Knujon Weekly Reports

A compendium of news related to spammers, spam arrests, spam legislation, forum spamming, cybercrime and related issues.

GoDaddy / Knujon hack

Postby Red Dwarf » Fri Jun 11, 2010 5:24 pm

Ref: http://blog.sucuri.net/2010/06/godaddy- ... stnow.html
GoDaddy hit with intrusion, including KnujOn.com

In the interests of full disclosure, GoDaddy web servers were hit with a PHP injection that added code to some KnujOn pages. The additional code forwarded the user's browser to a site that attempts to download malicious software and display a "scareware" site selling fake anti-virus software. KnujOn techs immediately located the infected page and disabled it. We analyzed the code and it. The encrypted insertion tries to load this string of Base64:

"PHNjcmlwdCBzcmM9Imh0dHA6Ly9jbG91ZGlzdGhlYmVzdG5vdy5jb20va3AucGhwIj48L3NjcmlwdD4"

Which decoded is: cloudisthebestnow[DOT]com
We have filed complaints against this site, which is sponsored by the problem Registrar BIZCN, and their NameServer, OKLAHOMACITYCOM.COM.


The target site no longer resolves because -
Name Server Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
OKLAHOMACITYCOM.COM = clienthold
Name Server: NS1.SUSPENDED-DOMAIN.COM
Name Server: NS2.SUSPENDED-DOMAIN.COM
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10448
Joined: Tue Jun 27, 2006 2:01 am

Re: Knujon Weekly Reports

Postby AlphaCentauri » Fri Jun 11, 2010 6:40 pm

Which brought down the following "Hillary Kneber" domains:
cloudisthebestnow.com
holasionweb.com
indesignstudioinfo.com
losotrana.com
zettapetta.com
as well as one registered to the all-around stupid name "Alla Wrond:"
zettapetta.net
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

other domains affected

Postby Red Dwarf » Sat Jun 12, 2010 2:31 am

Just love that collateral damage.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10448
Joined: Tue Jun 27, 2006 2:01 am

Re: Knujon Weekly Reports

Postby roberto7888 » Tue Jun 22, 2010 1:14 pm

Hello,

We are very very sorry the client reports are not current. Our resources
have been consumed in the last six months by a massive independent audit of
ICANN Registrar compliance and review of illicit activity in the gTLD
Internet. We now make this report public:
http://www.knujon.com/knujon_audit0610.pdf. Since January KnujOn has been
conducing its own review of Registrar contractual compliance and our
findings are shocking. Among them: 162 Registrars may be in breach of the
RAA, several of them seriously so, as stated in our recent release, Who is
Blocking WHOIS? http://www.circleid.com/posts/who_is_blocking_whois, over 80
Registrars are blocking, hiding or just providing poor WHOIS access, Several
Registrars have bad WHOIS for their own websites, we caught Registrars
flat-out refusing services they're contracted to perform, several Registrars
have not posted required customer policies on their websites, there are a
dozen or so terminated Registrars still selling gTLDs and claiming ICANN
accreditation, and of course, Registrars have developed tools that help
trademark infringement. We link all of these cases to criminal activity as
well. This report has been nicknamed The Doomsday
Book(http://www.knujon.com/doomsday/). You made this possible!

More information:
http://www.prweb.com/releases/Doomsday_ ... 166794.htm
http://www.circleid.com/posts/20100621_ ... sday_book/
http://www.ft.com/cms/s/2/54072d8c-7cab ... abdc0.html
http://www.computerweekly.com/Articles/ ... macies.htm

We are currently at the ICANN meeting in Brussels pushing these issues
aggressively (http://brussels38.icann.org/). eNom (Demand Media) has already
issued a weak and incomprehensible response through a third party:
http://servicesforseo.com/demand-media- ... cusations/.
Read the release carefully as they did not refute a single fact in
our report but rather made a personal attack that borders on slander.

Follow this all of our activities this week on Twitter:
http://twitter.com/KnujOn or at our news page:
http://www.knujon.com/news.html

When we return to headquarters in the U.S. we will rest briefly and then
start working on the client interface and report publishing. We have no
funding and are shortly staffed. Thank you for understanding.

