YAY! Re: Atrivo/Intercage: NO Upstream depeer

Pedram M pmessri at gmail.com
Wed Sep 24 03:35:50 CDT 2008


define:nanog

North American Network Operators Group A membership organization that
provides for the exchange of tecnical information among public, commercial
...

I think this conversation should have ended way long time ago.

My $0.50 cents + $1.00 or $2

Regards,
Pedram

On Wed, Sep 24, 2008 at 1:29 AM, Russell Mitchell <russm2k8 at yahoo.com>wrote:

> Hello Mark,
>
> What's YOUR motivation to consistantly attack my company?
>
> What's my motivation to continue working @ InterCage?
> To keep a roof over my family's heads, and to keep them well-fed:
> 1.) Myself
> 2.) My Wife
> 3.) My near 2 year old Son (November)
> 4.) My near 3 week old Daughter (Born Sept. 4th)
>
> It's great that you finally accepted the claim of InterCage being
> associated with the famed "RBN" as being "alledged".
> You've taken the first step into seeing how much BS information has been
> spread out about our company.
>
> Whether you support me in my anti-abuse endeavor or not, as long as you get
> FACTUAL information, I'm happy.
> However someday, I trust you will find and accept the truth about
> InterCage. From what I see now from the claims your making, that day may not
> come soon.
>
> Thank you for your time. Have a great day.
>  ---
> Russell Mitchell
>
> InterCage, Inc.
>
> ----- Original Message ----
> From: Mark Foo <mark.foo.dog at gmail.com>
> To: Russell Mitchell <russm2k8 at yahoo.com>
> Cc: Bruce Williams <williams.bruce at gmail.com>; Christopher Morrow <
> christopher.morrow at gmail.com>; nanog at nanog.org; Joe Greco <
> jgreco at ns.sol.net>
> Sent: Wednesday, September 24, 2008 1:14:01 AM
> Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
>
> Russell:
>
> Oh I got the memo, you'll be getting served one soon too.
>
> I just wonder why you don't consider playing both sides of the fence
> -- with your
> knowledge of who's who in the cyber crime field, you could probably get
> paid
> more as an informant (either to LEO or one of the "Intel" companies than
> whatever you're doing for Emil and (allegedly) the  RBN. You can't possible
> sleep well knowing what your up to now so I figure it's the money that
> motivates you.
>
> Or, maybe you don't really know anyone, you just respond to their demands
> and
> they end up with all the money, pr0n chicks, etc. Doesn't that bother
> you -- don't
> you want more?
>
> Plus, no one would know you were pulling two pay checks -- you manage
> systems
> on one side and pass info to the other. It's actually fairly simple --
> maybe you already
> know this ;).
>
> If not, please explain this:
>
> http://www.spamhaus.org/news.lasso?article=636
>
> Without exception, all of the major security organizations on the
> Internet agree that the 'Home' of cybercrime in the western world is a
> firm known as Atrivo/Intercage, based in California. We ourselves have
> not come to this conclusion lightly but from many years of dealing
> with criminal operations hosted by Atrivo/Intercage, gangs of
> cybercriminals - mostly Russian and East European but with several US
> online crime gangs as well - whose activities always lead back to
> servers run by Atrivo/Intercage. We have lost count of the times we
> have tracked a major virus botnet's "command and control" to
> Atrivo/Intercage servers, readers can view here some of the current
> and historic SBL records for Atrivo for a taste of what has been
> happening in this network. At almost every Internet security
> conference, or law enforcement seminar on cyber-crime, a presentation
> will detail some attack, exploit, phish or financial crime that has
> some nexus at Atrivo/Intercage.
>
> The person who runs Atrivo/Intercage, Emil Kacperski is an expert at
> playing the "surprised janitor", unaware of every new criminal
> enterprise found on his servers and keen to show he gets rid of some
> criminals once their activities on his network are exposed. His
> Internet hosting career first came to the attention of most anti-abuse
> organizations when he pinched (or 'purchased stolen goods' as he put
> it) and routed an unused block of 65,536 IP addresses belonging to the
> County of Los Angeles.
>
> Spamhaus has dealt with over 350 incidents of cyber-crime hosting on
> Atrivo/Intercage and its related networks in the last 3 years alone,
> all of which involved criminal operations such as malware, virus
> spreaders and botnet command and control servers. Malware found by
