Last visit was: Sat Jul 05, 2014 5:41 am
It is currently Sat Jul 05, 2014 5:41 am

Knujon Weekly Reports


All times are UTC - 5 hours [ DST ]


 [ 75 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
 PostPosted: Wed Jan 06, 2010 11:24 am   
Spammer Killing Machine
User avatar

Joined: Thu Apr 03, 2008 4:33 pm
Posts: 590
Location: Florida
In other Knujon news, appears they are back; the news page has been updated at least. My reports page has changed. It appears the dates and suspensions have "reset" to zero....while Sites reported is 519 and total instances is 5127
The circle graph is "empty" right now....back last year (december) it had more portions. And the high instances have been updated too.

_________________
SpamPoison


Top
 Profile  
 PostPosted: Tue Jan 12, 2010 1:54 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
Hello,

Happy New Year and thank you for your participation

We realize that some of you are having problems with your reports or are generally dissatisfied with the quality of the reports. We are doing the best we can to resolve these issues but there are some details everyone should know, especially newer members. The KnujOn process was not initially designed to be a client-oriented project. The client reports were retro-fitted on the existing process at the request of our earliest members and have new features added on in an ad-hoc fashion. We truly understand the importance of community involvement and we strive to champion and empower the regular Internet user. To this end we will continue rebuild the client interface as well as our core process to serve you better. The website and other critical pieces are also being redesigned.

The other areas of our work a progressing in major, not yet seen ways. We are spearheading a push against illicit online pharmacy that is changing the way the illegal networks operate and limiting their access to U.S.-based resources they have been using without interruption for many years. This article:
http://www.circleid.com/posts/20100104_ ... _property/
has become a lightning rod and is under attack from the very ISPs profiting from spam and online abuse. Their panic shows we can win this fight.

Check out Brian Krebs at: krebsonsecurity.com

***************************************************
In order to serve our clients better and troubleshoot processing we have added a submission receipt page to the reports. This simple report will indicate the files received and the success or failure of data extraction. This will ensure that what you believe you sent is what we received and processed. This receipt will only be for submissions going forwarded.

Knujon news: http://www.knujon.com/news.html
Knujon Discussion Group at LinkedIn:
http://www.linkedin.com/groups?gid=1870205
KnujOn Blog: http://www.circleid.com/members/3296/
Twitter: @ KnujOn

Knujon forum at inboxrevenge.com:
viewtopic.php?f=9&t=1666

KnujOn is an all volunteer, un-funded initiative. Our responsibilities have grown exponentially in the last year and our pay is still zero. We are committed to this solution and appreciate your patience while we work our way through the maze of Internet bureaucracy to reduce illicit traffic and spam.

Thank you for your continued support!


Top
 Profile  
 PostPosted: Tue Jan 12, 2010 2:45 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
I like this segment:

Quote:
Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion


I may investigate the creation of some boilerplate copy that we can add into complainterator complaints about that kind of copy. :)

SiL


Top
 Profile  
 PostPosted: Tue Jan 26, 2010 2:17 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
We want to be clear about issues with the KnujOn reports. There is a problem
with the machine our database sits on. Unfortunately, there is no help desk
to call when these things happen, we are the help desk. Our limited staff
and resources throw us into a bind if serious technical problems occur.
However, this is also an opportunity to reevaluate our process. We have
learned many things in the last few years and the early KnujOn model needs
to be redesigned to suit our changed understanding. We have, in fact,
reached many of the original goals of KnujOn, but now we need to take it to
the next level.

In terms of your experience, we will completely purge and recreate the
client reports, carefully observing the process as the reports are written.
The process for generating reports will be examined step by step. Please
bear with us.

>From the global project perspective, we are working effectively to dismantle
all the major illicit pharmacy networks, one-by-one. This has taken up a
considerable amount of our time, but would not have happened without your
participation.

We realize that some of you are having problems with your reports or a re
generally dissatisfied with the quality of the reports. We are doing the
best we can to resolve these issues but there are some details everyone
should know, especially newer members. The KnujOn process was not initially
designed to be a client-oriented project. The client reports were
retro-fitted on the existing process at the request of our earliest members
and have new features added on in an ad-hoc fashion. We truly understand the
importance of community involvement and we strive to champion and empower
the regular Internet user. To this end we will continue rebuild the client
interface as well as our core process to serve you better. The website and
other critical pieces are also being redesigned.

The other areas of our work a progressing in major, not yet seen ways. We
are spearheading a push against illicit online pharmacy that is changing the
way the illegal networks operate and limiting their access to U.S.-based
resources they have been using without interruption for many years. This
article:
http://www.circleid.com/posts/20100104_ ... _property/
has become a lightning rod and is under attack
from the very ISPs profiting from spam and online abuse. Their panic shows
we can win this fight.