***************************************************

------------------
Submission options: http://www.knujon.com/sendusspam.html
To request FTP access, email contact@knujon.com

Check out Brian Krebs at: krebsonsecurity.com

Knujon news: http://www.knujon.com/news.html
Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666


KnujOn is an all volunteer, un-funded initiative. Our responsibilities have
grown exponentially in the last year and our pay is still zero. We are
committed to this solution and appreciate your patience while we work our
way through the maze of Internet bureaucracy to reduce illicit traffic and
spam.
Reply with UNSUBSCRIBE to be removed or write to KnujOn at Box 404
Wilmington VT

Thank you for your continued support!
User avatar
roberto7888
Spam Muncher
 
Posts: 842
Joined: Tue Jan 02, 2007 11:04 am

Re: Knujon Weekly Reports July 25

Postby Red Dwarf » Mon Jul 26, 2010 10:21 pm

Knujon wrote:So much has happened since we presented our report, the controversial
Doomsday Book, at the ICANN meeting in Brussels. The first shocking incident
concerns David Giza, compliance head of ICANN, who was silently forced out
of his job last week. It is no coincidence that Giza was working with KnujOn
on a number of serious compliance issues and his removal comes a few weeks
after the Belgium meeting and the release of our report. Giza was reviewing
information supplied by KnujOn concerning one of the largest Registrars'
sponsorship of illicit drug trafficking domains advertised with spam. It is
possible that eNom is violating its contract with ICANN as well [as] sidestepping
pharmacy regulation but continuing to support websites run on behalf
organized crime.
(http://jartarmin.com/index.php?option=c ... -statement).
Some Registrars are considering suing KnujOn in order to silence us:
http://forum.icann.org/lists/gnso-vi-fe ... 02490.html. KnujOn presented
more findings at the Internet Governance Forum at Georgetown Law
(http://www.igf-usa.us/). During our panel session we were called
"conspiracy theorists" by a Registrar in the audience who did not supply any
details or data to support the obvious public smear attempt. We are under
attack from the Registrar community, but [this] is only happening because we are
getting closer to the source of the problem. None of the above issues will
stop us from revealing more information, especially the fact that 5
Registrars send $2 million per year to ICANN in excessive, redundant and
voluntary fees with no obvious benefit. The client reports should now be
current and we are working to get them back to a regular publishing
schedule.

More information:
http://domainincite.com/round-up-of-the ... nt-period/
http://www.walletpop.com/blog/2010/07/2 ... n-the-web/
***************************************************
------------------
Submission options: http://www.knujon.com/sendusspam.html
To request FTP access, email contact@knujon.com

Check out Brian Krebs at: krebsonsecurity.com

Knujon news: http://www.knujon.com/news.html
Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have
grown exponentially in the last year and our pay is still zero. We are
committed to this solution and appreciate your patience while we work our
way through the maze of Internet bureaucracy to reduce illicit traffic and
spam.

Thank you for your continued support!
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10448
Joined: Tue Jun 27, 2006 2:01 am

Re: Knujon Weekly Reports

Postby Nodus » Mon Jul 26, 2010 11:16 pm

[In the voice of an elderly English gentleman, raising his goggles and stroking his moustache]:
Oh dear! We are living very interesting times, my friend, aren't we.
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2287
Joined: Fri Jun 15, 2007 7:05 pm

Re: Knujon Weekly Reports July 25

Postby spamislame » Tue Jul 27, 2010 12:59 pm

Holy cow. :)

Knujon wrote:The first shocking incident
concerns David Giza, compliance head of ICANN, who was silently forced out
of his job last week.

:silthumb:

Clearly a step in the right direction.

Knujon wrote:During our panel session we were called
"conspiracy theorists" by a Registrar in the audience who did not supply any
details or data to support the obvious public smear attempt. We are under
attack from the Registrar community, but [this] is only happening because we are
getting closer to the source of the problem.

