[nsp-sec] intercage/atrivo

Huopio Kauto Kauto.Huopio at ficora.fi
Wed Sep 17 01:45:54 EDT 2008 

One very important part of the puzzle is the
Estdomains/Esthost/Est-whatever. 
As far as I've understood, they are more than 50% of Intercage revenue. 

They issued a "press release" through PR Newswire this monday on their
innocence:

http://www.prweb.com/releases/2008/9/prweb1325214.htm

Pardon my language, but I'd call this as the ultimate BS release of the
year. 

The following URL belongs to an organisation with questionable
background - please 
take browser precautions accordingly.

There seems to be a St. Petersburg (Russia) are blackhat - and now I
really mean blackhat 
summer party called AWM Summer Party. See their website - which hosting
company 
and which domain registrar are sponsoring the party?

http://www.awmsummerparty.com/

Google translator does a decent job here from Russian to English. See
other sponsors..
MOS Money "We work with big numbers". Hmm, mosmoney.com: 

   Domain Name: MOSMONEY.COM
   Registrar: ESTDOMAINS, INC.
   Whois Server: whois.estdomains.com
   Referral URL: http://www.estdomains.com
   Name Server: NS1.INFOBOX.ORG
   Name Server: NS2.INFOBOX.ORG

Registrant:
    qwert
    alex        (interstromontazh at mail.ru)
    mos
    mos
    Moskovskaya oblast,123325
    RU
    Tel. +567.3453445


Just a repeat from this funny press release:

EstDomains, Inc (http://estdomains.com), a US-based domain name
Registrar, 
officially declares opposition to malware mongers in order to protect
Internet 
users from attacks on their computers or stealing of their important
data. 
EstDomains, Inc pays special attention to domain name holders' private 
data protection and secure money transaction operations. It can be said
in 
all modesty that EstDomains, Inc has succeed in protecting its customers

from any possible occurrence of fraudulence or cracking. However, being
an 
eminent member of interactive community, EstDomains, Inc management
along 
with other giants of online industry continues its struggle against
malicious 
software distribution and is giving its best to work out even more 
efficient solutions for detecting malware sources.


Bah. 

--Kauto
CERT-FI

More information about the nsp-security mailing list