You'll be able to see right here that the IP handle belongs to InterCage, previously referred to as Atrivo.

Whois Record

OrgName: InterCage, Inc. OrgID: INTER-359 Address: 1955 Monument Blvd. Address: #236 City: Concord StateProv: CA PostalCode: 94520 Country: US

ReferralServer: rwhois://rwhois.intercage.com:4321/

NetRange: 69.50.160.0 - 69.50.191.255 CIDR: 69.50.160.0/19 NetName: INTERCAGE-Network-GROUP NetHandle: Net-69-50-160-0-1 Parent: Net-69-0-0-0-zero NetType: Direct Allocation NameServer: MAIL.ATRIVO.COM NameServer: PAVEL.ATRIVO.COM Comment: RegDate: 2003-06-04 Updated: 2005-09-01

OrgAbuseHandle: ABUSE735-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-925-550-3947 OrgAbuseEmail:

OrgNOCHandle: NETWO670-ARIN OrgNOCName: Network Operations OrgNOCPhone: +1-925-550-3947 OrgNOCEmail:

OrgTechHandle: INE4-ARIN OrgTechName: IP Network Engineering OrgTechPhone: +1-925-550-3947 OrgTechEmail:

Tracert from dnsstuff.com exhibits it as 69.50.188.35 AS27595 Intercage. The upstream supplier seems to be nlayer.net.

Two elements make this notably enraging, the primary being InterCage/Atrivo’s lengthy history of recognized abuse. Just look at the feedback on this SPEWS report.

Hosting spammers.

Interesting ARIN information. 1995 to 2003? Hmmm…

Meaning the sudden re-birth of a dead /16 is puzzling in these instances of ARIN block piracy. More particulars would certainly be welcome.

Update: "more details" =>

Update: More crime, proxy hijacking:

That’s just a fraction of ths story. I’ve blogged about InterCage/Atrivo previously, a number of occasions, as have others here, here and right here, to call just a few.

The second factor is the content of the trackback spams -not simply run of the mill spam for pills and such. These had been all excedingly disgusting, with hyperlinks to porn sites, nasty hard core porn. Stuff like this:

Little women videos photos Sex anal film preview Desi porn password Incest prrn thumbs Xxx desi ladies movies free Roberts sex comics Boyladysexteaching Free porn videos watch Farm incest cartoons Free xxx video college Virgin young sex Download free intercourse sizzling Free old males fu…

and worse.

And whoever is chargeable for this used some sort of device or bot that was ready to turn off the e-mail notification I should have gotten for each trackback.

I’ve sent an abuse complaint to Emil Kacperski, the man behind InterCage/Atrivo, the abuse reporting address at InterCage, and the abuse reporting tackle at nLayer. We’ll see what sort of response I get.

One different factor-this is not the first time Emil Kacperski’s title has been brought up in regard to blog remark spam. Try this link for the story.

Update-in my haste to delete comment spam, I accidently deleted the feedback that went with this submit.

CastleCops responds to trademark troll Leo Stoller

Follow up on the story final week about Leo Stoller, well often known as a trademark troll, attack on CastleCops over the identify "Castle"-see CastleCops responds to Leo Stoller here.

Dear Mr. Stoller:

I write you on behalf of my clients Paul Laudanski and Computercops, LLC. I've spoken with my clients about your previous correspondence and your allegations that you've got rights in the mark "CASTLE." In short, we find no basis to your potential opposition and believe that you are partaking in vexatious, harassing litigation with no objective.

My consumer objects to any additional extensions of time for you to file your opposition and will oppose any further delays brought on by you or entities you management. 37 CFR § 2.102© states in pertinent part:

Read the rest and keep tuned for the comply with up as CastleCops’ coverage is to maintain the general public knowledgeable on these matters.

6/27/2006

Trademark Troll Leo Stoller targets CastleCops

That is sickening really. My good friends at CastleCops are now the target of a well known figure, Leo Stoller, who apparently makes a residing doing this type of factor. (Extortion?) From Wikipedia:

Leo D. Stoller (born c. 1946; cited as "59 years old" in July, 2005 New York Times article) is a self-styled entrepreneur based in Chicago, Illinois who claims rights to a big stock of trademarks and engages within the assertive enforcement of these trademark rights in the United States, threatening infringement motion against people and corporations who try and infringe these marks, which Stoller refers to as "famous".

