Is anyone seeing large influx of Iworm.Swen &
Exploit.IFrame.FileDownloadMessage over the last few days. Im getting
over 200 a day, All for some reason addressed to me , very few to any
I seem to be the only one I know having this problem, I feel very
Matthew G Brown
B & R Holdings LIMITED
Nelson, New Zealand
DDI: + 64 3 544 9116
MOB: 027 4807731
If anybody finds a Cisco 2912 switch that's, cough, fallen off the back
of a truck, please sing out - we had one five fingered last night.
Ripped the rack of the wall, dropped the power, the whole nine yards.
Still, our none-to-bright crims took the cheap switch and left the rack
of far more valuable media convertors sitting above it, so I guess we
can be thankful for small mercies!
Thankfully, not a very common occurence.
-----BEGIN PGP SIGNED MESSAGE-----
VeriSign Sued Over Controversial Web Service
Thu September 18, 2003 09:13 PM ET
By Elinor Mills Abreu
SAN FRANCISCO (Reuters) - An Internet search company on Thursday filed a $100
million antitrust lawsuit against VeriSign Inc., accusing the Web address
provider of hijacking misspelled and unassigned Web addresses with a service
it launched this week.
(C) 2003 Hugh Lilly
Registered Linux User # 295486, register @ http://counter.li.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
Even ICANN has arisen to life and has asked Verisign to
suspend their sitefinder service. Will be useful to read
what their Security and Stability Advisory Committee says on
the wildcard issue.
----- Message Forwarded on 20/09/03 -----
From: George Kirikos <gkirikos(a)yahoo.com>
Subject: [ga] ICANN Advisory to Verisign: Voluntarily
Date: Fri, 19 Sep 2003 19:26:56 -0700 (PDT)
See the advisory at:
I doubt Verisign has the inkling to stop....
P.S. Sign the updated petition at:
I wasn't aware that there was any 'constant stream of spam' coming from
However - I've been following up since seeing your email the other day.
My understanding from the tech team is that we are on top of this and do
respond to such things - if you have previously tried to get us to take
action and nothing has happened, then I'd be keen to know about it.
Orcon Internet Limited - www.orcon.net.nz
Mob +64 (0) 21 366 666 / Wk +64 (9) 444 4414 ext 700
From: Tony Wicks [mailto:email@example.com]
Sent: Friday, September 19, 2003 6:25 AM
To: Liz Q
Subject: RE: [nznog] stream of Orcon spam
They don't respond.
From: Liz Q [mailto:firstname.lastname@example.org]
Sent: Friday, 19 September 2003 12:20 a.m.
Subject: Re: [nznog] stream of Orcon spam
Perhaps you should take it up with them,
I'm fairly sure they will be happy to find whos account it is and remove
On Wed, 2003-09-17 at 21:36, Tony Wicks wrote:
> Hi all, is anyone else seeing a constant stream of spam **again**
> from Orcon ?
> ( now added to "hosts.deny" )
> Received: from dbmail-mx1.orcon.co.nz (loadbalancer-VIP.orcon.net.nz
> by *removed* (8.12.8/8.12.8) with ESMTP id h8H63EcG011226
> for <*removed*>; Wed, 17 Sep 2003 18:03:34 +1200
> Received: from 22.214.171.124 ([126.96.36.199])
> by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP
> for <*removed*>; Wed, 17 Sep 2003 18:02:25 +1200
> Received: from uvd.cixzx.net (HELO jk0) ([188.8.131.52]) by
> id <2581790-60199> for <*removed*>; Wed, 17 Se
> p 2003 14:54:17 +0600
> Message-ID: <b-1$-f$oj422x(a)c9n.dl4l.2h3y>
> From: "Iris Oliver" <q2djix5co3u(a)eguo.com>
> Reply-To: "Iris Oliver" <q2djix5co3u(a)eguo.com>
> To: <*removed*>
> Subject: Develop a Larger Penis in Weeks
> Received: from dbmail-mx3.orcon.co.nz (loadbalancer-VIP.orcon.net.nz
> by *removed* (8.12.8/8.12.8) with ESMTP id h8H5UvcG011061
> for <*removed*>; Wed, 17 Sep 2003 17:30:58 +1200
> Received: from modemcable084.162-202-24.hull.mc.videotron.ca
> (modemcable084.162-202-24.hull.mc.videotron.ca [184.108.40.206])
> by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP
> for <*removed*>; Wed, 17 Sep 2003 17:29:45 +1200
> Received: from [220.127.116.11]
> by modemcable084.162-202-24.hull.mc.videotron.ca;
> Wed, 17 Sep 2003 00:27:00 -0600
> Message-ID: <u$1eo2yj-u36$gq(a)1sbkl8.s.c6l2y>
> From: "Brianna Avery" <25mypdms(a)gateway.com>
> Reply-To: "Brianna Avery" <25mypdms(a)gateway.com>
> To: *removed*
> Subject: *removed* male enhancement patch 3 qchywrehm
> NZNOG mailing list
This PC runs Linux. If you find a virus apparently from me, it has
forged the e-mail headers on someone else's machine. Please do not
notify me when this occurs. Thanks.
