Saturday, May 28, 2011

RBN Targets Lady Gaga


Steroid marketers in the Russian Business Network have targeted pop star Lady Gaga.

This takes the form of brand/copyright infringement attendant with the creation of the following domains:

  • lady-gaga-romance.com
  • ladygagaromance.net
  • ladygagaromance.org
  • ladygagaromancefilms.com
  • ladygagaromancetips.com

On the face of it, these Lady Gaga domains appear to be the property of a Swedish marketing firm:

ladygagaromance.org
Reverse Whois:
"Ogelvy & Nielsen Ltd" owns about 19 other domains

Domain ID:D160903576-LROR
Domain Name:LADYGAGAROMANCE.ORG
Created On:11-Dec-2010 21:48:32 UTC
Last Updated On:10-Feb-2011 03:49:07 UTC
Expiration Date:11-Dec-2011 21:48:32 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com
(R27-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:DI_2144851
Registrant Name:Per Lundstroem
Registrant Organization:Ogelvy & Nielsen Ltd
Registrant Street1:12, Gammel Kongevej
Registrant Street2:
Registrant Street3:
Registrant City:Copenhagen V
Registrant State/Province:Bornholm
Registrant Postal Code:1610
Registrant Country:DK
Registrant Phone:+45.332565
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: contact@victorymarketing.info

LadyGagaRomanceTips.com is also Ogelvy & Nielsen Ltd (contact@victorymarketing.info)

Looking more closely, we can see that Ogelvy & Nielsen Ltd are a front:

victorymarketing.info is hosted on a server in Hong Kong with IP address 123.108.108.55:


victorymarketing.info    a     123.108.108.55
Hong Kong

The name server for victorymarketing.info is ns1.pranza.com.

Other domains with the same IP address and name server are:

abrahamwealthservices.com
fosassetmanagement.com
hsharpprivateconsultants.com
ivitamins.org
mail.abrahamwealthservices.com
mail.hsharpprivateconsultants.com
mail.pacific-escrow.com
mail.pranza.com
mail.pricelaw.com
mail.rainesecuritiesllc.com
ns1.pranza.com
pranza.com
pricelaw.com
rainesecuritiesllc.com
top.pranza.com
victorymarketing.info

ns1.pranza.com:
Domains using this as name server (8)

abrahamwealthservices.com
hsharpprivateconsultants.com
ivitamins.org
pranza.com
pricelaw.com
rainesecuritiesllc.com
roidgear.net
victorymarketing.info

pranza.com itself is shielded by privacyprotect:

Domain Name: PRANZA.COM
Registrant:
PrivacyProtect.org
Domain Admin (XXXXXXX@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676

pranza.com was registered through Directi:

Domain Name:    PRANZA.COM
Registrar:    DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Examining the other properties associated by DNS and IP address:

Domain Name:IVITAMINS.ORG
Created On:25-Mar-2005 09:25:39 UTC
Last Updated On:24-Aug-2010 13:46:11 UTC
Expiration Date:25-Mar-2012 09:25:39 UTC
Sponsoring Registrar:1API GmbH (R1724-LROR)
Status:OK
Registrant ID:RAI6113358-QAPX
Registrant Name:Rusnac Irina Anatoli
Registrant Organization:ICS Interland SRL
Registrant Street1:B-dul Stefan celMare, no. 169
Registrant Street2:
Registrant Street3:
Registrant City:Chisinau
Registrant State/Province:Chisinau
Registrant Postal Code:2004
Registrant Country:MD
Registrant Phone:+373.60305749
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:

ivitamins.org, based in Moldova, is an Internet marketer of anabolic steroids, human growth hormone, and the like, presumably manufactured by Balkan Pharmaceuticals SRL:

iVitamins Shop

Manufacturer:Balkan Pharmaceuticals. This product is human use licensed by law at GMP standards. More details on company website ...
www.ivitamins.org/product_info.php?products_id... - Cached - Similar
Show more results from ivitamins.org

iVITAMINS - Anabolic Steroids Discussion and Bodybuilding Forum

20 posts - 10 authors - Last post: Sep 19, 2006
Just to let others know,I had some damage occur during shipping and I-vitamins said they would ship a replacement.Exellent costumer service. ...
www.anasci.org › ... › News & Updates › Anasci Board Sponsors - Cached - Similar
Very Happy with Ivitamins.org
Reverse Whois:
"SC Balkan Pharmaceuticals SRL" owns about 1 other domains
Registration Service Provided By: IMENA.UA
Contact: +380.442010102
Website: http://imena.ua
Domain Name: BALKANPHARMACEUTICALS.COM
Registrant:
    SC Balkan Pharmaceuticals SRL
    Silviu Chiru        ()
    ul. N.Grehdesku 4
    Kishinev
    ,MD-2002
    MD
    Tel. +1.22503588
    Fax. +373.22503589


James McQuaid
EmergingThreats.net

Saturday, May 14, 2011

How To Disable WebGL

On May 11th, Swa Frantzen posted "Time to disable WebGL?" on the Internet Storm Center's Diary page (http://isc.sans.edu/diary.html?storyid=10867).  Dan Goodin also covered this story on the 11th: "New graphics engine imperils users of Firefox and Chrome" (http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/). 

Both articles point out that US-CERT has recommended that WebGL be turned off in browsers which support it (http://www.us-cert.gov/current/index.html#web_users_warned_to_turn).

The SANS piece mentions that in order to disable WebGL in Google Chrome "It needs the --disable-webgl argument on the command line".  After some testing, I have concluded that this only works once (i.e. in the browser session opened from the command line).  In addition, if you open the command window in the Run As Administrator mode, the command line argument does not work at all.

In order to disable WebGL on end user computers, it is necessary to change the target of every Google Chrome shortcut on a machine. 

To make this change in Windows 7:
1) right click the Google Chrome shortcut,
2) left click Properties,
3) click the Shortcut tab,and
4) change the Target to:
C:\Users\THEUSERNAME\AppData\Local\Google\Chrome\Application\chrome.exe --disable-webgl

This will not prevent users from creating a new WebGL enabled shortcut.


In Firefox 4.01, WebGL can be disabled by:
1) enter "about:config" in the address window,
2) scroll down to webgl.disabled and right click on it,
3) left click Toggle.

You can test your configurations by browsing to this site: http://www.webkit.org/blog-files/webgl/SpiritBox.html.  If the puppy appears in a rotating cube, WebGL is enabled.  If WebGL is disabled, you will see a photograph.

The WebGL extension designed to protect the GPU stack from exploitation, GL_ARB_robustness, has not been deployed by most GPU vendors.

Once WebGL is effectively sandboxed by Google and Mozilla, I will be happy to turn it back on.  Until then, the eye candy will have to wait.

Additional references:
    http://www.contextis.com/resources/blog/webgl/
    http://www.khronos.org/news/permalink/webgl-security

James McQuaid