> Spamhaus on Atrivo/Intercage/Cernel/Hostfresh just in the last few
> months included the Storm Worm installer and controller and a MySpace
> spambot amongst others. Spamhaus currently sees a large amount of
> activity related to malicious software and exploits being hosted on
> Atrivo/Intercage which include DNS hijack malware, IFRAME browser
> attacks, dialers, pirated software websites and blatantly criminal
> services.
>
> We assume that every law enforcement agency with a cyber-crimes
> division has a dossier bursting at the seams on Atrivo/Intercage and
> its tentacles such as Esthost, Estdomains, Cernel, Hostfresh. The only
> question on everyone's mind is which agency will beat the others to
> shutting the whole place down and indicting the people behind it.
> Because if shut down, one thing is certain: the amount of
> malware-driven crime on the Internet would drop overnight as
> cyber-criminals rush to find a new crime-friendly host - difficult to
> find in the US, as Atrivo/Intercage is one of the very few remaining
> dedicated crime hosting firms whose customer base is composed almost,
> or perhaps entirely, of criminal gangs. More importantly, millions of
> Internet users currently being targeted by the malware gangs operating
> from Atrivo/Intercage will be, for a while, safer.
>
> Perhaps one may be wondering about the costs of hosting at
> Atrivo/Intercage or how to sign up? Well, don't expect to find this
> information at the company's websites as they were empty for years and
> for the last year have just shown "Website Coming Soon."
>
>     http://www.atrivo.com => "InterCage, Inc.. INTENSE SERVERS. Website
> Coming Soon:"
>     Last Updated: Thursday, September 06, 2007 4:32:59 PM
>
>     http://www.intercage.com => "InterCage, Inc. INTENSE SERVERS.
> Website Coming Soon:"
>     Tuesday, September 04, 2007 6:45:52 PM
>
> At one time after being asked, "how on earth does your company get
> business?" an Atrivo/Intercage representative coyly said, "by word of
> mouth." That seems to be quite obvious.
>
>
>
>
> On Wed, Sep 24, 2008 at 12:45 AM, Russell Mitchell <russm2k8 at yahoo..com>
> wrote:
> > Hello Mark,
> >
> > It really seems YOU _DID_ miss the memo.
> > I think that since no one else is responding to your non-sense, there is
> no reason for me to either.
> >
> > If you have something accurate to say, I'll be happy to listen.
> > Until then, there's not much I can say. There's no sense in repeating
> myself.
> >  ---
> > Russell Mitchell
> >
> > InterCage, Inc.
> >
> >
> >
> > ----- Original Message ----
> > From: Mark Foo <mark.foo.dog at gmail.com>
> > To: Russell Mitchell <russm2k8 at yahoo.com>
> > Cc: Bruce Williams <williams.bruce at gmail.com>; Christopher Morrow <
> christopher.morrow at gmail.com>; nanog at nanog.org; Joe Greco <
> jgreco at ns.sol.net>
> > Sent: Wednesday, September 24, 2008 12:27:50 AM
> > Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
> >
> > Russell:
> >
> > Ferg was just being coy -- what you don't understand is there are about 3
> other
> > security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law
> > Enforcement might not take action against you (but appear to be
> interested now),
> > but the community can. GET OFF THE NET WITH YOUR MALWARE!
> >
> > You mistake me for someone who believes you pack of lies! Don't you
> > understand each
> > time you post to this list gives those of us who know the opportunity
> > to post MORE EVIDENCE
> > of your MALWARE?
> >
> > You disconnected Hostfresh and think that's the extent of your cimes?
> > Gimme a break.
> > Only those who are easily socially engineered would believe your
> > pathetic claims of innocence.
> > You've BEEN HOSTING MALWARE since 2003 -- SEE Nanog post:
> >
> > Re: The in-your-face hijacking example
> > http://www.irbs.net/internet/nanog/0305/0038.html
> >
> >> Let me know if there's anything else you'd like me to state to the
> public.
> >
> > Answer Ferg's question -- Why are you moving to CERNAL? Do you think this
> > is going to work? That's just another of Emil's networks.
> >
> >> We're on a rocky road right now. But it IS starting to smooth out.
> >
> > That's just the calm before the storm.
> >
> > Go ahead and post a response to each of these allegations:
> >
> > Cybercrime's US Hosts
> > http://www.spamhaus.org/news.lasso?article=636
> >
> > Report Slams U.S. Host as Major Source of Badware
> >
> http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html?nav=rss_blog