Top
 Profile  
 PostPosted: Sun Mar 21, 2010 11:47 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
Hello,

We apologize for not sending out regular notices for a while, but we did not
feel it prudent since the report interface has stalled. You may have noticed
that your report was gone before today. We purged all the exiting reports
and re-populated them to clean house and start fresh. We are monitoring the
creation of reports. Unfortunately, while all client reports have been
republished, not all reports are current. We have had some major systems
failures and strange network behavior. We ordered a memory upgrade that took
longer than expected. However, we are back into the swing of things and
addressing all problems. It may take us a while to return to regular report
updates but that is our goal.

Three main problems: 1. Not all samples are getting to knujon, 2. Not all
data is being extracted from processed samples, 3. Not all knujon members
are getting action or satisfaction. We are working to correct this. To
start, in your receipt page each file we processed from you is listed. If a
file you sent or uploaded is not present, we did not get it. The receipt
will also indicate whether or not we were able to extract data. Sometimes we
get files from members we cannot read. Sometimes we receive samples from
clients that are empty and this is also indicated. Samples that do not
produce results are now being diverted for further analysis. If there is no
receipt page we have not processed anything from you recently, but this may
be because we have not gotten to it yet.

We have some members who submit thousands of samples and some who only
submit a few. In response we were trying to create a report interface that
would meet the needs of people with different volumes, trying to make the
shoe fit all feet. This has not worked so we are redesigning the reports to
match the individual submission volume and return information that is more
interesting and actionable. Some of our members are happy to just report
junk mail and forget about it, others like to review and use the reports.
For the later we will make the reports more interactive and offer
opportunities to participate in KnujOn enforcement actions.

On other fronts, were a spearheading a massive effort against rogue
Registrars and illicit online networks called The Internet Doomsday Book, to
be officially announced this week at the MIT Spam Conference
(http://projects.csail.mit.edu/spamconf/) and published at the ICANN meeting
in June (http://brussels38.icann.org/). Details about the Doomsday Book will
be published on KnujOn along with opportunities to participate in its
development and sign-on as a supporter.

We also will soon be announcing a major victory over one of the largest
illicit pharmacy networks in the world. Stay tuned!


Top
 Profile  
 PostPosted: Mon Mar 22, 2010 10:22 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
AlphaCentauri wrote:
Quote:
On other fronts, were a spearheading a massive effort against rogue
Registrars and illicit online networks called The Internet Doomsday Book


Very exciting. :silthumb:

SiL


Top
 Profile  
 PostPosted: Mon Apr 12, 2010 6:33 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
Hello,

We are waiting on the arrival of some new equipment and a larger bandwidth
to so we can re-commit ourselves to the client experience of this project.

While we are waiting, the reports are being overhauled and unused and
redundant sections will be removed. In the near future we will provide
details and a preview and instructions. The updated report interface will
feed directly into a powerful backend process designed to change Internet
accountability.

Our official response to the recent ICANN WHOIS study can be found here:
http://forum.icann.org/lists/whois-accu ... 00008.html. This
response follows our announcement of the KnujOn Internet Doomsday Book
Project, a bold effort to examine the uncountable and undocumented Internet
architecture. Participation in the Doomsday Book is open to the public, but
KnujOn members will have a built-in function for participating. Details of
our progress will be posted on the site.


The whole list of comments is here:
http://forum.icann.org/lists/whois-accu ... html#00008
There are some very well thought out responses, though disappointingly few.


Top
 Profile  
 PostPosted: Sun May 16, 2010 12:42 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
Hello,

Yes, we have been out of touch for a while, but not without good reason. In
conjunction with LegitScript.com we have dismantled the bulk of the largest
illicit online pharmacy network, the so-called EvaPharmacy (full report
here: http://legitscript.com/download/Rogues- ... Report.pdf).
This the culmination of over a year of work that KnujOn members contributed
to. Thousands of sites removed, an Internet criminal enterprise hobbled. Pat
yourself on the back.

More information:
http://www.darkreading.com/securityserv ... ticle.jhtm
l?articleID=224700688
http://www.buysafedrugs.info/News/Docum ... ntID=25793
http://news.hostexploit.com/cybercrime- ... gs-a-their
-killer-online-pharmacies.html

However, our work is not yet done. A handful of Registrars, most prominently
eNom and Moniker, have refused to comply and continue to support the
criminal network by sponsoring their domains. This has culminated in a
contractual compliance crisis at ICANN. On December 23, 2008 the National
Boards of Pharmacy issued a letter to eNom(care of Sarah Akhtar Cooper)
expressing concern over their continued sponsorship of illegal online
pharmacies. A copy of the letter may be found at
http://www.legitscript.com/download/NAB ... o-eNom.pdf. Subsequently,
it was confirmed with the Pharmacy Boards of Manitoba, Minnesota, Ontario,
Quebec, and Texas that the “pharmacy licenses” posted by the eNom-sponsored
domains were forgeries. It is important to understand that local pharmacy
boards are the primary regulatory bodies in this area. Notices of the
forgeries were also sent to eNom. eNom received a request to terminate 3000
unlicensed pharmacy domains on December 1, 2009. eNom is in grave violation
of Registrar Accreditation Agreement Section 3.7.2: "Registrar shall abide
by applicable laws and governmental regulations."