They don't know who specifically said it? What an utter coward. This only further supports that they must be on the right track. This is great news.
Knujon wrote:...especially the fact that 5
Registrars send $2 million per year to ICANN in excessive, redundant and
voluntary fees with no obvious benefit.

Do they have concrete evidence of that? How long has that been going on?!

Knujon wrote:Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

Ohhhhh win!

This is extremely good news. What else will it take to bring more pressure to bear on Enom?

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Knujon Weekly Reports

Postby ahoier » Wed Jul 28, 2010 11:32 am

That's kind of crazy, threatening to sue Knujon? hah.

And yea, I've noticed the past couple reports, they've been linking to this thread :P But no new "faces" have appeared thus far....this thread isn't hidden is it? :)
ahoier
Spammer Killing Machine
 
Posts: 593
Joined: Thu Apr 03, 2008 4:33 pm
Location: Florida

Re: Knujon Weekly Reports

Postby spamislame » Wed Jul 28, 2010 12:02 pm

ahoier wrote:this thread isn't hidden is it? :)

It is not hidden. :) Publicly searchable.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Knujon Weekly Reports

Postby HansTheBlueFrog » Wed Jul 28, 2010 6:05 pm

ahoier wrote:That's kind of crazy, threatening to sue Knujon? hah. ...


Actually that is a threat not to be taken lightly. Under the US system of justice, defending against such lawsuit could be very expensive. I don't get the impression that Knujon is loaded. They would be up against opponents who can afford to spend a lot of money. I applaud Knujon's courage.

Hans ;)
HansTheBlueFrog
Spam Investigator
 
Posts: 343
Joined: Wed Feb 04, 2009 3:23 pm

Re: Knujon Weekly Reports

Postby AlphaCentauri » Thu Jul 29, 2010 11:43 am

Theoretically, there are laws against "SLAPP" suits -- I forget the acronym, but they are lawsuits by large companies to silence individuals or small organizations of limited means who are speaking out the truth but can't afford to fight a lawsuit. But proving that a lawsuit was truly frivolous is very difficult, since the US legal system tends to presume that no question can properly be decided except via a legal decision.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Knujon Weekly Reports

Postby roberto7888 » Fri Dec 03, 2010 11:33 am

Knujon wrote:Hello,

I bet you are wondering where KnujOn has been. Well, since releasing our
comprehensive audit of ICANN Accredited Registrars:
http://www.knujon.com/knujon_audit0610.pdf in June we have been down the
rabbit hole and through the looking glass. The lack of accountability and
compliance within the Internet infrastructure is even worse than we thought.
The scale of corruption and criminal infiltration is deeper than our wildest
guesses. In some areas we have seen dramatic progress since June, in others
we have been disappointed by broken promises. To be sure, our report sent
shockwaves through the industry and some Registrars threatened lawsuits but
quickly backed down. Our focus on the proliferation of illicit counterfeit
prescription drugs through spammed domain names garnered national attention
and possibly influenced the White House meeting
(http://krebsonsecurity.com/2010/08/whit ... harmacies/) with Registrars which ICANN refused to appear at
(http://domainincite.com/icann-will-not- ... s-meeting/).
Since the meeting some Registrars have made voluntary pledges to clean up
their space
(http://domainincite.com/enom-to-crack-d ... rma-sites/). In
reference to ICANN, after our June Registrar audit, KnujOn meet with a
senior member of ICANN compliance staff who promised us action on the
report, an investigation, and a written response to each point within. ICANN
staff pledged to work directly with KnujOn these compliance issues, but this
senior staff member was quietly fired a week later. We were shocked and
demanded answers from ICANN and were again promised a written response in
spite of the unexplained termination of the employee working with us.
However, no response to the more than 160 contract violations reported in
our audit has ever been received from ICANN in the intervening five months.
ICANN has chosen not follow its mandate at the peril of the Internet as a
whole. KnujOn will respond to this appropriately in time.


