What's in a Domain Name? Marketers Weigh the Cost

March 14, 2009

YORK, Pa. (AdAge.com) -- Today there are 21 generic top-level domains, or those little words that come after the dot at the end of a web addresses, including .com, .net and .gov. But that's all about to change. A proposed expansion of domains means that by the end of the year there could be hundreds. Coca-Cola and Pepsi could request .soda or .softdrinks; Procter & Gamble and Unilever could sign up for .laundry or .soap; and McDonald's and Wendy's could get .burger or .fries. The potential for names and online branding would be limited only by the imagination of the creative marketing industry. But what if you had to pay for every one of the new domains that relates to your brand? The initial cost estimated by the Internet Corporation for Assigned Names and Numbers, the nonprofit agency that oversees the distribution and policy of domain names, is $185,000 for registration plus anywhere from $25,000 to $75,000 in annual fees. (adage.com)

###
Thieves look to Internet(dailypress.com)

KnujOn Feed Plug-in Requested for Spam Assassin

March 13, 2009

KnujOn Feed Plug-in Requested for Spam Assassin(issues.apache.org)

MIT Spam Conference Schedule Posted

March 12, 2009

Fellow Anti-Spammers, the Schedule for the 2009 MIT Spam Conference is now available. Full details and registration information can be found here

Thursday March 26, 2009
9:30 a.m. breakfast
10:00 a.m. chair opening: Kathy Liszka / Bill Yerazunis Welcome and Administrivia
10:15 a.m. keynote: Robert Bruen Keynote: ICANN Policy Enforcement
10:45 a.m. keynote: Garth Bruen Keynote: The Future of Anti-Spam: A Blueprint for New Internet Abuse Tools
11:15 a.m. paper: Adrian McElligott Email Permission Keys
11:45 a.m. lunch
1:00 p.m. keynote
1:30 p.m. paper: Claudiu Musat Spam Clustering Using Wave Oriented K Means
2:00 p.m. paper: Sebastian Holst "Account-free” Email Services to Combat Phishing, Brand Infringement, and Other Online Threats
2:30 p.m. break
2:45 p.m. paper: Nathan Friess A Kosher Source of Ham
3:15 p.m. paper: Didier Colin A Selective Learning Model For Spam Filtering
3:45 p.m. presentation: Rudi Vansnick Is Spam in Europe easier to handle ?
6:00 p.m. reception: Courtesy of ComCast


Friday March 27, 2009
9:00 a.m. breakfast
9:30 a.m. paper: Tim Martin Phishing for Answers: Exploring the Factors that Influence a Participant's Ability to Correctly Identify Email
10:00 a.m. paper: Reza Rajabiun IPv6 and Spam
10:30 a.m. break
10:45 a.m. workshop: Adrian McElligott How to integrate Email Permission Keys in to an existing Spam Filter in 5 easy steps
11:15 a.m. paper: Henry Stern The Rise and Fall of Reactor Mailer
11:45 a.m. lunch
1:00 p.m. presentation: Andra Miloiu Costina Do humans beat computers at pattern recognition?
1:30 p.m. paper: Cesar Fernandes An Economic Approach to Reduce Commercial Spam
2:00 p.m. break
2:15 p.m. paper: Alexandru Catalin Phishing 101
2:45 p.m. paper: Areej Al-Bataineh Detection and Prevention Methods of Botnet-generated Spam
3:15 p.m. wrap up: all participants

Full Details

###
FBI agents have made two arrests after raiding the D.C. office of the man tapped to be President Obama's chief information officer(foxnews.com)

Google Dollars From Online Pharma

March 11, 2009

There's no question Google and other search engines (think Yahoo) make a lot of money advertising--even in a recession. But Google can't just let anyone advertise -- its rulebook, for example, explicitly bans advertisers that use "deceptive, illegal, unethical, false or misleading practices." Moreover, Google's Online Pharmacy Qualification Process lays out specific rules on which online drugstore sites are allowed to advertise. It says, for instance, that sellers of online prescription drugs in the U.S. and Canada must register with the PharmacyChecker Verification Program. But is PharmacyChecker a strong enough verification process? It may not be. Its list of banned "rouge" sites, for one, pales in comparison to the over 22,000 sites that fail to meet the stricter standards of online verifier LegitScript.com. Early this month, CNN exposed a PharmacyChecker-approved site that illegally sold controlled drugs from India without a prescription. Legitscript's analysis of the site, PharmNet.com, found that CNN's order for the restricted antidepressant Xanax was made through PharmNet but was processed and paid through another site altogether. In fact, while PharmacyChekcer validated PharmNet, LegitScript rejected that site's application for approval. It's worrisome if Google's verification process relies solely on PharmacyChecker, which approves sites that other verification processors do not. Researchers at the National Center on Addiction and Substance Abuse (CASA) agree. In a July 2008 study, CASA found search engines' verification processes "far from perfect." Indeed after successfully finding prominent ads from rouge pharmacies in searches for controlled substances on Google and Yahoo, CASA wrote that their findings "suggest that these search engines are profiting from advertisements for illegal sales of controlled prescription drugs online." Until search engines impose more stringent requirements for online pharmacies, sites without the proper licenses and certifications will continue to generate sales. The online drug business is a fast-growing transnational enterprise, estimated by Mark Monitor to be worth $12 billion last year--there's a lot of potential ad dollars in there. (behindonlinepharma.com)

The battle over cybersecurity(scitech.blogs.cnn.com)

Websites sell fake Aussie passports

March 10, 2009

WEBSITES are selling fake state-of-the-art Australian passports for as little as $1250, boasting they'll pass the most rigorous border checks. Australia's Department of Foreign Affairs and Trade (DFAT) says the sites are just another money-making scam but admit they are "the subject of ongoing discussions'' with Australian Federal Police. DFAT also warns that people who use such documents are guilty of a serious criminal offence. One of the sites boasts it is a unique producer of quality fake documents. "We offer only original high-quality fake passports, driver's licences, ID cards, stamps and other products for following countries: Australia, UK, USA,'' the site says. Sample pictures of a blank Australian passport show where buyers' personal details will be entered after supplying a digital photo, signature and other particulars. (theaustralian.news.com.au)

Online brand abuse 'on the rise'

March 9, 2009

Online abuse of the world's top brands is rising, according to a report. Cyber-squatting - in which someone registers a domain name with the aim of selling it on at a later date - remains the most common form of abuse. Cyber-squatting rose by 18% in 2008, to 1,722,133 reported incidents, according to brand specialist MarkMonitor. The study also found that 80% of sites identified in 2007 as "abusive" were still in existence today. The report suggests that brand owners need to take a more aggressive stance against people or companies abusing a trademark, brand or domain name. (news.bbc.co.uk)