Stoller’s companies embrace Rentamark.com, Stealth Industries Inc., S Industries Inc., Sentra Sporting Goods U.S.A., and Central Manufacturing Company. Through these corporations or in his own name, Stoller has registered trademarks over 25 years including STEALTH, SENTRA, Dark STAR, AIR Frame, TRIANA, STRADIVARIUS, HAVOC, CHESTNUT, TRILLIUM, WHITE LINE FEVER, Fire Power, LOVE YOUR Body etc.

Based on Stoller, numerous giant and small corporations have resolved trademark controversies. When approaching infringers, Stoller is reported to doc his claims with copies of letters which reveal capitulation together with his demands. Such letters are mentioned to be from companies reminiscent of KMart, and often marked "Confidential".

Stoller has filed oppositions to others’ trademark applications with the Trademark Trial and Appeal Board quite a few occasions, and filed purposes for extention of the deadline to file such oppositions even more times.

Stoller object to the use of the phrase "Castle". Can you believe that? You may learn the letter CastleCops’ lawyer obtained from Leo Stoller and additional info about Stoller might be seen right here and here. There are 5 pages (!) of instances listed on the Trademark Trial and Appeal Board Inquiry System site.

CastleCops is a well-known safety webpage, additionally the home of anti-phishing effort PIRT, with lots of help locally. Here’s what some of the CastleCops supporters have stated up to now. SunbeltBLOG says:

Well, there’s additionally trademark trolls. And one such fellow is Leo Stoller (BoingBoing calls him a "trademark bully"). Stoller makes money by suing companies over the usage of trademarks like "Stealth", "Chestnut" and "Stradivarius".

Obviously, CastleCops just isn't inflicting any confusion on the market with Leo Stoller’s "Castle Brand Products and Services". All Leo is making an attempt to do is make some money off the hard-received efforts of Paul and Robin Laudanski.

BoingBoing wrote last yr: Leo Stoller is the jackass who registered a trademark on the word "Stealth" and now has a racket bullying folks into paying him for a "license" to make use of the phrase (people give him small sums of money to get lost, though sometimes they sue and get large judgments in opposition to him).

Paperghost at Vitalsecurity has a few choice words about Stoller, too.

here’s the deal. This guy registers tons of relatively bland sounding words as Trademarks, then goes on an uber-offensive in opposition to anybody discovered using these words, just about regardless of context.

Others carrying this story embrace Microsoft MVP Donna at her Security News Flash and SecuriTeam weblog. The story has been Digged (dug?) with a point out that Stoller went after Google at one time. I suppose you'll be able to say this for Stoller-he has balls. But can he make an honest living? It looks like he wants to prey on the little man and do what I feel quantities to extortion. There’s a 3 page discussion at BroadbandReports.com and the parents there would not have a excessive opinion of Stoller, what a surprise.

Stay tuned as a result of we are going to cowl this story to the tip.

6/19/2006

Spyware fighter below attack by trojan from DollarRevenue

In my last weblog post, I wrote about adware/spyware company DollarRevenue and their affiliate program including why affiliates wish to trash your machines with huge bundles of adware/spyware. It’$ all concerning the $Money$.

Now among the finest and most revered spyware fighters round is under attack by a trojan from that very similar DollarRevenue group.

Webhelper, whose actual title is Patrick Jordan, Senior Malware Researcher for Sunbelt-Software, has posted this message on his site.

Updated: 19 June, 2006 05:12 PM

As of June 16, 2006, I've been below a DDos attack from a trojan installer that DollarRevenue.com began using which was known as from one of many Russian VladZone gangs sites and which with my current internet hosting company, I can not block the assaults which in three days went over 125 Gig in bandwidth utilization of my alloted 200Gig per month. They're placing url addressess to free web pages designed to load my websites pages as if they were photographs and with the usage of a trojan from the VladZone and bundled in DollarRevenue.com infestations, I can't and is not going to put all my time into combating groups that have been operating since 2003 and authorities world wide have not been able to stop.

I intentionally did not hyperlink to the location with the intention to conserve bandwidth there.

This isn’t the primary time anti-spyware websites have been attacked by spyware pushers. In 2004 Spywareinfo.com, Tom Coyote’s site and CastleCops had been hit by huge DDoS assaults.