Client Reports

Many of you experienced problems with your reports and we were at a loss to
explain the problem. The rest of you stopped receiving updated reports in
the last few months and we apologize for this situation. We have finally
discovered the cause was database table corruption. As specific member
tables became corrupt it was impossible to add new data and hence a failure
to publish updated reports. Unfortunately, we were unaware of the corruption
for some time as it only impacted a minority of KnujOn members. However that
number began to grow and even after we discovered the problem it took some
time to fix it. All of your submissions are being processed regardless of
the database issues and the backlog of data has been re-added to a repaired
database. The posted reports are as current as possible at this time.


New Client Reports

KnujOn is an ever-evolving project and we have come to realize that the
current client report format no longer mirrors our updated theories and
methods. In the near future client reports will undergo a transformation of
our process, which is less focused on individual websites and more focused
on the source or problems, whether they be a rogue provider or policy
failure. Our new model accumulates mass Internet abuse data and analyzes
with the goal of identifying problematic conditions as explained in some of
our major published reports. While this is all on a macro scale of profiling
large blocks of the Internet, it is also being scaled down to expose the
negative experience of individual KnujOn members. You may see a draft
version of the new public reports here:
http://www.knujon.com/index.html#data. This may seem similar to previous
provider rating lists published by KnujOn historically, but these now go a
level deeper to explain why and how a particular provider has the most
spammed domains. If you open one of the sub-reports, say this one:
http://www.knujon.com/registrars/ENOM_Log.html, you will notice that more
specific data is obscured. This will not be the case for KnujOn client
reports. KnujOn clients will receive fully weighted and analyzed datasets
using a new algorithm called The KnujOn Tetrahedron, which will hopefully be
published in 2011.


New KnujOn Site

We invite you to see the new KnujOn.com, which is more organized, easier to
navigate and has more data and user tools brought to the front page. More
major revelations by KnujOn and improvements will be found here this month
and early in 2011. Thanks for sticking with us!

***************************************************
Submission options: http://www.knujon.com/sendusspam.html
To request FTP access, email contact@knujon.com

Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn
Shop: http://www.cafepress.com/knujon
Bookstore: http://astore.amazon.com/knujocom-20

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have
grown exponentially in the last year and our pay is still zero. We are
committed to this solution and appreciate your patience while we work our
way through the maze of Internet bureaucracy to reduce illicit traffic and
spam.
Thank you for your continued support!


[SiL edited this to fix a broken URL]
User avatar
roberto7888
Spam Muncher
 
Posts: 842
Joined: Tue Jan 02, 2007 11:04 am

Re: Knujon Weekly Reports

Postby AlphaCentauri » Mon Apr 04, 2011 6:07 pm

Hello,

In the immortal words of Joaquin Phoenix, "I’m Still Here." Although it may
not seem that way to many of you and we apologize. Since KnujOn has been
running without a paycheck for years we had to make some hard decisions, and
our decision was to keep up the fight. We have managed to secure a baseline
budget and reorganize KnujOn into a more focused initiative.

While we have not issued individual reports in several months, all of your
submissions have been processed and contributed to a new report:
http://www.knujon.com/KnujOn_security_a ... 031411.pdf which was
issued at the recent ICANN meeting in San Francisco. This report included
five important sections 1. Registrars with current legal issues; 2. Illicit
Use of Privacy-Proxy WHOIS Registration (also detailed
http://www.circleid.com/posts/20110310_ ... t_domains/); 3. A study on the contracted obligation for Bulk WHOIS Access;
4. Policy Failures and Malware (also detailed here:
http://www.circleid.com/posts/20100922_ ... s_vipmeds/); 5. A study of where counterfeiters go to buy
trademarked domain names; 6. And an introduction to our new statistical
methods for measuring Internet abuse which will be extended to all of our
members soon.

