonsecurity.com/

Top Bad Hosts - From HostExploit.com

January 2, 2010

As a test of its capabilities during BETA development, SiteVet has produced data on the world's worst web hosts (specifically, Autonomous Systems). This data was produced for hostexploit in conjunction with the report released this month. The top bad hosts are shown below; click each one for further details and break down reports brought to you by SiteVet. You can also take the demo tour to find out what Sitevet will be able to do for you. As SiteVet moves out of BETA development, detailed reports will be available for every active AS this will coincide with hostexploit becoming a conclusive source for information on the worst and best hosts globally and the respective reasons. (hostexploit.com)

Last Decade in Spam (by Neil Schwartzman - cauce.org)

January 2, 2010

In 2009, Sanford Wallace was sued under CAN-SPAM by Facebook. The BBC controlled a botnet. Canada introduced serious anti-spam legislation, which didn't make it through the legislative process. Alan Ralsky pled guilty and went to prison with his co-conspirators. ISP Pricewert was taken down by the FTC for hosting botnet controllers, MEGA-D takes a hit as a result. Fireye took down the remnants later in the year. Habitat UK spammed Twitter using Iranian election hash tags. James Gordon lost his case against Virtumundo. Herbal King spammers Lance and Shane Atkinson are fined under New Zealand, Australian and American anti-spam law. Vodafone was fined for spamming for Coca-cola. ASIS lost its CAN-SPAM case against AzoogleAds. (circleid.com)