> >
> > A Superlative Scam and Spam Site Registrar
> >
> http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html?nav=rss_blog
> >
> > ICANN cast as online scam enabler
> > http://www.theregister.co.uk/2008/09/03/cyber_crime_reports/
> >
> > 'Malware-friendly' Intercage back with the living
> > http://www.theregister..co.uk/2008/09/24/intercage_back_online/
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Sep 23, 2008 at 11:50 PM, Russell Mitchell <russm2k8 at yahoo.com>
> wrote:
> >>
> >> Hello John Doe,
> >>
> >> I welcome any further comments you have.
> >> We have to get past people such as yourself, and your blasphemous and
> false statements.
> >>
> >> This is the same issue with the recent media and self-proclaimed
> "Security Researchers". Fly-by-night mind you.
> >>
> >> To help you out in your claims:
> >> Yes, we did house a client whom had quite a run with their client's from
> various locations, such as Russia.
> >> That Client is no longer hosted on our network. I myself spent all of
> monday afternoon, night, and tuesday morning shutting off EVERY machine they
> had leased in our Billing System. I'm currently working to scan further and
> see if there's anything I may have missed.
> >>
> >> Yes, Russia is very well known for Virus and Malware writer's.
> >>
> >> Yes, we have had issues with malware distribution from our network.
> >> This was directly and near singularly related to the former client of
> ours. We did have another client, Hostfresh, whom had their share of malware
> issues.
> >>
> >> Both have been completely and effectively removed. The server's leased
> to both of them have been canceled, and their machines have been shutoff.
> >>
> >> Let me know if there's anything else you'd like me to state to the
> public.
> >> We're on a rocky road right now. But it IS starting to smooth out.
> >>
> >> Thank you for your time. Have a great day.
> >>  ---
> >> Russell Mitchell
> >>
> >> InterCage, Inc.
> >>
> >>
> >>
> >> ----- Original Message ----
> >> From: Mark Foo <mark.foo.dog at gmail.com>
> >> To: Bruce Williams <williams.bruce at gmail.com>
> >> Cc: Christopher Morrow <christopher.morrow at gmail.com>; nanog at nanog.org;
> Joe Greco <jgreco at ns.sol.net>
> >> Sent: Tuesday, September 23, 2008 11:08:21 PM
> >> Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
> >>
> >> NANOG:
> >>
> >> Look, the people posting here who are trashing Intercage are pure
> security
> >> analysts -- they
> >> know and understand the evil that is Intercage. STOP TRYING TO ASSIST
> >> INTERCAGE
> >> -- you are effectively aiding and abetting the enemy.
> >>
> >> Intercage/Atrivo hosts the malware c&c botnets that DDoS your systems
> and
> >> networks.
> >>
> >> Intercage/Atrivo hosts the spyware that compromises your users'
> passwords.
> >>
> >> Intercage/Atrivo hosts the adware that slows your customers' machines.
> >>
> >> Don't take my word for it, DO YOUR OWN RESEARCH:
> >> http://www.google.com/search?hl=en&q=intercage+malware
> >>
> >> You don't get called the ***American RBN*** for hosting a couple bad
> >> machines. They
> >> have and will continue to host much of the malware pumped out of
> America.
> >> THEY
> >> ARE NOT YOUR COMRADES..
> >>
> >> These people represent the most HIGHLY ORGANZIED CRIME you will ever
> >> come across. Most people were afraid to speak out against them until
> this
> >> recent ground swell.
> >>
> >> This is the MALWARE CARTEL. GET THE PICTURE?
> >>
> >> Many links have been posted here that prove this already -- instead of
> >> asking
> >> what customers they cut off, let them show WHAT CUSTOMERS ARE LEGIT--
> >> because there are NONE.
> >>
> >>
> >>
> >>
> >>
> >> > >> I would suggest a different Step 1.  Instead of killing power,
> simply
> >> > >> isolate the affected machine.  This might be as simple as putting
> up a
> >> > >> firewall rule or two, if it is simply sending outgoing SMTP spam,
> or
> >> > > it's probably easiest (depending on the network gear of course) to
> >> > > just put the lan port into an isolated VLAN. It's not the 100%
> >> > > solution (some badness rm's itself once it loses connectivity to the
> >> > > internets) but it'd make things simpler for the client/LEA when they
> >> > > need to figure out what happened.
> >> > >
> >> > > -chris
> >> > >
> >> > >
> >> >
> >> >
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
> >
>
>
>
>
>
>
>



More information about the NANOG mailing list