Cybercrime in the UK rose by more than 9% in 2007, according to a new report(news.bbc.co.uk)

Garth Bruen's E-Crime Statement

March 8, 2009

"When reporting abuse and fraud, instead of being helped, consumers are often pushed into a maze with no map. Obfuscation by industry experts, experts at manipulating hosts, ISPs, registrars and the general architecture of the Internet, they confound investigators. There could be potentially a dozen or more companies involved in the promotion and execution of a single illicit transaction domain, and often, these companies are distributed through different countries. And this is done on purpose. Within this complex structure, there is significant misdirection and falsification deliberately put into place to frustrate investigators and consumers. The deep manipulation of registrars and resellers can only happen if the registrars and ICANN allow it. In these cases, we can use policy, not just technology, to fix this." (mex.icann.org)

ICANN RAA Amendments, a step towards security

March 7, 2009

At the ICANN meeting in Mexico City, the various GNSO constituencies worked diligently to arrive at a supportive motion that will advance the RAA amendment package and provide for additional follow-up efforts that will be pursued over the coming months. This motion was adopted unanimously and the amendment package has been advanced to the Board for final approval.

(icann.org) There are a number of new or modified sections to the Registrar Accreditation Agreement that provide better protection for consumers and Internet users, including a new section based on a proposal submitted by KnujOn:

3.16 Registrar shall provide on its website its accurate contact details including valid email and mailing address.

As KnujOn users will recall, this was part of a big push by our members due to a fiasco of 70 Registrars in mystery locations. We believe this disclosure is crucial to security and consumer trust.

Other useful amendments:

1. Enforcement tools
   1. Registrar Audits – Allowing ICANN to conduct site visits and audits of registrars upon at least 15 days notice.
   2. Sanctions & Suspension – Providing for escalated compliance enforcement tools such as monetary sanctions and suspension of registry access.
   3. Group Liability – Preventing "serial misconduct" by registrars when another affiliated (by common control) registrar's RAA is terminated.
   4. Registrar Fees – Revising registrar fee provision to be aligned with recent and current ICANN budgets; assessing interest on late fee payments.
   5. Registrations by Registrars – Creating liability by registrars to ICANN for any registrations created by a registrar for its use in providing Registrar Services.
   6. Arbitration Stay – Eliminating the existing automatic 30-day stay of termination registrars receive by initiating arbitration or litigation to challenge an RAA termination.
2. Registrant protections
   1. Private Registration & Registrar Data Escrow Requirements – Registrars are required to either escrow underlying customer data in the case of private or proxy registrations, or alternatively, give prominent notification that such data will not be escrowed.
   2. Registrant Rights and Responsibilities – Requiring registrars to include on their websites a link to a "Registrant Rights and Responsibilities" document to be created in consultation with the ICANN community.
   3. Contractual Relationships with Resellers – Protecting registrants who are customers of resellers by obligating resellers to follow ICANN policies and requiring that they either escrow privacy/proxy customer data, or alternatively, give prominent notification that such data will not be escrowed.
3. Promoting stable and competitive registrar marketplace
   1. Accreditation by Purchase – Requiring registrars to notify ICANN upon a change of ownership and to re-certify the registrar's compliance with the RAA.
   2. Operator Skills Training and Testing – Providing for mandatory training of registrar representatives to ensure better registrar understanding of ICANN policies and RAA requirements.
   3. Use of ICANN-Accredited Registrars – Maintaining ICANN's general policy of requiring registries to use ICANN-accredited registrars (in the absence of a reasonable and noted exception).
4. Agreement modernization
   1. Notice Provision – Streamlining ICANN's obligation to provide notice to registrars of new consensus policies applicable to registrars.
   2. References to the Department of Commerce – Acknowledging ICANN's movement toward independence from the DOC by removing certain references within the RAA to a requirement of DOC approval.
   3. Registrar Data Retention Requirements – Clarifying data retention requirement for registrars to allow for more uniform practices.

Colonies of 'Cybots' May Defend Government Networks

March 6, 2009

The Cybot Age could soon be upon us. But be not afraid; this isn't Star Trek. We're not talking droves of evil cyborgs bent on galaxy domination. If all goes as planned, in just a few years colonies of software robots -- "cybots" -- linked into a "hive" mind could be defending the largest computer systems in America against network intruders. Researchers at the Oak Ridge National Laboratory say the program behind the cybots "T Ubiquitous Transient Autonomous Mission Entities (UNTAME)" T will be very different from current cybersecurity systems. Joe Trien, who leads the team at the lab's Computational Sciences and Engineering Division, said what will make cybots so useful is that they will be able to form groups, function autonomously and respond almost immediately. (foxnews.com)

Bad, bad, cybercrime-friendly ISPs!

March 5, 2009

Interestingly, what we’re witnessing for the time being is a mixed abuse of, both, legitimate infrastructure and purely malicious one. For instance, the bad actors that FireEye is profiling, will receive traffic coming from abused legitimate infrastructure such as the Digg, Google Video and YouTube’s latest malware campaigns. Moreover, we cannot talk about cybercrime-friendly ISPs without mentioning the domain registrars of choice for the majority of cybercriminals, which KnujOn keeps profiling. Their February, 2009 Registrar Report states that 10 registrats are responsible for 83% of the fraudulent sites that they’ve analyzed, with the Chinese registrar XIN NET topping the chart for a second time. (zdnet.com)

e-Crime and Abuse of the DNS Forum: A Global Perspective

March 4, 2009

Tuesday, 4 March, 2009 14:00 - 17:30
http://mex.icann.org/node/2653

###
WG5 Policy Proposal Statement: Internet users want all reasonable steps taken for a more secure internet.

This is from the Working Group operating nextdoor to KnujOn's (Working Group 5: DNS Security Issues within ICANN's Mandate) . It addresses many of the same issues from a different perspective. This group more or less came to the same conclusions as Garth Bruen and Rudi Vansnick independently. There is broad security industry support for these concerns. Serious problems exist within DNS, the registry system and within the Registrar community. Anyone failing to acknowledge this does not understand the problem, anyone denying this is part of the problem.

Summary of recommendations

• ICANN should initiate a study of such possible impacts of the introduction of DNSSEC on the installed base.
• ICANN should proceed in the process of having the root signed in a way that provides integrity and is globally accepted.
• ICANN should modify the registry and registrar contracts to include provisions that would allow registrants to deploy DNSSEC in a convenient way.
• ICANN should encourage a stricter registration process to minimize fraudulent and criminal registrations.
• ICANN should proceed further with implementing the proposals from the 2005 Hijacking report.

