FTC Shuts Down Rogue ISP 3FN (Triple Fiber Network)

FTC Shuts Down Rogue ISP 3FN (Triple Fiber Network)

Score one for the good guys: In a press release issued yesterday, the Federal Trade Commission reported that they had shut down a rogue ISP called 3FN (Triple Fiber Network), with upstream service providers and datacenters having disconnected the ISP’s servers from the Internet. Brian Krebs of the always-excellent Security Fix blog reported that this disconnection apparently happened sometime on June 2nd.

The FTC says that 3FN (also known as Pricewert LLC) was knowingly hosting and actively participating in the distribution of spam, child pornography and other malware, including fake anti-virus programs (which, far from offering protection from malware, actually install malicious code on users’ machines).

The FTC has also frozen the assets of Pricewert, which “advertised its services in the darkest corners of the Internet” and distributed, amongo other things, “child pornographyphy, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest.”

The complaint also alleges that 3FN/Pricewert was operating botnets (which are the primary source of spam email these days) to send spam and launch denial-of-service attacks. This is one of the most common activites of “rogue ISPs” or so-called “bulletproof” hosts, so this is no surprise.

I’ve taken a look at Proofpoint’s spam trap activity over the past week to see if the shutdown of 3FN caused any significant drop in spam volumes. From the chart (click the image in the upper left-hand corner of this post for a larger view) — which shows hourly spam volume being received by an assortment of Proofpoint’s “honeypot” spam traps — there may have been a small impact on spam volumes earlier in the week, but it’s hard to say anything conclusive. And, as you can also see, hourly spam volumes have risen slightly since June 2nd. It’s important to note that spam volumes can swing quite wildly day by day and hour by hour and the fluctuations seen here are pretty typical.

It’s interesting to compare the mild changes in this chart to the much more radical effect seen after the shutdown of rogue ISP McColo (see my previous blog post here)

That being said, anytime a bad actor like 3FN is disconnected from the net, it’s a good thing.

More coverage of the FTC’s shutdown of 3FN:

Federal Trade Commission v. Pricewert LLC also d/b/a 3FN.net, Triple Fiber Network, APS Communications, and APS Communication.
(United States District Court Northern District of California San Jose Division)

Civil Action No. 09-CV-2407
FTC File No. 092 3148

June 15, 2009

June 4, 2009

Russian Business Network IP Addresses

Russian Business Network IP Addresses

by James McQuaid

On 13 October 2007, The Washington Post published Brian Krebs’ well researched articles exposing the Russian Business Network:
http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html
http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html
http://www.washingtonpost.com/wp-dyn/content/story/2007/10/12/ST2007101202661.html?hpid=moreheadlines
http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101201700.html?sub=new

as the RBN ISP was taken offline, and their domains sortied; note “The Russians Go Chinese”:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7829
and “Russian Business Network: Down, But Not Out”:
http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.html

In early August 2008, the Russian Business Network launched a cyber “first strike” against Georgia from IP space within Turkey. This preceeded the mobilization of Russian nationalist hacktivists.

On August 28, 2008, Brian Krebs covered the release of “Cyber Crime USA”, a report by Jart Armin, Matt Jonkman and myself. As a consequence, by Monday, September 8th, Atrivo was taken offline. Then, on October 29, 2008, the Internet Corporation for Assigned Names and Numbers (ICANN) terminated the Registrar Accreditation Agreement (RAA) for EstDomains, Inc.

On November 12th 2008, Web hosting firm McColo was depeered (following behind the scenes investigations by a consortium of anti-virus companies and the open source security community), and world wide spam immediately fell by two-thirds.

On December 16, 2008, Micha Pekrul blogged on McAfee’s DNS changer investigation and UkrTeleGroup Ltd. On January 29, 2009, cybercrime host UkrTeleGroup Ltd. was taken offline.

Since the 2008 takedowns of the cybercrime bastions, the war waged by cybercriminals has intensified: 1) Between January 16 and 21, 2009, the Conficker worm infected 9 million PCs. 2) Throughout 2009, the RBN has expanded attacks to include Russian citizens and government offices.