NZNOG mailing list
In message <Pine.WNT.4.55.0309172108560.696@den3>, Juha Saarinen writes:
>On Wed, 17 Sep 2003, Ewen McNeill wrote:
>> And if nothing else it's probably useful to have a single document to
>> wave at people saying "these are all the bad things you've caused by
>> doing this".
>That's been documented already, as in the 2day.com case.
To reinforce the "one list with which to beat people up", this post on
points out that Verisign are in an interesting position with HTTPS
access: not only do they have the wildcard DNS entry to draw traffic
their way (apparently consuming one AS and two /24s on the way past),
they've also got the trusted CA certificates to sign any SSL
certificates needed (on the fly if they wish).
The little "trusted site" closed lock on, eg:
is (amazinginly) a little less meaningful than it was before.
(I'm also amazed that, apparently, no one has registered that domain
name. It seems such an obvious one for the
aren't a bad (early) start at a summary of problems (from Tuesday).
Bob Gray wrote:
> On 19 Sep 2003 at 9:17, Antonio Broughton wrote:
> > So if i was to say "ihug.net" has bad data.... that will
> > mean ihug.net will get deleted also? :)
> More to the point if someone said that the nz record is
> Technical Contact:
> Name: ITS Operators
> Organization: The University of Waikato
> Address1: Private Bag 3105
> would that get deleted too?
InternetNZ has been trying to get that changed for, well
around four years now.
There has been many a fight with ICANN about them refusing
to update details for .nz zone despite it being inaccurate.
What was ironic was that one year their request for a
fee/donation didn't get through because they sent it to the
old mailing address which they had refused to change.
They have got more responsive of late and as I understand it
there is an attempt underway to get this final piece of
incorrect information fixed.
Antonio Broughton wrote:
> So if i was to say "ihug.net" has bad data.... that will mean ihug.net
> will get deleted also? :)
Who knows :-(
Looks like our record in the DomainDiscover database got screwed at some
time after we transferred 2day.com to them from Verisign.
In case anybody is wondering, Dan Halloran <halloran(a)icann.org> knows
who I am. As do most ICANN folk. So the NZ person who complained did
not tell us, nor did ICANN. That sucks.
Please find below here a report concerning inaccurate Whois data for
As you are aware, section 3.7.8 of your Registrar Accreditation Agreement
obligates you to take reasonable steps to investigate each such report you
receive. After you have completed your investigation and taken any
appropriate action, please record the disposition of this report by
submitting a Registrar Whois Correction Report at:
Thank you for your cooperation. If you have any questions, please feel free
to contact Dan Halloran <halloran(a)icann.org>.
ICANN Whois Problem Reports
Errors in Registrant Information:
No address or telephone number given.
Errors in Administrative Contact Information:
No address or telephone number given.
Errors in Technical Contact Information:
No address or telephone number given
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: 2DAY.COM
Whois Server: whois.domaindiscover.com
Referral URL: http://www.domaindiscover.com
Name Server: NS3.2DAY.COM
Name Server: NS1.2DAY.COM
Name Server: NS2.2DAY.COM
Updated Date: 22-may-2003
Creation Date: 24-oct-1997
Expiration Date: 23-oct-2004
This WHOIS database is provided for information purposes only. We do
not guarantee the accuracy of this data. The following uses of this
system are expressly prohibited: (1) use of this system for unlawful
purposes; (2) use of this system to collect information used in the
mass transmission of unsolicited commercial messages in any medium;
(3) use of high volume, automated, electronic processes against this
database. By submitting this query, you agree to abide by this
2Day Internet Limited
Domain Name: 2DAY.COM
Administrative Contact, Technical Contact, Zone Contact:
2Day Internet Limited
Domain created on 23-Oct-1997
Domain expires on 22-Oct-2004
Last updated on 22-May-2003
Domain servers in listed order:
2DAY INTERNET LIMITED
"Hell, there are no rules here - we're trying to accomplish something!"
Thomas A Edison