Registries, Registrars and the Abuse of Domains

March 3, 2009

Tuesday, 3 March, 2009 16:45 - 18:15
http://mex.icann.org/node/2736

Slides for Registries Registrars Abuse Domains (.ppt)
Audio Recording of session (.mp3)

###
Rolling commentary from General Assembly of the North-American Regional At-Large Organization
In a discussion with ICANN's new Compliance chief David Giza we have again raised the issue of verifiable contact information for Registrars. (see: news2008.html#11022008)

Also concerning Section 3.7.8 of the RAA we have requested a change in the language of one word "or" for "and".

"Registrar shall abide by any specifications or policies established according to Section 4 requiring reasonable and commercially practicable (a) verification, at the time of registration, of contact information associated with a Registered Name sponsored by Registrar OR (b) periodic re-verification of such information. Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."

The word "or" should be changed to "and". This is an ambiguous situation that could be easily remedied by requiring both activities. Verification at registration and regular checking should go hand in hand. Checking at the origin point can prevent the need for checking later and would improve security and general stability of the registry system. Also, how is one to determine which action a Registrar opted to use? How is this verified? It is better to know that both verifications are occurring, it will save the Registrars many headaches in dealing with abusive registrants BEFORE they get in as opposed to after. Comments have been made that this process will increase the cost of domain registration. Wrong. Simple form verification is commonplace in Internet commerce, the scripting is easy. This is the first line of defense against forgery. Second level verification: Registrars must email registrants a transaction receipt when a domain name is purchased. Sending this notification to the posted Whois contact email will provide instant verification of accuracy. Other items should at least match the payment information which the Registrars are assured of verifying.

Parava Networks Receives Breach Notice

March 2, 2009 - Rolling

Parava Networks, AKA 10-domains.com received a breach notice from ICANN Friday for among other issues, failure to correct Whois inaccuracies including the records for the Registrar's own sites. This was reported by KnujOn in July, 2007. This came to our attention while investigating Registrars sponsoring unlicensed steroid domains. Official requests sent to Parava's office were returned as undeliverable. However, Parava to this day still uses this obviously bogus address for their whois record.

ICANN CEO Paul Twomey Resigns

March 2, 2009 - Rolling

Mexico City, Mexico — 2 March 2009 — Founders and leaders of the Internet today praised the achievements of Dr Paul Twomey, the President and Chief Executive Officer of ICANN, after learning that Twomey had advised ICANN's Board of Directors that he will not seek renewal of his contract and will move on from ICANN at the end of 2009. (icann.org)

Connecting to an Unsecured Network?

March 2, 2009

KnujOn At ICANN, Working Group 4: Transparency and Accountability of ICANN

March 1, 2009

Working Group 4 will prepare a statement of the At-Large community on the subject of transparency and accountability in ICANN. This subject is regularly discussed in the community - especially at present, as community members reflect on the level of transparency and accountability that ICANN should have as a part of the “Improving Institutional Confidence” process, which is being handled by Working Group 2 of the Summit. Over the years, the At-Large community has provided significant input regarding the development of transparency and accountability of ICANN within statements on related topics. Details of this communication are available at: http://www.atlarge.icann.org/en/correspondence. (Note that some statements are available in English only at the present time).

ICANN - Mexico City

February 28, 2009

After being stranded in Atlanta for one night, KnujOn's Garth Bruen is finnaly in Mexico City at the ICANN meeting. He will be presenting at several e-crime sessions and participating in serious policy discussions.
Let Your Voice Be Heard!

Spam and obscene profits

February 27, 2009

Obscene profits occur when registrars knowingly permit spammers to buy huge blocks of web addresses to further their questionable activities. In an age where analytic applications are becoming pervasive, why wouldn’t a registrar develop analytic measures to detect and halt improper behavior? It’s got to be money related. They’re addicted to the easy, straight to the bottom line money that this activity generates for them. Let’s call this obscene profit.
...
Knujon is an interesting organization. It is a small, volunteer group that wants ICANN, registrars and others to follow the rules that supposedly govern the Internet. Please read their reports, send them your spam and help them pressure the registrars to make the Internet a safer place for us all. (blogs.zdnet.com)

MIT Spam Conference - Call for Papers

February 23, 2009

The Expanded MIT Spam Conference 2009 invites the submission of original, unpublished papers on all aspects of spam and other types of electronic communications brand malware. Topics of interest include:

• phishing, spyware
• spit (spam over internet telephony)
• spim (spam over instant messenger)
• SMS spam
• MMORPG spam
• blog spam
• trackback spam
• image spam
• stock pump-and-dumps
• email con games
• exploit marketing
• identity theft
• zombie bots and bot armies
• antispam systems
• hardware antispam countermeasures
• software antispam countermeasures
• wetware (a.k.a., liveware, meatware, i.e., user errors)
• blue-ware (i.e. employing the police).

Discuss Registrar Report at Nabble

February 22, 2009

"Really the problem is with the apparently irresponsible domain registrars at the top of the Knujon list who seem perfectly happy to sell hundreds of thousands of domains to apparent criminals. The outright criminal ISPs and registrars (like Estdomains, Intercage, McColo, etc.) need to be kicked off the Internet, and the non-criminal ISPs and registrars need to do much more to stop abuse of their services and networks." (nabble.com)

Register.com - Phantom Cash Offers and Phantom Companies (Part 3)

February 21, 2009

• 8771 Junk Domains Touting Phantom Cash Offers
• 144 Fake Companies Registering Domains
• 46,183 Spam emails to KnujOn members

	Domain registered by Web Angeles, a non-existent company not found at the Pennsylvania address used to purchase the domain from Register.com
	This fictitious company, Exim Merchant, gives their address as "RAINBOW 6, LAS VEGAS". Rainbow Six is a Tom Clancy Novel and Rainbow Six Las Vegas is a video game based on the novel.
	Oriicon, another fake company using a MailBoxes Etc. address to get their domains sponsored by Register.com
	Fake company Corinthian Designs also uses a MailBoxes Etc. address to purchase domains from Register.com

Register.com - Phantom Cash Offers and Phantom Companies (Part 2)

February 20, 2009

When first contacted by Brian Krebs Register.com stated: we take the issue of domains used in spamming campaigns -- or any other inappropriate activities -- very seriously. We have a process that lets the public alert us to any inappropriate or illegal uses of the domains under our management by emailing abuse@register.com. Once notice of a potential abuse is received, either through our abuse process or any governing agency, we take prompt action to investigate the report. If any inappropriate use of the domain is found we take the domain offline immediately.