On June 2nd 2009, “in an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations… The FTC alleges that Pricewert/3FN operates as a “‘rogue’ or ‘black hat’ Internet service provider that recruits, knowingly hosts, and actively participates in the distribution of illegal, malicious, and harmful content,” including botnet control servers, child pornography and rogue antivirus products.” http://voices.washingtonpost.com/securityfix/2009/06/ftc_sues_shuts_down_n_calif_we.html

The following sources have provided timely information:
Brian Krebs Security Fix: http://voices.washingtonpost.com/securityfix/
Jart Armin research: http://rbnexploit.blogspot.com
Dancho Danchev research: http://ddanchev.blogspot.com
David Bizeul research: http://isc.sans.org/presentations/RBN_study.pdf
Shadowserver research ‘Clarifying the “guesswork” of Criminal Activity’:
http://www.shadowserver.org/wiki/uploads/Information/RBN-AS40989.pdf

Utilize the Emerging RBN Rules in CentOS, Free BSD, Honeywall, OpenSUSE, PC BSD, Smoothwall, Ubuntu, etc.:
http://www.emergingthreats.net/rules/emerging-rbn.rules

When using IP blocking, you should block both inbound and outbound traffic.

Russian Business Network IP Addresses

Accounts Receivable Specialist:Confidential

Job offers as such are nothing more than a marketing ploy or deceptive marketing practices by non other than Mr. Alex Difrawi aka Alec Difrawi aka Ayman A. Difrawy aka Ayman A. El-Difrawi aka Alex Simon dba Three Stars Media dba 3Starsinc dba Three Stars Inc dba Internet Solutions Corporation and his many aliases. Mr. Difrawi goal is to get you to sign up for continuing education. He should say outright what it is he’s peddling.

An Example of What ScamFraudAlert seek from Mr. Difrawi – Good Business Practices

3Stars Inc Leader in Internet Marketing For Online Education Providers

Company Name Confidential

Job Category Accounting/Finance; Clerical/Administrative
Location Athens, GA • Macon, GA
Position Type Full-Time, Employee
Salary $28,000 to $32,000 per year
Experience 0-1 Years Experience
Desired Education Level High School
Date Posted June 19, 2009

We are an International Receivables Management Company that provides innovative strategies for Fortune 500 companies. We are currently searching for qualified individuals to grow with us.

If you are looking for an exciting, fast paced and rewarding career, we have the position for you as an Accounts Receivables Specialist. The rate of pay is $28,000 to $32,000 per year with positions available immediately.

Responsibilities:

  • Manage assigned receivable portfolio.
  • Utilize skills, as well as company policies and procedures to perform timely collection of accounts receivables.
  • Effectively identify and resolve customer issues preventing payment, which may include research within multiple systems/tools.
  • Handle very complicated reconciliation accounts.
  • Contact clients’ customers to request backup documentation. Escalate issues when needed.

We are looking for candidates who are interested in advancing in their career through experience and education. Some college is preferred for this position, but not required. Education assistance may be available.

Competitive salary and benefits will be offered to the successful candidate!

Keywords: Accounting Clerk Accounts Payables Clerk Accounting Assistant, Bookkeeper Accounts Receivable Clerk Accounting Associate Fiscal Technician Accounting Representative, Accounting Technician Accounting Analyst

Accounts Receivable Specialist Confidential Athens, GA

  • Macon, GA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Atlanta, GA

  • Augusta, GA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Costa Mesa, CA

  • Riverside, CA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Joliet, IL

  • Rockford, IL
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Abilene, TX

  • Corpus Christi, TX
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Santa Clara, CA

  • Stockton, CA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Albany, NY

  • Syracuse, NY
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Spring Hill, FL

  • West Palm Beach, FL
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Columbus, GA

  • Savannah, GA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Chula Vista, CA

  • Inglewood, CA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential North Las Vegas, NV

  • Reno, NV
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Burbank, CA

  • Fresno, CA
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Plano, TX

  • Waco, TX
Jun 19
save –  hide company –  email –  similar jobs
Accounts Receivable Specialist Confidential Fort Lauderdale, FL

