[108110] in North American Network Operators' Group
Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
daemon@ATHENA.MIT.EDU (Russell Mitchell)
Wed Sep 24 02:50:41 2008
Date: Tue, 23 Sep 2008 23:50:11 -0700 (PDT)
From: Russell Mitchell <russm2k8@yahoo.com>
To: Mark Foo <mark.foo.dog@gmail.com>,
Bruce Williams <williams.bruce@gmail.com>
Cc: Christopher Morrow <christopher.morrow@gmail.com>, nanog@nanog.org,
Joe Greco <jgreco@ns.sol.net>
Errors-To: nanog-bounces@nanog.org
Hello=A0John Doe,=0A=0AI welcome any further comments you have.=0AWe have t=
o get past people such as yourself, and your blasphemous and false statemen=
ts.=0A=0AThis is the same issue with the recent=A0media and self-proclaimed=
"Security Researchers". Fly-by-night mind you.=0A=0ATo help you out in you=
r claims:=0AYes, we did house a client whom had quite a=A0run with=A0their =
client's from=A0various=A0locations, such as Russia.=0AThat Client is no lo=
nger hosted on our network. I myself spent all of monday afternoon, night, =
and tuesday morning shutting off EVERY machine they had leased in our Billi=
ng System. I'm currently working to scan further and see if there's anythin=
g I may have missed.=0A=0AYes, Russia is=A0very well known for Virus and Ma=
lware writer's.=0A=0AYes, we have had issues with malware distribution from=
our network.=0AThis was directly and near singularly related to the=A0form=
er client of ours. We did have another client, Hostfresh, whom had their sh=
are of malware issues.=0A=0ABoth have been completely and effectively remov=
ed. The server's leased to=A0both of them have been canceled, and their mac=
hines have been shutoff.=0A=0ALet me know if there's anything else you'd li=
ke me to state to the public.=0AWe're on a rocky road right now. But it IS =
starting to smooth out.=0A=0AThank you for your time. Have a great day.=0A=
=A0---=0ARussell Mitchell=0A=0AInterCage, Inc.=0A=0A=0A=0A----- Original Me=
ssage ----=0AFrom: Mark Foo <mark.foo.dog@gmail.com>=0ATo: Bruce Williams <=
williams.bruce@gmail.com>=0ACc: Christopher Morrow <christopher.morrow@gmai=
l.com>; nanog@nanog.org; Joe Greco <jgreco@ns.sol.net>=0ASent: Tuesday, Sep=
tember 23, 2008 11:08:21 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage: NO Up=
stream depeer=0A=0ANANOG:=0A=0ALook, the people posting here who are trashi=
ng Intercage are pure security=0Aanalysts -- they=0Aknow and understand the=
evil that is Intercage. STOP TRYING TO ASSIST=0AINTERCAGE=0A-- you are eff=
ectively aiding and abetting the enemy.=0A=0AIntercage/Atrivo hosts the mal=
ware c&c botnets that DDoS your systems and=0Anetworks.=0A=0AIntercage/Atri=
vo hosts the spyware that compromises your users' passwords.=0A=0AIntercage=
/Atrivo hosts the adware that slows your customers' machines.=0A=0ADon't ta=
ke my word for it, DO YOUR OWN RESEARCH:=0Ahttp://www.google.com/search?hl=
=3Den&q=3Dintercage+malware=0A=0AYou don't get called the ***American RBN**=
* for hosting a couple bad=0Amachines. They=0Ahave and will continue to hos=
t much of the malware pumped out of America.=0ATHEY=0AARE NOT YOUR COMRADES=
..=0A=0AThese people represent the most HIGHLY ORGANZIED CRIME you will ever=
=0Acome across. Most people were afraid to speak out against them until thi=
s=0Arecent ground swell.=0A=0AThis is the MALWARE CARTEL. GET THE PICTURE?=
=0A=0AMany links have been posted here that prove this already -- instead o=
f=0Aasking=0Awhat customers they cut off, let them show WHAT CUSTOMERS ARE =
LEGIT--=0Abecause there are NONE.=0A=0A=0A=0A=0A=0A> >> I would suggest a d=
ifferent Step 1.=A0 Instead of killing power, simply=0A> >> isolate the aff=
ected machine.=A0 This might be as simple as putting up a=0A> >> firewall r=
ule or two, if it is simply sending outgoing SMTP spam, or=0A> > it's proba=
bly easiest (depending on the network gear of course) to=0A> > just put the=
lan port into an isolated VLAN. It's not the 100%=0A> > solution (some bad=
ness rm's itself once it loses connectivity to the=0A> > internets) but it'=
d make things simpler for the client/LEA when they=0A> > need to figure out=
what happened.=0A> >=0A> > -chris=0A> >=0A> >=0A>=0A>=0A=0A=0A=0A