However, KnujOn notified Register.com on February 3rd of a massive fraud network operating within their space but so far they have neither responded to us or taken any action. Additionally, we offered to help them clean the illicit sites out of their space for free. We understand that this is a daunting task and take into account as Register.com stated: "[Register.com] does not judge domain usage or proactively monitor/govern how our customers use their domains", however we specifically told them how the domains were being improperly used and still no response. Therefore we have no option but to detail the completely fictitious and fraudulent entities Register.com has sold domains, each of which has been advertised in spam.

Fake companies with domains sponsored by Register.com

Flaws In the Registrar Accreditation Agreement (RAA)

February 19, 2009

Questions have been arising lately as to the real protective power of the Registrar Accreditation Agreement (RAA) which is a commitment that governs the relationship between ICANN and its accredited registrars. Following in the footsteps of KnujOn.com, Spamlaws.com has been investigating the serious flaws within the framework of the RAA and invites our readers to push ICANN to further amend the Registrar Accreditation Agreement and take a tougher stance against the accreditation of spam and malware hosts. (spamlaws.com)

Spam's supply and demand

February 18, 2009

The spam industry has taken some hits during the past year. In May 2008, the anti-spam organization KnujOn issued a report that identified 20 registrars — companies that issue domain names — as responsible for 90 percent of the domains associated with high levels of spam or other abusive activities. Only two of the top 10 offenders from the original list made it onto the most recent list, released by KnujOn this month. The others went out of business or cleaned up their acts. Unfortunately, the new list shows that a new group of registrars has taken their place at an even greater level of concentration, with 10 registrars responsible for 83 percent of spam domains. And the amount of spam is not decreasing. Spam volumes took a sharp dive in November with the shutdown of McColo, a hosting company based in San Jose, Calif., that was identified as the source of a lot of unwanted e-mail messages. However, according to Symantec’s State of Spam report for February, spam quickly rebounded from a low of about 50 percent of all messages scanned at the mail gateway immediately after the shutdown to about 80 percent. (gcn.com)

Alleged Software Counterfeiters Indicted

February 17, 2009

Two U.S men have been indicted on several software counterfeiting related charges for allegedly selling pirated software on eBay and through Web sites. The indictment, announced this week, was returned by a federal grand jury for U.S. District Court for the District of Arizona in November. Christopher Loring Walters, 28, of Newport Beach, California, and Matthew Thomas Purse, 32, of Gilbert, Arizona, were charged with conspiracy, mail and wire fraud, criminal copyright infringement, and trafficking in counterfeit labels, packaging or containers, according to the U.S. Attorney's Office in Phoenix. (investigativeproject.org)

Data loss costing companies $6.6 million per breach

February 16, 2009

The total average cost of a data breach last year reached $202 per record, a 2.5% increase since 2007, a study published Monday revealed. The study was conducted by the Ponemon Institute, a privacy and data-protection research group, and PGP, a data-encryption vendor. It was based on the costs incurred by 43 organizations following actual data breaches. According to the report, the total average cost per company surveyed was more than $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. The highest reported total cost among the 43 respondent organizations was $32 million. Of the average $202 per record cost, $139 was attributable to lost businesses as a result of the breach. As a percentage of the total cost per record, that represents 69%, which is up from 67% in 2007 and 54% in 2006. Customers, it seems, lose faith in organizations that can't keep data safe and take their business elsewhere. "This finding reinforces the message delivered by leading enterprise IT managers and industry analysts that organizations must focus on proactively protecting their data instead of relying exclusively on written policies, procedures, and training," the report says. (informationweek.com)

Mystery Calls From 231-732-2059

February 15, 2009

Auto warranty scams continue, this time from Morley, Michigan. Everytime KnujOn gets one of these calls we try to keep them on the line as long as possible to get information out of them but they inevitably hang up the more we push.

Auto warranty firms launch sleazy scam (msnbc.msn.com)
Car warranty scam keeps phones ringing (edmontonjournal.com)
Better Business Bureau Warns Consumers of Auto Warranty Scam (wibw.com)

Valentine Spam Part of a Junk-mail Resurgence

February 14, 2009

Valentine's day spam and scams are showing up in inboxes in anticipation of the upcoming holiday. The messages, with timely sales pitches like "Increase your length, the best valentine's gift," join a flood of other crap mail that has spam levels back up to where they were prior to the McColo shutdown success in November.
...
Krebs covers work done by a group called Knujon that shows how most of the Web sites advertised by all this junk mail are registered with only a small handful of domain name registrars (out of 900 or so total, Krebs writes). His post doesn't explicitly come out and say so, but I'd say identifying outfits central to helping spammers is the first step towards cleaning up - or shutting down - those outfits and perhaps scoring another victory against Internet crime. I'll be keeping my fingers crossed. (pcworld.com)

KnujOn at MAAWG

February 13, 2009

KnujOn's Dr. Robert Bruen is presenting at the 15th General Meeting of the Messaging Anti-Abuse Working Group (MAAWG) with keynote speaker Brian Krebs. About MAAWG:
The Messaging Anti-Abuse Working Group is a global organization focusing on preserving electronic messaging from online exploits and abuse with the goal of enhancing user trust and confidence, while ensuring the deliverability of legitimate messages. With a broad base of Internet Service Providers (ISPs) and network operators representing almost one billion mailboxes, key technology providers and senders, MAAWG works to address messaging abuse by focusing on technology, industry collaboration and public policy initiatives.

Register.com - Phantom Cash Offers

February 12, 2009

Due to new raw data concerning the Register.com specifics we are suspending the reporting on them until we can review the new information.

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at CircleID (circleid.com)
Discuss KnujOn Registrar Report at Abuse.net (abuse.net)

Register.com - Phantom Cash Offers

February 11, 2009

Note: Register.com was notified of the details in this report on February 3, 2009 and has not responded.

Reviewing the details that brought each Registrar to this list is a useful exercise. As we saw Xin Net holding thousands of illicit pharmacies and eNom sponsoring spammed domains for sale at inflated prices, we again see another type of spam site with Register.com: ones that offer phantom cash, prizes or coupons in exchange for personal information. KnujOn has recorded 8,771 spammed domains with content similar to or redirecting to sites with the similar content below:

caramelnyz.net


Or cocopalmz.com


We will begin to untangle this issue tomorrow and discuss some of the companies behind this type of spammed domain.

