Thursday, January 13, 2011

Don't Click

I see Mike V, Oleg, Mama L...seems to be targeted toward liberty-types...

If you know anybody on this list, warn them about this.  It's either a computer that's been taken over or else an edress spoofing. In any case, they don't want to click on the link.

4 comments:

  1. Weird...

    Probably going to be a lot more of this now, actually. My publisher also just got me to get a facebook account. I don't care much for it, at least so far, but he seems to think it will be important for marketing my book. We shall see.

    ReplyDelete
  2. That address belongs to someone I have been in contact with for a long time, "Bill Hicks", although I haven't heard from him recently. It makes me suspect he abandoned that email address and someone swiped it. I have other contacts that has happened to when they stopped using a particular email address.

    ReplyDelete
  3. That blogspot page will attempt to redirect you to http://jwige.ru/, which is the URL you don't want anyone to click (so don't visit it).

    There is apparently no webserver running there, although the port is open. That suggests its designed only to collect information about you when you connect to it, however, it can't really do much of that. They can log an IP but that's it.

    In fact several ports are open/filtered; the server is likely an infected windows machine. Since the webserver does not reply, perhaps a responsible sysadmin firewalled it off and is waiting for the actual owner to wipe the box clean.

    PORT STATE SERVICE
    22/tcp filtered ssh
    80/tcp open http
    135/tcp filtered msrpc
    136/tcp filtered profile
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    445/tcp filtered microsoft-ds
    1214/tcp filtered fasttrack
    6346/tcp filtered gnutella
    6699/tcp filtered napster
    8080/tcp open http-proxy


    The domain name is registered with what is probably an anonymizing email service.

    I suppose anybody who speaks russian could give the number a call or try to look it up with a phone directory service.

    whois jwige.ru
    % By submitting a query to RIPN's Whois Service
    % you agree to abide by the following terms of use:
    % http://www.ripn.net/about/servpol.html#3.2 (in Russian)
    % http://www.ripn.net/about/en/servpol.html#3.2 (in English).

    domain: JWIGE.RU
    nserver: ns1.jwige.ru. 202.144.10.90
    nserver: ns2.jwige.ru. 218.67.78.181
    state: REGISTERED, DELEGATED, UNVERIFIED
    person: Private Person
    phone: +7 4212 320405
    e-mail: meteor@ppmail.ru
    registrar: NAUNET-REG-RIPN
    created: 2010.12.14
    paid-till: 2011.12.14
    source: TCI

    Last updated on 2011.01.14 01:53:42 MSK/MSD


    A host running its own nameservers suggests the offender works at a NOC, or is otherwise trying to run a self-contained operation of some kind.

    ReplyDelete
  4. I see my old email address on there. Thats interesting.

    ReplyDelete

Keep it on topic. Submit tips on different topics via left sidebar Contact Form.

Note: Only a member of this blog may post a comment.