This information was disseminated to the industry and public in what has
become the most read and most discussed CricleID posting, "When Registrars
Look the Other Way, Drug-Dealers Get Paid"
(http://www.circleid.com/posts/20100504_ ... ther_way_d
rug_dealers_get_paid/). We have received considerable backlash for this
article, even directly from a Registrar.



In one final note, a statement drafted by KnujOn regarding WHOIS
inaccuracies was submitted to the ICANN board and staff by the At-Large
Advisory Committee(ALAC).
http://gnso.icann.org/node/12361
https://st.icann.org/gnso-liaison/index ... nt_whois_r
eports


Top
 Profile  
 PostPosted: Sun May 16, 2010 12:56 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
I would have to say that while this is good news, the use of the word "dismantled" is misleading. They didn't take down the affiliate program, they just shut down a large number of domains. I am not sure how we continue to investigate Eva Pharmacy / Bulker.biz without actually knowing (yet) where their affiliate portal is located.

Still good news, and I still salute the effort. But the work is only partly done.

SiL


Top
 Profile  
 PostPosted: Wed Jun 09, 2010 1:37 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
AlphaCentauri wrote:
Quote:
Hello,

Yes, we have been out of touch for a while, but not without good reason. In
conjunction with LegitScript.com we have dismantled the bulk of the largest
illicit online pharmacy network, the so-called EvaPharmacy (full report
here: http://legitscript.com/download/Rogues-and-Registrars-Report.pdf).
This the culmination of over a year of work that KnujOn members contributed
to. Thousands of sites removed, an Internet criminal enterprise hobbled. Pat
yourself on the back.


I wonder why they have pulled that full report out of circulation?


Top
 Profile WWW  
 PostPosted: Wed Jun 09, 2010 1:49 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Red Dwarf wrote:
I wonder why they have pulled that full report out of circulation?


And they haven't updated the links on their own blog:
http://www.legitscript.com/blog/120

I'll inquire at the Knujon forum.


Top
 Profile  
 PostPosted: Wed Jun 09, 2010 2:30 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
And I have asked the authors, legitscript.

It's a bit annoying, as I am trying to counter a Russian registrar's assertion:

Quote:
From: Michail Egorov [mailto:[email protected]]
Sent: Wednesday, June 09, 2010 1:40 AM
Subject: [regtime #225681] Removal request: 32432dsfds.ru

According to rules of .RU domains registration, we can only suspend such domains on the basis of the effective judgment by the court of law
--
Regards, Michail Egorov,
Webnames.Ru technical support


I was hoping to point him at that report. :-(
Quote:
I do not understand. Why do some registrars in Russia put illegal sites on client hold when we request it, without any court order, but your company refuses?

Please get legal advice from your lawyers.

A refusal to cancel service contracts when they are obviously illegal can result in prosecution for assisting in a crime. This is the same in Russia as it is in other countries.

The incorrect response that you need a court order has been discussed in public at a report published recently

See the report at http://www.legitscript.com/blog/120

I again ask that your company takes a firm position against abuse of your service contracts from criminals.

All registrars present their Terms of Service on their web site. These terms give the registrar the right to terminate the service contract when the domain is used for unlawful purposes, with no reference to a court order. The judgment that a domain is used for illegal purposes is made by the registrar. The research has already been performed. You can find it in the links to the wikipedia at
http://spamtrackers.eu/wiki/index.php/C ... known_Spam

Thank you for your understanding


Top
 Profile WWW  
 PostPosted: Wed Jun 09, 2010 1:04 pm   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
It seems the report is now accessible again.
http://www.legitscript.com/download/Rog ... Report.pdf

_________________
Arf, she said


Top
 Profile  
 PostPosted: Wed Jun 09, 2010 3:42 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
LegitScript wrote:
Thanks for letting us know. This was a technical glitch on our end. The report should now be available. Thanks again.


Top
 Profile WWW  
 PostPosted: Fri Jun 11, 2010 2:15 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Quote:
GoDaddy hit with intrusion, including KnujOn.com

In the interests of full disclosure, GoDaddy web servers were hit with a PHP injection that added code to some KnujOn pages. The additional code forwarded the user's browser to a site that attempts to download malicious software and display a "scareware" site selling fake anti-virus software. KnujOn techs immediately located the infected page and disabled it. We analyzed the code and it. The encrypted insertion tries to load this string of Base64:

"PHNjcmlwdCBzcmM9Imh0dHA6Ly9jbG91ZGlzdGhlYmVzdG5vdy5jb20va3AucGhwIj48L3NjcmlwdD4"

Which decoded is: cloudisthebestnow[DOT]com

We have filed complaints against this site, which is sponsored by the problem Registrar BIZCN, and their NameServer, OKLAHOMACITYCOM.COM.

Special thanks to the member who noticed it early. No official word from GoDaddy yet. No KnujOn client information is stored online.

More information:
http://blog.sucuri.net/2010/06/godaddy- ... stnow.html
http://www.knujon.com/news.html#06092010


The question is, did they file the complain with bizcn.com, or with ICANN?


Top
 Profile  
 [ 75 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Ahrefs, Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008