###
With all the negativity to reflect upon in the world of IT security these days, there has been a pretty cool trend emerging over the last year or two as grassroots researchers have experienced greater success in calling out online miscreants in public and then seeing those organizations snap-to or go under. Witness the successful effort to take down notorious hosting provider McColo last November as proof - it does seem like the people can and will be heard on matters of security when they can find the right constituencies to speak to, and when they have the right things to say. KnujOn, a research effort aimed at stemming the tide of spam and e-mail-borne malware attacks, is one of the parties who have had some success to that end, specifically in shining a light on some of the Internet's least ethical registrars. (securitywatch.eweek.com)

Full KnujOn Registrar Report
Discuss KnujOn Registrar Report at Slashdot (slashdot.org)
Discuss Domain Inflation at SpamCop (spamcop.net)
Re-Ranking KnujOn’s Spam Domain Registrar List (domainnamewire.com)
Report: Most Spam Sites Tied to Just 10 Registrars (nist.org)
10 Registrars Responsible for 83% of Spam Websites (domainpulse.com)

NetworkSolutions - Stepping Up

February 10, 2009

Many were surprised by NetworkSolutions appearance on our abused Registrar list, and we were too. They are facing many of the same issues as other Registrars in terms of online crime, fraud, and abuse. But, there is one big difference, they're doing something about it. Unlike the previously discussed Xin Net and eNom, Network Solutions contacted us immediately and responded to items we sent them quickly, including fixing one customer domain that had been hijacked to distribute viruses. Yesterday, Network Solutions' Shashi Bellamkonda blogged about this report:

We laud and appreciates the efforts of Knujon and other organizations like APWG in their anti-spam/abuse efforts. Network Solutions is passionate in this war against spam and has a common goal to combat abuse on the Internet.

Not just making empty statements we can confirm that action was taken:

From the details that Knujon provided us yesterday we notified registrants of the domain names and most have taken action immediately.

If Xin Net and eNom responded like this, instead of just claiming to, the Internet would be a significant degree safer.

###
Full KnujOn Registrar Report
Hundreds of Houston computers infected by virus (boston.com)
Link-spamming spreads to NHS, police (theregister.co.uk)

eNom - Pill Sites and Suspicious Domain Advertising (Part 2)

February 9, 2009

continued from Friday...

We have shown that eNom had the largest number of spammed domains in the last six months (32,610). This is 0.4% of their portfolio, but to put that into perspective the average Registrar has 0.001% of their domains spammed. Anything over 0.05% is bad.



These are the overall numbers. Yesterday we looked specifically at illicit pharmacies sponsored by eNom. Anyone who wants to test the validity of eNom's statement that: "customers suspected of using its products and services for sending spam are investigated" just needs to ask if Midpharmacy.com, airsealed.com, and anabolicsteroidspharma.com are being investigated. But, you don't have to take our word for it! Within notorious drug trafficking forums, pill-pushers have advised fellow illicit substance providers to move their domains to "namecheap.com Because he is a reseller of ENOM." What could eNom do to change this perception that they are friendly to illicit pharmacy? In September, 2008 Directi took a pledge to help end the illicit pharmacy menace, and we are now calling on eNom to take that same pledge. Like we have stated, we are interested in correcting these issues and helping the Registrar

But, let's talk more specifically about spam, and even more specifically about which of eNom's customers benefit the most from spam traffic. KnujOn has collected thousands upon thousands of spams like the one below:



The source code of these emails are jammed full of nonsense URLs. The domains featured change with each iteration and seem unrelated until you discover the common thread: they are all for sale. The email featured above has the following domain names linked or embedded in the email:

mkxt.com
aeha.com
ryvg.com
hcao.com
qidj.com

mkxt.com is one of the more interesting examples because its owner has over 10,000 spammed domains in our database, and every single one of the eNom-sponsored domains redirects to this site:

The plot thickens as we find that AskMySite is a reseller of Godaddy, which feeds right into Ben Butler's belief that "the majority of abuse appears to be coming from customers who abuse the company's reseller model."

"In one case you may have a reseller who sells domains using our service as company 'abc,' which can then set up reseller accounts for anyone who buys a reseller account through them," Butler said. "Company 'def' is underneath that reseller, 'ghi' is under them, and so on, so that if you're using different names under each of those, due to the nature of the reseller agreement, we may have no idea initially if we're dealing with the same reseller. There's no immediate feeback that tells us all of these resellers are the same individuals." eNom, Butler said, is "almost certainly dealing with the same problem for much the same reason. Their whole model is designed for resellers." (washingtonpost.com)

What do domain resellers have to do with your spam? Domain resellers are speculators in the domain name market. Domains have become a currency unto themselves, like stocks, the value of a domain name goes up and down. Some companies buy and hold thousands of domain names and trade them when the price goes up. Sometimes the Registrars and resellers have auctions for domain names. Spam fits into the picture when it comes to valuing a domain name. Domains that have value often do because there is great interest or perceived interest. Interest can be artificially increased through click fraud and spam which can change the number of times a particular domain was visited. In the case of a domain no one has ever hear of, like mkxt.com, as site that has no content making in relatively invisible to search engines, the only real way to get visitors to the site in order to inflate the value is through spam. In fact, the next domain featured in the spam sample above is aeha.com which is being offered for $4,825.00.


The same is the case for the other domains featured in this spam sample. The bottom line is that someone in this vast chain is making money by spamming millions of Internet users. If this is a case, as many claim, of resellers manipulating the market through abuse then the Registrars are the only ones in a position to fix the problem since they sponsor and profit off of the resellers. If the Registrar world is secretive and unknown, the resellers are even more so. There is no question that regulation of the secondary domain market is demanded by this wide-spread abuse.

###
Chez quels registrars sont les noms de domaine qui posent le plus de problèmes en terme de spam ou autres actions abusives type phishing ? Pour répondre au mieux à cette question, KnujOn compile chaque année une "liste noire", dont la version 2009 vient de sortir. En parlant de cette liste l'an dernier, j'avais déjà expliqué la méthodologie de KnujOn (on ne prononce pas le "K", le nom vient en fait de l'anglais "no junk" (pas de saletés) écrit à l'envers). Le "Top 10" de la liste 2009 montre que certains registrars pointés du doigt en 2008 en su réagir. Mais ce n'est certainement pas le cas de Xin Net, ce registrar chinois étant pour la deuxième année consécutive en tête de ce triste classement. (stephanevangelder.com)

Full KnujOn Registrar Report
A Plan to Stop Fast Flux Networks Begins to Form (eweek.com)

eNom - Pill Sites and Suspicious Domain Advertising (Part 1)

February 6, 2009

This information is offered as a public service to help consumers and industry make informed decisions when conducting business on the Internet in addition to raising concerns about public health and safety.