  • Tallahassee, FL
Jun 19
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Rockford, IL

  • Springfield, IL
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Fort Worth, TX

  • San Antonio, TX
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Chesapeake, VA

  • Charleston, WV
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Anderson, SC

  • Florence, SC
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Evansville, IN

  • Hammond, IN
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Colorado Springs, CO

  • Denver, CO
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Kansas City, MO

  • St Louis, MO
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Oakland, CA

  • Sacramento, CA
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Jacksonville, FL

  • Chicago, IL
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Fresno, CA

  • Long Beach, CA
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Ann Arbor, MI

  • Clinton, MI
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential San Diego, CA

  • Stockton, CA
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Fort Wayne, IN

  • Hammond, IN
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Gastonia, NC

  • High Point, NC
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Birmingham, AL

  • Montgomery, AL
Jun 16
save –  hide company –  email –  similar jobs
Accounts Payable Specialist Company Confidential Charleston, SC

  • Columbia, SC
Jun 16

FIRE: Finding Rogue Networks

About FIRE

Motivation

For many years, online criminals have been able to conduct their illicit activities and masquerade behind disreputable Internet Service Providers (ISPs). For example, until recently, organizations such as the Russian Business Network (RBN) and Atrivo (a.k.a. Intercage) operated with impunity, providing a safe haven for Internet criminals for their own financial gain. What primarily sets these ISPs apart from others is the significant longevity of the malicious activities on their networks and the apparent lack of action taken in response to abuse reports. Interestingly, even though the Internet provides a certain degree of anonymity, such ISPs fear public attention. Once exposed, rogue networks often cease their malicious activities quickly, and the Internet criminals are forced to relocate their operations.

This website is the frontend of FIRE, a novel system to identify and expose organizations and ISPs that demonstrate persistent, malicious behavior. The goal is to isolate the networks that are consistently implicated in malicious activity from those that are victims of compromise. To this end, FIRE actively monitors botnet communication channels, spam traps, drive-by-download servers, and phishing web sites. This data is refined and correlated to quantify the degree of malicious activity for individual organizations and presented on this web page.

Fire – Finding Malicious Networks

Legal Threats- Colocation America aka Colocation America Corporation

Attorney Richard Morse representing Albert A. Ahdoot dba Colocation America Corporation, Colocation America, Inc., Colocation America, Colocation America send us a threat letter.


I’m tied up with an urgent family matter for the rest of the day and tomorrow, so I have neither the time nor the patience to explain this more than once.
Your DDOS attack (http://en.wikipedia.org/wiki/Denial-of-service_attack) which caused Colocation America, Multacom and Cogent Communications to go down for more than an hour, cost the three companies over $250K in revenue due to their lines being SHUT OFF! You are liable for this. This is in direct violation of your AUP http://colocationamerica.com/aup.htm as clearly stated in your contract. I am being provided receipts from every customer who has to be refunded. You are in breach of your 1 year contract where he owes us the remainder of it. You and ScamAFraudlert.com must immediately stand down in your postings. They must be taken down now.

You need to speak to a criminal attorney immediately to gauge your exposure, I am not your attorney and cannot so advise you. If you and your attorney wish to work out any type of accommodation with me, it can only happen with you immediately ceasing and desisting. You need to provide notice of that within the hour.

THE INDUSTRY PRACTICES Standard Level Agreement (SLA) Mr. ALBERT ARASH AHDOOT or Albert A. Ahdoot dba Colocation America aka Colocation America, Inc. aka Colocation America Corporation refer to SLA as Legal Agreement A clue for what you are up against.

Richard Morse
Entertainment Attorney
13935 Tahiti Way Suite 337
Marina Del Rey, CA

  1. Colocation America – Demand Letter
  2. Colocation America – Better Business Complaints Las Vegas
  3. Colocation America Threat Letter – Richard Morse
  4. Legal Document Relating to Colocation America
  5.  Letter From Attorney Paul S. Sigelman – Sigelmanlaw.com