At this meeting we again witnessed the shocking disregard ICANN and the
Registrars have for Internet users and consumers. As we waited for a
critical session on Domain Abuse, featuring international law enforcement
and Internet security experts, to begin all of the Registrar representatives
vacated the lecture hall. Detective Michael Moran, of Interpool Internet
child abuse protection, bluntly said WHOIS accuracy is a joke and that ICANN
and the Registrars are not talking to him or helping, and he investigates
the worst child exploitation on the planet. Here’s the world’s top child
abuse cop calling out the Registrars for help and they all just left the
room (full transcript:
http://svsf40.icann.org/meetings/silico ... r11-en.txt). We heard the same from drug enforcement agents detailing the
effects of counterfeit medications purchased online and more silence from
Registrars. Garth Bruen of KnujOn posed a question to Law Enforcement during
this session asking if the current model of Registrar self-policing was an
effective one. The question befuddled the Internet cops as they intimated
that there is little to no cooperation at the moment. This is the vacuum of
responsibility KnujOn is working tirelessly to address. A full interview on
the session with other information can be found on NameSmash:
http://www.namesmash.com/?p=659

In streamlining and scaling back we have had to modify the way we post
information and better utilize the changing media. To this end we have moved
KnujOn news to twitter.com/knujon, our blog is now at
circleid.com/members/3296/, and member forum is at
http://www.linkedin.com/groups?gid=1870205. Keeping a website current is
difficult with minimal staff, this new minimized strategy will free up our
time.

Knujon is still having an incredible impact on spam and illicit Internet
traffic. Just recently a "rogue domainers" forum complained that KnujOn is
ruining their access to illicit domains, forcing them into country code
domains(ccTLDs) which have even less enforcement:
http://rogue.su/tag/cctld-vs-gtld/. Additionally we have been told in
confidence that some journalists who report on KnujOn have been threatened
by Registrars with lawsuits or been given disinformation. During one of our
recent investigations an ICANN accredited Registrar threatened to blacklist
KnujOn if we continued to email themwith questions about their policies.

Thanks and stay tuned for revamped a report interface.

***************************************************

Submission options: http://www.knujon.com/sendusspam.html
To request FTP access, email contact@knujon.com

Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn
Shop: http://www.cafepress.com/knujon
Bookstore: http://astore.amazon.com/knujocom-20

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have
grown exponentially in the last year and our pay is still zero. We are
committed to this solution and appreciate your patience while we work our
way through the maze of Internet bureaucracy to reduce illicit traffic and
spam.

Thank you for your continued support!


Sounds like quite a meeting.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Knujon Weekly Reports

Postby spamislame » Tue Apr 05, 2011 10:13 am

I definitely recommend reading the transcript file. I'm only reading segments of it and it's good to see that the big law enforcement representatives are taking action on things like child abuse and pharmacy spammers.

Well done for calling out ICANN (throughout the transcript) and registrars. Shame on the registrars for leaving the meeting. I'd like to think this means that law enforcement is keeping a very sharp eye on registrars who impede the legal process going forward.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Knujon Weekly Reports

Postby Red Dwarf » Mon Aug 13, 2012 7:35 pm

For any of our members near to Toronto

Knujon wrote:ICANN Toronto: ICANN will be holding a public meeting in Toronto Canada 14 -
19 October (meetings.icann.org/icann45). We are reaching out to all KnujOn
members within easy reach of Toronto to attend the meeting. These meetings
are free and open to the public. KnujOn has been attending ICANN meetings
regularly since 2008 and advocating on behalf of the Internet user. We have
received a significant amount personal intimidation from Registrars at these
meetings when discussing our findings. These underhanded efforts have
largely failed and we have gathered more supporters at the meetings. I say
-largely failed- because some ICANN staff have caved into the intimidation
and now refuse to talk to KnujOn. Regardless, these meetings are an
excellent opportunity to engage the organization and insert effective
policy. Please consider coming to the meeting and coordinating with KnujOn
in person. We will introduce you to the guts of the Internet policy monster
responsible for failing to deal with your spam. KnujOn is on several working
groups and policy committees dedicated to improving Internet policy, There
will also be a free catered event specifically for members of the community.
We will also have options for remote participation from KnujOn members,
details to be updated here: knujon.com/index.html#icannToronto. We are
hoping to enlarge Internet user participation in the ICANN policy process by
enrolling KnujOn members in the At-Large community, detailed below. Those of
you in North America will get a second, more detailed notice about this
meeting.

User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10448
Joined: Tue Jun 27, 2006 2:01 am

Previous

Return to Spam In The News

Who is online

Users browsing this forum: No registered users and 1 guest

cron