Number 2 on our recent Top Ten Abused Registrars Report is eNom. Along with Xin Net, eNom is the only Registrar to remain on our list from the previous report. eNom has also appeared in our reporting several times in the last year, notibaly for having atleast 116 ICANN Accreditations. KnujOn has asked around as to why a company would need so many different accreditations and the common answer is market manipulation. The sale of domain names is an industry unto itself beyond sponsoring domain names for actual commercial use. Auctions of domain names have often lead to sales of thousands and even millions of dollars for a single domain name. The domain "after-market" is an area that allows Registrars to bid on previously owned expired domain names. Companies with more than one accreditation have more opportunities to bid on these domain names than a company with only one accreditation. It's a practice that many Registrars call unfair. But more on this later.

Our primary interest in eNom is its apparent sponsorship of illicit domains including unregulated Internet pharmacies. While eNom has claimed it investigates and takes action against problem sites they have not removed the following pharmacy domains we notified them about last week. eNom has also not responded to our inquires eventhough they have stated they want to review our research. In their statement to the Washington Post eNom said: "[We] also questioned the reliability of Knujon's data", but there is no need to question our data. All one has to do is check the sites listed below which are sponsored by eNom and have been sent to their abuse department yet continue to be active illicit online pharmacies.

Midpharmacy.com

One of the so-called "Canadian Pharmacies" (none of which are in Canada and actually get their illicit drugs from India or China, counterfeiters and market diverters), This is one of the more interesting cases because it involves the manipulation of the very fabric of the Internet in order to conceal location and ownership.



The other day we reported that some illicit pharmacy redirects (a redirect means one website is advertised in spam, but when loaded transfers the Internet browser to a second location) had no Whois records. Whois records are required of all domain names and not having a record violates ICANN policy.


In fact, the very IP address is also part of a secret network:



So, in short the domain that forwards Internet users to eNom-sponsored illicit pharmacy Midpharmacy.com is more or less invisible. There are no publicly available records to locate the owner. With this method domains like Midpharmacy.com can escape being blocked in spam filters and blacklists and the trail to the spammed site groundlevelnetwork.com runs cold.

The tools ordinarily used to find details are blocked:

Tracing route to 71.6.162.131 over a maximum of 30 hops
1     2 ms     4 ms     1 ms
2     *        *        *     Request timed out.
3    reports: Invalid source route specified.

Trace complete.

Server:  www
Address:  10.1.10.1:53
*** www can't find 71.6.162.131: Non-existent domain

Xin Net - The Leader in Illicit Domain Traffic

February 5, 2009 - Special Coverage

Yesterday KnujOn released a report on the most heavily abused Registrars and Number 1 for the second time is Xin Net (AKA: paycenter.com.cn). Xin Net is continuous source of problems. KnujOn has recorded 34,283 illicit domains at Xin Net since June, 2008 dealing in unregulated prescription drugs, pirated software, and general counterfeit consumer goods. Last May we documented the vast array of rogue pharmacies sponsored by Xin Net. KnujOn also made an offical request to issue a Breach Notice to Xin Net, but this advice was not heeded.


The University of Milan has done an excellent study of "Fast Flux" traffic that showed Xin Net domains to be the biggest recipient of this scheme.

Recently, the Waldec Trojan seems to be favoring Xin Net sponsored domains.

While Xin Net claims to want to fix these problems, we so no evidence of this. Xin Net professes to want to work with us but they have not responded to our requests. They have also stated that they delete illicit domains (however, we have documented suspended domains at Xin Net going right back up after a short period), but this is meaningless if they keep selling new domains to the same abusive customers. We sent Xin Net a list of 13 customers(registrants) that should be banned from purchasing new domain names. Xin Net knows who these clients are.

CNN Covers OnLine Pharmacy Verification and Illegal Sales

February 5, 2009

According to our research illicit prescription drug traffic accounts for 80-90% of the abuse online. Most of the spam, Registrar abuse, domain abuse, Whois fraud, malware distribution and general noise is used to push diverted, unregulated and counterfeit pills. So what is being done to protect the consumer? Sadly, not much as we see in this CNN story:

Or: Easy to buy drugs online? - Video (cnn.com)

Online pharmacies often have a seal from a verification company called PharamacyChecker, but is this just a rubber stamp? The CNN story features RX-Checkout.net. This film shows how Google advertisments lead to the site where a purchase for Xanax can be made without a prescription. PharmNet.com, a PharamacyChecker-approved site, accepts the order for Xanax and then processes the transaction on RX-Checkout.net, a non-PharamacyChecker site. Without a prescription and without full verification of the entire operation it seems this pharmacy is in violation of the PharmacyChecker standards and should have its verification revoked. Unless these policies are enforced, the seals placed on websites become meaningless.

Fake Medications On Rise As Economy Worsens(kfoxtv.com)

Report: Most Spam Sites Tied to Just 10 Registrars

February 4, 2009

Nearly 83 percent of all Web sites advertised through spam can be traced back to just 10 domain name registrars, according to a study to be released this week.

The data come from millions of junk messages collected over the past year by Knujon ("no junk" spelled backwards and pronounced "new john"), an anti-spam outfit that tries to convince registrars to dismantle spam sites.
While there are roughly 900 accredited domain name registrars, spammers appear to register the Web sites they advertise in junk e-mail through just one percent of those registrars. Knujon's rankings include:

1. XinNet Cyber Information Company Limited
2. eNom
3. Network Solutions
4. Register.com
5. Planet Online
6. Regtime Ltd.
7. OnlineNIC Inc.
8. Spot Domain LLC
9. Wild West Domains
10. Hichina Web Solutions

FBI Uncovers Worldwide $9M ATM Card Scam

February 3, 2009

MYFOXNY.COM - A Fox 5 investigation exposes a worldwide ATM scam that swindled $9 million and possibly jeopardized sensitive information from people around the world. Law enforcement sources told Fox 5 it's one of the most frightening well-coordinated heists they've ever seen. The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people's ATM cards. (myfoxny.com)



See FBI's Wanted Poster

Illicit Pharma Redirects Have Blank Whois

February 2, 2009

KnujOn has found that some domain names that redirect to illicit unlicensed pharmacies have blank Whois records. One example being groundlevelnetwork.com, a site advertised in spam that redirects to midpharmacy.com, has no Whois record.



We have frequently found that illicit domains find ways around full disclosure and have methods of subverting the system for their own gain.

