Tag: Security

Posted on

Spammer Alert: milkcheesedns.com

I have tried contacting eNom.com regarding domain names used for sending spam and I haven’t had any positive responses. eNom.com always passing the responsibility because eNom.com does not provide hosting for the offending domain names.

Every time I tried reporting the offending domain through eNom.com page (http://www.enom.com/terms/AbusePolicy.asp) it always returned an error.

Why wouldn’t Domain Registrar such as eNom.com take the reports seriously. For example the following domains are registered by the same individual based through eNom.com or namecheap.com:

  • plotladybugreward.net
  • teethgood-byelumber.net
  • spadesunmeasure.org
  • frogzephyrmint.com
  • cameraspadetoad.net
  • timehotwood.org
  • yardwristgoose.net
  • fatherbrakebushes.org

All the domains have similar whois info:

Registrant Contact:
1stinlinehost
Inline First ()

Fax:
1608 S. Ashland Ave.
Chicago, IL 60608
US

Administrative Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Technical Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Status: Locked

Name Servers:
ns1.milkcheesedns.com
ns2.milkcheesedns.com

Then there’s milkcheesedns.com:

  Domain Name: MILKCHEESEDNS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
Name Server: DNS3.REGISTRAR-SERVERS.COM
Name Server: DNS4.REGISTRAR-SERVERS.COM
Name Server: DNS5.REGISTRAR-SERVERS.COM
Status: clientTransferProhibited
Updated Date: 01-mar-2012
Creation Date: 27-feb-2012
Expiration Date: 27-feb-2013

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: milkcheesedns.com

Registrant Contact:
5th AVE Hosting
Trev Itamar ()

Fax:
PO Box 96503
Washington, DC 20090
US

Administrative Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Technical Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 28 Feb 2012 00:07:00
Expiration date: 27 Feb 2013 16:07:00

Surprise, it is registered through namecheap.com/eNom.com.

 

Posted on

Perspectives

The news from the first week of April 2012:

There seems to be a consensus of approximately 500,000 to 600,000 computers were affected by The Flashback Trojan. Forget about the possibility that some of the machines were running FreeBSD, Linux, Windows, or other operating systems. (Ars Technica)

After Apple released Java Update and Flashback malware removal tool there are two types of headlines:

Notice the language contrast between the two headlines. The prior sounds more negative then the latter.

Posted on

Apple releases Flashback malware removal tool for OS X Lion.

From Apple Support:

About Flashback malware removal tool
This Flashback malware removal tool that will remove the most common variants of the Flashback malware.

If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.

In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

This update is recommended for all OS X Lion users without Java installed.

Posted on

Apple releases Java for OS X 2012-003 to address Flashback malware.

From Apple Support:

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

Available for OS X Lion and Mac OS X Snow Leopard (Java for Mac OS X 10.6 Update 8).


It is recommended to disable Java in Safari. Go to Safari Preferences > Security > uncheck “Enable Java”

Apple no longer includes Java runtime with OS X Lion. If you never had any programs that required Java, OS X Lion will not prompt you to download and install the Java update.

Posted on

Java for OS X 2012-002

Déjà vu? Apple released Java for OS X 2012-002

Java for OS X 2012-002 delivers improved compatibility, security, and reliability by updating Java SE 6 to 1.6.0_31.

Please quit any web browsers and Java applications before installing this update.

See http://support.apple.com/kb/HT5055 for more details about this update.

See http://support.apple.com/kb/HT1222 for information about the security content of this update.

Java for Mac OS X 10.6 Update 7 | 79.7 MB

Java for OS X Lion 2012-002 | 66.9 MB

I’m pretty sure that Apple released Java for OS X 2012-001 on Tuesday April 3rd, 2012. On Apple Support Downloads page, Java for OS X 2012-001 has been replaced with Java for OS X 2012-002, and still dated on April 3rd, 2012.

Posted on

Java for OS X 2012-001

Apple releases Java for OS X 2012-001

Java for OS X 2012-001 delivers improved compatibility, security, and reliability by updating Java SE 6 to 1.6.0_31.

Please quit any web browsers and Java applications before installing this update.

See http://support.apple.com/kb/HT5055 for more details about this update.

See http://support.apple.com/kb/HT1222 for information about the security content of this update.

Java for OS X 2012-001 is available for Mac OS X 10.6 and OS X Lion.

Java for Mac OS X 10.6 Update 7 | 79.7 MB

Java for OS X Lion 2012-001 | 66.9 MB

Interestingly in OS X Lion, Mozilla Plugin Check does not detect the installed Java.