5/26/2006

Gimmy some Cash and Dollar Revenue!

Subtitled "of mousepads and keyboards" or "how to cheat your affiliate program".

I’ve been desirous to weblog this for some time because a few of the most persistent and pervasive adware bundles being discovered in the wild for the previous few months seems to be coming from associates of those two applications, GimmyCash! and DollarRevenue. The links are to the domain registration whois info, not to the precise websites, however the sites appear safe enough if you wish to see them.

GimmyCash is an adware firm using an affiliate program to distribute their software, GimmyGames and GimmySmileys. (Links to domain registration information.)

Check out the fee construction as seen on the GimmyCash.com site. Click image for bigger image.

Forty cents per install in the US and Canada appears like a good incentive as affililiate programs go. Note the textual content that says:

You possibly can select to promote Gimmycash by:

Software bundles -> mix your software with Gimmy. Advertising our free GimmyGames idea into your site. Advertising our free GimmySmileys idea into your site.

This seems like it’s begging for abuse, Software bundles -> combine your software with Gimmy.

Interestingly sufficient, when downloaded from the Gimmy web sites, GimmyGames and GimmySmileys install Zango.

So, what about DollarRevenue? See screenshot for DollarRevenue’s cost structure, but notice there isn't any details about what content material DollarRevenue offers. Click for larger image:

The faq page doesn’t enlighten us on that either. All it talks about is how they pay their affiliates. There may be an affiliate agreement however judging on what I’ve seen in the wild, it doesn’t imply a lot. Note the fee is 30 cents per install within the US. Again, notice the distribution methods-activeX and:

2) Software bundle (exe) You personal a software software and like to maintain it without cost? DollarRevenue is what you need! You can easily combine your software program applications with the DollarRevenue software and make cash with each set up.

Begging for abuse? Similar to GimmyCash? Let’s look at what I’ve seen happening in the wild and what we’re seeing in the spyware assist forums. I’ve encountered quite a few installations of DollarRevenue software program bundled with any number of other adware/spyware applications including what appears to be like like GimmyCash software program.

Files named keyboardx.exe (x representing a quantity), mousepadx.exe and newnamex.exe point out DollarRevenue’s presence as proven in HijackThis logs, click on for instance log.

O4 - HKLM..Run: [keyboard] C:windowskeyboard11.exe O4 - HKLM..Run: [mousepad] C:windowsmousepad11.exe O4 - HKLM..Run: [newname] C:newname11.exe

Other recordsdata indicating the presence of DollarRevenue are drsmartload.exe, in installer for DollarRevenue and different adware. See CA write up on DollarRevenue. A DollarRevenue installation is usually accompanied by a bucket filled with different adware including SurfSideKick, Webhancer, Newdotnet, Command Service, sometimes with Look2Me, Virtumonde (aka Vundo) and others thrown in for good measure.

So what occurred to GimmyCash? HijackThis log strains like this point out the presence of GimmyGames or GimmySmileys:

O4 - HKLM..Run: [gimmygames] C:windowsgimmygames11.exe O4 - HKLM..Run: [gimmysmileys] C:windowsgimmysmileys1.exe

Analysis of gimmysmilyes.exe here. What’s puzzled me is that I’ve typically encountered the gimmygames.exe and gimmysmiley.exe files in massive infestations including DollarRevenue and the opposite applications listed above, however I’ve never once seen the precise GimmyCash functions installed during an infestation. So, I’m left questioning what the DollarRevenue and GimmyCash associates are doing…

Are the GimmyCash affiliates cheating by bundling the gimmy information with DollarRevenue and others? Are they getting paid that 40 cents for each obtain of a gimmygames.exe and gimmysmileys.exe file even though the application are by no means really put in? If every other spyware researchers have any observations or thoughts on this, I’m most interested.

At any charge, some affiliates are apparently making lots of 40 cents and 30 cents based on all of the complaints, HijackThis logs and reviews seen on the net. It’s no surprise associates of these sorts of packages bundle as many pay-per-install adware functions into one infestation and push them through exploits. It’s all about the money of us, the money, the moola, the greenback income and gimmy money- nothing else.

