Home » Learning Curve
The Russians Aren't ComingThey're already there.
It's a good thing this isn't the Cold War. The US are namely getting the shit kicked out of them.
It's one thing the RBN hosted Storm worm operation runs rampant over the holiday season and it's totally another how it runs.
Americans hoarded all sorts of obnoxious Rambo signature weapons in their closets in case the Russians were coming; after 911 they did the same thing for the Muslim invasion; but what do they do about their computers?
Clue: the Russians aren't coming - they're already there, you fools.
Счастливых праздников (Happy Holidays)
The Storm people began running a number of greeting card scams right before 25 December. The payloads were a literal cocktail of assorted exploits nestling into Windows systems through the service manager. But what's more interesting is how they got the fly by night domains to work.
Each domain is assisted by thirteen name servers run from Comcast, Road Runner, Verizon, Southwest Bell, Qwest, Charter, SBC, Insight, and a minority representation from the Netherlands, Germany, Hungary, Japan, and Korea. These name servers are simply Windows PCs owned and operated by clueless nimrods.
The following are tables of the DNS servers associated with a number of these domains. Счастливых праздников.
UHAVEPOSTCARD.COM
UHAVEPOSTCARD.COM was registered to 'Kerry Corsten' of 'Los-Angeles' on 23 December.
| ns.uhavepostcard.com | 68.52.93.226 | c-68-52-93-226.hsd1.tn.comcast.net |
| ns2.uhavepostcard.com | 71.194.49.109 | NET-71-194-0-0-1 [Comcast] |
| ns3.uhavepostcard.com | 67.8.56.110 | 110-56.8-67.tampabay.res.rr.com |
| ns4.uhavepostcard.com | 68.41.2.40 | c-68-41-2-40.hsd1.mi.comcast.net |
| ns5.uhavepostcard.com | 71.107.40.217 | pool-71-107-40-217.lsanca.dsl-w.verizon.net |
| ns6.uhavepostcard.com | 69.148.251.234 | adsl-69-148-251-234.dsl.wchtks.swbell.net |
| ns7.uhavepostcard.com | 69.247.162.86 | c-69-247-162-86.hsd1.ks.comcast.net |
| ns8.uhavepostcard.com | 68.187.46.125 | 68-187-46-125.dhcp.ftwo.tx.charter.com |
| ns9.uhavepostcard.com | 76.111.115.55 | c-76-111-115-55.hsd1.md.comcast.net |
| ns10.uhavepostcard.com | 75.17.124.140 | adsl-75-17-124-140.dsl.rcsntx.sbcglobal.net |
| ns11.uhavepostcard.com | 85.180.72.115 | e180072115.adsl.alicedsl.de |
| ns12.uhavepostcard.com | 86.101.3.252 | catv-566503fc.catv.broadband.hu |
| ns13.uhavepostcard.com | 83.81.49.77 | 5351314d.cable.casema.nl |
NEWYEARWITHLOVE.COM
NEWYEARWITHLOVE.COM was registered on 26 December to 'Bill Gudzon' of 'Los-Angeles' on 26 December. There is only one 'Gudzon' in all of the US and that's an 'Alecscander' and he's in Connecticut. There is however a major Russian portal with that name.
| ns.newyearwithlove.com | 69.148.251.234 | adsl-69-148-251-234.dsl.wchtks.swbell.net |
| ns2.newyearwithlove.com | 75.17.124.140 | adsl-75-17-124-140.dsl.rcsntx.sbcglobal.net |
| ns3.newyearwithlove.com | 74.140.209.145 | 74-140-209-145.dhcp.insightbb.com |
| ns4.newyearwithlove.com | 75.24.24.249 | adsl-75-24-24-249.dsl.yntwoh.sbcglobal.net |
| ns5.newyearwithlove.com | 76.119.119.58 | c-76-119-119-58.hsd1.ma.comcast.net |
| ns6.newyearwithlove.com | 67.180.183.105 | c-67-180-183-105.hsd1.ca.comcast.net |
| ns7.newyearwithlove.com | 69.138.252.207 | c-69-138-252-207.hsd1.md.comcast.net |
| ns8.newyearwithlove.com | 89.136.176.227 | astral.ro [Romania] |
| ns9.newyearwithlove.com | 82.240.196.133 | gar31-4-82-240-196-133.fbx.proxad.net |
| ns10.newyearwithlove.com | 67.8.56.110 | 110-56.8-67.tampabay.res.rr.com |
| ns11.newyearwithlove.com | 83.7.208.236 | ablo236.neoplus.adsl.tpnet.pl |
| ns12.newyearwithlove.com | 86.101.3.252 | catv-566503fc.catv.broadband.hu |
| ns13.newyearwithlove.com | 125.14.229.130 | 125-14-229-130.rev.home.ne.jp |
FAMILYPOSTCARDS2008.COM
FAMILYPOSTCARDS2008.COM was registered to 'Larry Claus' of 'Los-Angeles' on 29 December.
| ns.familypostcards2008.com | 68.248.157.236 | adsl-68-248-157-236.dsl.ipltin.ameritech.net |
| ns10.familypostcards2008.com | 123.202.159.18 | 123202159018.ctinets.com |
| ns11.familypostcards2008.com | 85.217.201.159 | 201-159.thezone.bg |
| ns12.familypostcards2008.com | 211.171.10.67 | bora.net [Korea] |
| ns13.familypostcards2008.com | 58.241.229.11 | jsnetcom.com [China] |
| ns2.familypostcards2008.com | 209.91.34.130 | user-38lm8k2.cable.mindspring.com |
| ns3.familypostcards2008.com | 69.181.38.17 | c-69-181-38-17.hsd1.ca.comcast.net |
| ns4.familypostcards2008.com | 81.200.116.58 | host-81-200-116-58.starnet.ru |
| ns5.familypostcards2008.com | 68.40.145.194 | c-68-40-145-194.hsd1.mi.comcast.net |
| ns6.familypostcards2008.com | 220.94.203.81 | kornet.net [Korea] |
| ns7.familypostcards2008.com | 70.242.88.199 | ppp-70-242-88-199.dsl.okcyok.swbell.net |
| ns8.familypostcards2008.com | 130.13.110.121 | vdsl-130-13-110-121.phnx.qwest.net |
| ns9.familypostcards2008.com | 71.234.37.84 | c-71-234-37-84.hsd1.ct.comcast.net |
С Новым Годом (Happy New Year)
So Mr and Mrs Fred and Wilma Willard of Kansas City are going to bed but decide they can leave their PC on. After all Windows crashes a lot less than it used to.
Simultaneously Igor Goulasch of Hungary and Saki Tempura of Japan leave their PCs on and do the same.
All have visions of sugar plums dancing in their heads. С Новым Годом.
|