YAY! Re: Atrivo/Intercage: NO Upstream depeer

Russell Mitchell russm2k8 at yahoo.com
Wed Sep 24 01:50:11 CDT 2008

Hello John Doe,

I welcome any further comments you have.
We have to get past people such as yourself, and your blasphemous and false statements.

This is the same issue with the recent media and self-proclaimed "Security Researchers". Fly-by-night mind you.

To help you out in your claims:
Yes, we did house a client whom had quite a run with their client's from various locations, such as Russia.
That Client is no longer hosted on our network. I myself spent all of monday afternoon, night, and tuesday morning shutting off EVERY machine they had leased in our Billing System. I'm currently working to scan further and see if there's anything I may have missed.

Yes, Russia is very well known for Virus and Malware writer's.

Yes, we have had issues with malware distribution from our network.
This was directly and near singularly related to the former client of ours. We did have another client, Hostfresh, whom had their share of malware issues.

Both have been completely and effectively removed. The server's leased to both of them have been canceled, and their machines have been shutoff.

Let me know if there's anything else you'd like me to state to the public.
We're on a rocky road right now. But it IS starting to smooth out.

Thank you for your time. Have a great day.
Russell Mitchell

InterCage, Inc.

----- Original Message ----
From: Mark Foo <mark.foo.dog at gmail.com>
To: Bruce Williams <williams.bruce at gmail.com>
Cc: Christopher Morrow <christopher.morrow at gmail.com>; nanog at nanog.org; Joe Greco <jgreco at ns.sol.net>
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer


Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
-- you are effectively aiding and abetting the enemy.

Intercage/Atrivo hosts the malware c&c botnets that DDoS your systems and

Intercage/Atrivo hosts the spyware that compromises your users' passwords.

Intercage/Atrivo hosts the adware that slows your customers' machines.

Don't take my word for it, DO YOUR OWN RESEARCH:

You don't get called the ***American RBN*** for hosting a couple bad
machines. They
have and will continue to host much of the malware pumped out of America.

These people represent the most HIGHLY ORGANZIED CRIME you will ever
come across. Most people were afraid to speak out against them until this
recent ground swell.


Many links have been posted here that prove this already -- instead of
what customers they cut off, let them show WHAT CUSTOMERS ARE LEGIT--
because there are NONE.

> >> I would suggest a different Step 1.  Instead of killing power, simply
> >> isolate the affected machine.  This might be as simple as putting up a
> >> firewall rule or two, if it is simply sending outgoing SMTP spam, or
> > it's probably easiest (depending on the network gear of course) to
> > just put the lan port into an isolated VLAN. It's not the 100%
> > solution (some badness rm's itself once it loses connectivity to the
> > internets) but it'd make things simpler for the client/LEA when they
> > need to figure out what happened.
> >
> > -chris
> >
> >


More information about the NANOG mailing list