YAY! Re: Atrivo/Intercage: NO Upstream depeer

Mark Foo mark.foo.dog at gmail.com
Wed Sep 24 01:08:21 CDT 2008


NANOG:

Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
INTERCAGE
-- you are effectively aiding and abetting the enemy.

Intercage/Atrivo hosts the malware c&c botnets that DDoS your systems and
networks.

Intercage/Atrivo hosts the spyware that compromises your users' passwords.

Intercage/Atrivo hosts the adware that slows your customers' machines.

Don't take my word for it, DO YOUR OWN RESEARCH:
http://www.google.com/search?hl=en&q=intercage+malware

You don't get called the ***American RBN*** for hosting a couple bad
machines. They
have and will continue to host much of the malware pumped out of America.
THEY
ARE NOT YOUR COMRADES.

These people represent the most HIGHLY ORGANZIED CRIME you will ever
come across. Most people were afraid to speak out against them until this
recent ground swell.

This is the MALWARE CARTEL. GET THE PICTURE?

Many links have been posted here that prove this already -- instead of
asking
what customers they cut off, let them show WHAT CUSTOMERS ARE LEGIT--
because there are NONE.





> >> I would suggest a different Step 1.  Instead of killing power, simply
> >> isolate the affected machine.  This might be as simple as putting up a
> >> firewall rule or two, if it is simply sending outgoing SMTP spam, or
> > it's probably easiest (depending on the network gear of course) to
> > just put the lan port into an isolated VLAN. It's not the 100%
> > solution (some badness rm's itself once it loses connectivity to the
> > internets) but it'd make things simpler for the client/LEA when they
> > need to figure out what happened.
> >
> > -chris
> >
> >
>
>



More information about the NANOG mailing list