YAY! Re: Atrivo/Intercage: NO Upstream depeer

Mark Foo mark.foo.dog at gmail.com
Mon Sep 22 18:27:53 CDT 2008


On Sun, Sep 21, 2008 at 12:46:54PM -0700, Emil Kacperski wrote:
> Hey James,
>
> That's the worst part in all this, so many been with me for years!? I just
put my fate into companies I shouldn't have.

Emil:

Yes, they have been with you for years -- it's quite unfortunate, such great
customers.

Take those customers who steal identity from the public -- did you get a
cut, or just the hosting fees?

Next, move to those who host trojans, rogue antivirus, bill people for fake
software
(and keep billing them), etc. Oh, and the ad-ware, despite being a lower
security risk, it was
some of the most hated stuff out there.

I'd say you have put your fate into companies you shouldn't have -- not just
your fate but your business.
This is the logical result (actually, this is just the start). I'm surprised
it took so long.

You can't wash away years of malicious activity by simply claiming innocence
and disconnecting
some of your worst offenders.

Male parta male dilabuntur.


For the NANOG folks who apparently don't understand what is going on and are
so
easily socially engineered by these claims of innocence -- do a little
research:

http://www.google.com/search?hl=en&q=intercage+malware
http://www.google.com/search?hl=en&q=atrivo+malware

========================================================
Here's some research for you:
Complaints on Intercage/Atrivo from 2003:
Re: The in-your-face hijacking example
http://www.irbs.net/internet/nanog/0305/0038.html

========================================================
>From 2006:
More super rogue anti-spyware
http://updates.zdnet.com/tags/intercage.com.html

Be on the lookout for another new supposed anti-spyware program that might
be hijacking desktops any day now.
This one is called PestTrap and it.s a clone of SpySheriff. SpySheriff was
one of the top 10 rogue anti-spyware apps of 2005,
coming in at number 2.

PestTrap site is hosted at IP address 69.50.167.173 which belongs to an ISP
in California, InterCage, Inc., formerly know
n as Atrivo.  Note the nameservers are mail.atrrivo.com and pavel.atrivo.com
.

    OrgName:    InterCage, Inc.
    OrgID:      INTER-359
    Address:    1955 Monument Blvd.
   Address:    #236
    City:       Concord
    StateProv:  CA
    PostalCode: 94520
    Country:    US

Not surprisingly, SpySheriff.com (link to whois) is hosted at InterCage, and
we have SpyTrooper.com on the same
IP address, 69.50.170.82. The other domain on the IP is Spy-Sheriff.com.
This IP is also currently blacklisted.

    InterCage, Inc. INTERCAGE-NETWORK-GROUP (NET-69-50-160-0-1)
                                      69.50.160.0 - 69.50.191.255
    William Lu STANDARDSHELLS (NET-69-50-170-0-1)
                                      69.50.170.0 - 69.50.170.255

The Intercage.com (link to site) home page is white and blank except for "."
in the upper left corner.  Now, that seems odd to me.
An ISP with a blank homepage? Google searches for Intercage.com and
Intercage, Inc. bring up all kinds of interesting links.
A Google search for Atrivo produces even more  fascinating information like
this and this.  More on this one later.



More information about the NANOG mailing list