She's Not a Terrorist, But She Plays One on the Web

January 30, 2009

It's 3:30 a.m. ET, and the female holy warrior Oum Obeyda, the Baghdad Sniper, Ihrabi 007, and Abu Zeida, an al Qaeda financier, are in furtive online debate within one of the estimated 5,000 insurgency forums or Websites. They are planning an attack against the U.N. Headquarters in Afghanistan. A few weeks later, the plans go horribly wrong for the insurgency group. Those who have not been arrested have to go into hiding -- they been exposed. But by whom? If it sounds like the pitch for some Hollywood blockbuster, fact is even better than fiction. Abu Zeida, the Al Qaeda financier, is actually the "Queen of Cyber Warriors," a Montana-based mother of three, Shannen Rossmiller, working from her home PC. On January 8, she presented "Penetrating Minds of Mayhem: Inside the Psyche of an Islamic Extremist," at the final day of the Fordham/FBI International Conference on Cyber Security. As the U.K.'s Daily Telegraph said, "Global jihad has more to fear from Shannen Rossmiller than a squadron of F-16s." (internetevolution.com)

Troubled Ukrainian Host Sidelined

January 28, 2009

A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider. Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers.
(washingtonpost.com)

Hackers Crack Into Texas Road Sign, Warn of Zombies Ahead

January 28, 2009

Transportation officials in Texas are scrambling to prevent hackers from changing messages on digital road signs after one sign in Austin was altered to read, "Zombies Ahead."

(foxnews.com)

Thrift store MP3 player contains secret military files

January 27, 2009

The files included the home addresses, Social Security numbers and cell phone numbers of U.S. soldiers. The player also included what appeared to be mission briefings and lists of equipment deployed to hot spots in Afghanistan and Iraq. Most of the information appears to date to 2005. (cnn.com)

Microsoft Adds Clickjacking Protection to IE8 RC1

January 27, 2009

Protection against malicious Web attacks and tweaks to a feature that lets users browse the Internet privately are among updates Internet Explorer users can test in the first release candidate for IE8, which Microsoft made available Monday. As first reported by the IDG News Service Friday, Microsoft released the feature-complete version of IE8 to the Web Monday. Microsoft added performance tweaks to existing features and one major security update to block Web attacks known as "clickjacking" that the company said makes IE8 the only Web browser to offer such protection. (pcworld.com)

Internet Porn, ICANN, and Families: A Call to Action

January 26, 2009

Although the International Corporation for Assigned Names and Numbers (ICANN) technically does not regulate Internet content, its day-to-day decisions consistently influence not only the structure of the Internet, but its content as well. ICANN policies concerning the approval of Top Level Domains and Internationalized Domain Names, maintenance of the WHOIS database, treatment of common vehicles for abuse, and requirements governing speech, for example, have far-reaching implications. Among the ramifications are the potential for protecting children online now or in the future, stopping the flow of child pornography, thwarting predators and sex traffickers, and maintaining legitimate free speech policy.

ICANN's mission and effectiveness depends, as its mission statement states, on "broad, informed participation reflecting the functional, geographic, and cultural diversity of the Internet at all levels of policy development and decision-making." However, in practice, only a handful of individuals who share a certain policy viewpoint have represented the billions of non-commercial Internet users around the globe in the ICANN policy-making process. At the crux of many ICANN policies is the debate on unfettered speech, access, and anonymity on the Internet. These issues are complex, culturally and nationally diverse, and changing as we understand more about the Internet and its potential.

This Article addresses reasons why advocates for families, consumers, and safety interests have not yet stepped forward to fill the gap in the stakeholder representation at ICANN. It then discusses the makeup, history, and voting power of the current ICANN Non-commercial Users' Constituency (NCUC), and the positions taken by the NCUC and its officers in policy debates. It explores the basis and implications of these positions, including the principle of "Net Neutrality." It compares this principle with the traditional parameters of the right to free expression. Finally, it urges a more robust and balanced discussion of competing rights and interests in the ICANN forum.

This Article concludes with recommendations for ICANN to respond to the narrowness of the non-commercial stakeholder representation. It suggests (1) considering further the reasons for keeping separate the NCUC and the At-large Advisory Committee; (2) using ICANN's travel support funding to encourage wider participation of groups and individuals representing the breadth of user interests; (3) developing integration and training programs; (4) maintaining standards for rotating officers and appointments; as well as (5) materially assisting in the revision of the stakeholder structure. (papers.ssrn.com)

KnujOn 2008 News Archived

January 25, 2009

Each year we archive our news stories to keep this page as current as possible. But all news stories from 2008 are available here: 2008 News. All other previous years are also available: 2007, 2006, 2005.

Monster.com suffers database breach

January 24, 2009

For the second time in 18 months, employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed. The Massachusetts-based website is warning all its customers that their names, birth dates, phone numbers, user IDs and passwords, email addresses, sex, and ethnicity have been pilfered. It strongly urges users to change their login credentials immediately and to be on the lookout for phishing emails. The breach prompted this warning from USAJobs, which looks to Monster to run its website. (theregister.co.uk)

That Letter to ICANN from the NTIA

January 23, 2009

A cranky letter from the NTIA to ICANN [PDF], submitted in late December during ICANN's comment period for new top-level domains, has encouraged the awkward coalition of those opposed to new TLDs. The NTIA (National Telecommunications and Information Administration), a division of the Department of Commerce, is the agency tasked with being ICANN's watchdog. So a letter from them carries some weight, though not as much as some people think. The letter basically says (read it, it's not long) that ICANN hasn't proven that new TLDs will benefit the consumer, which I suppose is true, although I wonder how anyone could prove that without actually trying it. Otherwise, the letter asks for many of the changes that others who support new TLDs (including me) have asked for, including justifying the excessive fees, come up with a way other than auctions for deciding which applications are better, come up with a better way of managing contracts, etc. etc. (circleid.com)

Obama to get spy-proof smartphone

January 22, 2009

E-mail has long been treated with suspicion by the Secret Service because of fears it could be hacked into by foreign espionage agencies, or that sensitive information could reach the public domain via a single mistaken strike of the "send" key. There are also concerns that mobile devices such as the BlackBerry, which contain built-in GPS technology, could be hacked, revealing the president's location within a few feet. But according to reports Thursday, Obama may actually have been issued a spy-proof alternative to his favorite toy. Writing on his blog for the Atlantic magazine, Marc Ambinder reports that the National Security Agency has approved a $3,350 smartphone -- inevitably dubbed the "BarackBerry" -- for Obama's use. The exclusive Sectera Edge, made by General Dynamics, is reportedly capable of encrypting top secret voice conversations and handling classified documents. (cnn.com)

Massive Credit Card Data Breach

January 21, 2009

A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported. Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month. (wsj.com)

