Thursday, January 13, 2011

Don't Click

I see Mike V, Oleg, Mama L...seems to be targeted toward liberty-types...

If you know anybody on this list, warn them about this.  It's either a computer that's been taken over or else an edress spoofing. In any case, they don't want to click on the link.

4 comments:

MamaLiberty said...

Weird...

Probably going to be a lot more of this now, actually. My publisher also just got me to get a facebook account. I don't care much for it, at least so far, but he seems to think it will be important for marketing my book. We shall see.

Kent McManigal said...

That address belongs to someone I have been in contact with for a long time, "Bill Hicks", although I haven't heard from him recently. It makes me suspect he abandoned that email address and someone swiped it. I have other contacts that has happened to when they stopped using a particular email address.

Anonymous said...

That blogspot page will attempt to redirect you to http://jwige.ru/, which is the URL you don't want anyone to click (so don't visit it).

There is apparently no webserver running there, although the port is open. That suggests its designed only to collect information about you when you connect to it, however, it can't really do much of that. They can log an IP but that's it.

In fact several ports are open/filtered; the server is likely an infected windows machine. Since the webserver does not reply, perhaps a responsible sysadmin firewalled it off and is waiting for the actual owner to wipe the box clean.

PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1214/tcp filtered fasttrack
6346/tcp filtered gnutella
6699/tcp filtered napster
8080/tcp open http-proxy


The domain name is registered with what is probably an anonymizing email service.

I suppose anybody who speaks russian could give the number a call or try to look it up with a phone directory service.

whois jwige.ru
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian)
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).

domain: JWIGE.RU
nserver: ns1.jwige.ru. 202.144.10.90
nserver: ns2.jwige.ru. 218.67.78.181
state: REGISTERED, DELEGATED, UNVERIFIED
person: Private Person
phone: +7 4212 320405
e-mail: meteor@ppmail.ru
registrar: NAUNET-REG-RIPN
created: 2010.12.14
paid-till: 2011.12.14
source: TCI

Last updated on 2011.01.14 01:53:42 MSK/MSD


A host running its own nameservers suggests the offender works at a NOC, or is otherwise trying to run a self-contained operation of some kind.

cocked and loaded said...

I see my old email address on there. Thats interesting.