180solutions and botnets again

180solutions managed to remain out of the information for just a few weeks, however now they are back. Discovered and blogged in residing color by Paperghost at VitalSecurity, get the small print there. Also blogged by yours actually at SpywareConfidential.

5/5/2006

Spamford Wallace busted and owes $4 million

Anyone who’s been studying this blog for some time may keep in mind that I used to be very involved fighting the SpyWiper and SpyDeleter attacks on pc users that started in late November 2003, and was, in reality, one of my inspirations for starting this blog devoted to the fight in opposition to spyware. It additionally spurred me to open my forum where we helped lots of people get rid SpyWiper and SpyDeleter. I have an entire blog category on the subject and the scumbags behind it.

The saga isn’t over yet, however a really important announcement was made yesterday by the FTC.

Court Halts Spyware Operations

One Operator to Pay More than $four Million; Another Ordered to Stop Collecting Consumers Personal Information

An operation that deceptively downloaded spyware onto unsuspecting consumers’ computer systems, altering their settings and hijacking their serps, has been halted by a federal court docket at the request of the Federal Trade Commission. The choose has ordered the operators to present up to greater than $four million in unwell-gotten gains. The courtroom also ordered a halt to another spyware operator’s stealthy downloads and barred the gathering of consumers’ private info, pending trial.

More:

The FTC alleged that Sanford Wallace and his firm, Smartbot.Net, exploited a security vulnerability in Microsoft’s Internet Explorer’s Web browser with the intention to distribute spyware. The spyware brought about the CD-ROM tray on computer systems to open and then issued a "FINAL WARNING!!" to computer screens with a message that said, "If your cd-rom drive’s open . . .You DESPERATELY Need to rid your system of spyware pop-ups Immediately! Spyware programmers can control your computer hardware when you failed to guard your pc right at this second! Download Spy Wiper NOW!" Spy Wiper and Spy Deleter, purported anti-spyware merchandise the defendants promoted, offered for $30.

Sanford "Spamford" Wallace has to pay the hefty sum of $4,089,500 in in poor health-gotten features and ad-broker Jared Lansky has to pay $227,000 Two other perps in this case have but to be handled.

Walt "picklejar" Rines and his company, Odysseus Marketing, have been sued by the FTC as nicely but the case shouldn't be resolved but. Documents for the case are right here.

A revised preliminary injunction has been issued in opposition to Odysseus and Rines. It bars them from downloading spyware with out consumers’ consent, and from disclosing, using, or additional obtaining consumers’ private data, pending trial. The FTC will ask the court to order a everlasting halt to their actions and order them to give up their ill-gotten beneficial properties.

Rob Martinson, the owner of SpyWiper and SpyDeleter, was added to the case in April of last yr.

Through this motion, the FTC is seeking to call as further defendants Optintrade, Inc.; Jared Lansky; Mailwiper, Inc.; Spy Deleter, Inc.; and John Robert Martinson. The amended complaint alleges that, on behalf of the Seismic defendants, OptinTrade, Inc., and its principal Jared Lansky disseminated Internet pop-up ads causing consumers’ computers to be despatched to the Seismic defendants’ Websites, to have their Web browser residence pages modified, and to have spyware and other software installed with out authorization. The amended complaint additionally alleges that Mailwiper, Inc.; Spy Deleter, Inc.; and John Robert Martinson retained the Seismic defendants to unfairly market the purported anti-spyware merchandise, Spy Wiper and Spy Deleter.

I heard from a reliable source that the FTC is seeking $2 million from Martinson. I’m wanting forward to the decision on Picklejar and Martinson.

4/17/2006

180solutions at it again, this time with a baby porn browser and CoolWebSearch

That is pretty unbelievable, but it’s true, and several other spyware researchers have the evidence. See my write up at Spyware Confidential known as 180solutions sponsors Yapbrowser and… child porn?

I can’t wait to hear the 180 spin on this one.

4/6/2006

DirectRevenue’s soiled laundry

Tuesday I blogged at Spyware Confidential concerning the lawsuit towards DirectRevenue by New York State AG Eliot Spitzer and now as we speak, thanks to Ben Edelman, DirectRevenue’s soiled laundry is out of the closet. More details and my comments right here. Don’t overlook to bring the clothes pin.

If you have any thoughts regarding in which and how to use fetishbreak.com, you can speak to us at the webpage.