The Downadup virus

January 20, 2009

The country is starting a new era today with the swearing in of Barack Obama as the 44th president, but in cybersecurity we might be going back to the bad old days. Hackers are using social engineering tied to the Obama inauguration to recycle the W32.waledac worm, which showed up last year for the holiday season. But a bigger threat might be the W32.Downadup worm, which could be building a large botnet of compromised computers. Security analysts tracking the latest high-profile worm to stalk the Internet say that W32.Downadup exploits a known vulnerability for which Microsoft issued an out-of-cycle patch in October. Despite the availability of the patch and of antivirus signatures, Symantec called the worm one of the most prolific seen in years and has clocked at least 3 million unique IP addresses infected. (gcn.com)

Botnets' Landscape Changes as Spammers Get Back in the Swing of Things

January 17, 2009

Spammers have been hard at work at regaining their past momentum. Over the past year, the botnet landscape has changed, especially since the McColo shutdown. It’s been roughly two months since the much-heralded shutdown of McColo, yet spam levels have remained below where they were previously. While the amount of spam hitting enterprise networks is building as botnet operators regain their momentum, the botnet landscape has changed significantly. Some of the former kings of the hill, botnets such as Srizbi, were badly hurt by the shutdown. (eweek.com)

Whiny Pill-Pushers Lament Domain Suspensions

January 16, 2009

It is infrequent we receive confirmation from the other side that our work is having an effect, but when we do it makes it all worth it. Electronic pill pushers are publicly complaining that previously friendly Registrars are giving them the boot. In a forum apparently dedicated to operators of unlicensed Internet pharmacies we find them discussing their plight:

" Can you guys suggest some safe registrars where we can register pharma domain names? As you know these days registrars like Directi and GoDaddy suspending domains like anything. I think its better to register new sites on some non US and transfer all existing sites to protect further ban. "

They make specific reference to Directi and Godaddy. KnujOn participants will recall a drastic shift in policies at Directi after a report we published detailed illicit sites sponsored there. Much of this activity was attributed to dirty resellers that were dumped by Directi after the report. An enormous amount of negative press and illicit traffic at Directi could also be blamed on the now defunct Registrar EstDomains. Directi has since voluntarily suspended thousands of rogue pharmacy domains, hence the instructions from pill traffickers:

" Move off Directi and any of their resellers."

The mention of Godaddy is also significant because KnujOn had collaborated with LegitScript to focus on websites offering steroids. Godaddy held the largest number of steroid domains until we discussed the issue with them. Interestingly, the pill-pusher forum recommends moving to eNom which is currently the only U.S.-based Registrar refusing to terminate the steroids domains it sponsors.

Q: Can you people suggest some[Regsitrars open to unlicensed pharmacy sites]?
A: namecheap.com Because he is a reseller of ENOM


Unrelated correction: An article on the decline in retail fraud after the McColo takedown was incorrectly attributed to ecommerce-journal. The article was actually written by Brian Krebs.

Fake Northwest Airlines E-Ticket Spreads Virus

January 14, 2009

The emails come from an apparently compromised node on BellSouth's network.

Date: Wed, 14 Jan 2009 09:26:06 -0800 
From: "Northwest Airlines"  
To: < > 
Subject: E-ticket #4766920495 

Hello!

Thank you for using our new service 
"Buy Northwest Airlines ticket Online" on our website.
Your account has been created:

Your login:  
Your password: passJMF0

Your credit card has been charged for $492.54.
We would like to remind you that whenever you order tickets 
on our website you get a discount of 10%! Attached to this 
message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, 
and you are set to take off for the journey!

Kind regards,
Laurie Mcdonald
Northwest Airlines

Is Reunion.com using hijacked mailboxes and address books?

January 13, 2009

In the battle of social networking sites, Reunion.com is playing dirty. Previously on KnujOn's trusted list, Reunion.com will now marked as a spam site in our process. Reunion has been using these aggressive tactics for a while, but all of the sudden people are seeing more of it. Why? Because a California court just threw out a lawsuit against them. This has seemingly emboldened them to turn the spam hose on us and do so with apparent impunity.

Not only does Reunion.com's automatic message mislead e-mail recipients by saying that someone known to them is searching for them, it misrepresents the intentions of new members by giving the impression that they're actively seeking to communicate with the people in their address books.

"I thought I was just signing up to read my friend's message, At no time did I think I was authorizing them to access my online address book." (latimes.com)

" They must have hacked into my yahoo address and got her from my address book. That is so upsetting to me." (consumeraffairs.com)

CAN-Spam-a-Friend? The Case Against Reunion.com

More on this later!

Mysterious credit card charge may have hit millions of users

January 11, 2009

Several Internet complaint boards are filled with comments from credit card customers from coast to coast who have noticed a mysterious charge for about 25 cents on their statements. The charge shows up on statements as coming from "Adele Services" in Melville, N.Y. There is no business by that name listed in Melville, or registered to any business anywhere in New York, for that matter. Two theories of what is going on have advanced on message boards and among consumer advocates: Someone is trying to find out whether an illegally obtained credit card number will work before making a bigger charge, or they're trying to rip off tiny amounts from tons of people. (boston.com)

Vanigo.com Using Hijacked Hotmail Accounts for Spam Campaign

January 8, 2009

It was reported to us yesterday that BIZCN-Sponsored (China) and Softlayer-hosted (Texas) vanigo.com is being advertised with spam from hijacked hotmail accounts (we have access to the originating account to document). This, of course, is not big news. Spam from spoofed and compromised accounts is de rigueur. But this gives us an opportunity to ask questions about why this practice is used.

Apparently located in China, vanigo sells electronics, name-brand electronics (maybe). The low prices being offered by vanigo are impossible which leads to the question of counterfeiting. If you become a "member" prices are even lower. Examples below (Note: we used the LOWEST discount prices available for comparison).

Terrorists launder cash through online gambling

January 7, 2009

Islamic terrorist networks are using online gambling websites to launder money for attacks, security analysts have disclosed. The security services have been warned that the internet is increasingly being used to train terrorists, raise money and as the main form of media to promote radical Islam. Computer experts in al-Qaeda have created an "online University of Jihad" that is recruiting and training potential terrorists in Britain without them having to risk travelling to camps in Pakistan. (telegraph.co.uk)

Scale of Data Breach Revealed

January 4, 2009

In February, BNY Mellon discovered that one of ten boxes of back-up unencrypted computer tapes was missing from a delivery van that was transporting them to the bank’s shareholder services facility in New Jersey. The bank, recognizing the potential for massive identity theft, took months to admit that the tape contained personal and financial data for 12 million people nationwide, including 635,000 in Connecticut, many associated with People’s Bank. The tape was never recovered. (hartfordbusiness.com)

BNY Mellon's data tape 'lost in transit' (pittsburghlive.com)