Finding the Registered Site Owner
Last week, I wrote "Needless to say 'easder1e.co.uk' is not owned by Microsoft. Instead, it's registered as being owned by 'Patrica Laycok, 12 low eggborough road, nr goole, DN14 0PJ United Kingdom'." That attracted a question: "In one of your future casts, will you explain how you found the actual owner?" Yes, I will.
I'll use an address that provides a better illustration, though. By the time I checked the address above (which had been used for a fraudulent Windows "update"), the site had been taken down and the name had been removed from DNS routing tables worldwide. In other words, except for the registration information, there wasn't much to see.
I started with a fresh example of the same message. This one offered a link at "nniujo.eu". The top-level-domain suggests the European Union, but who is actually the registrant and where is the website?
I normally start with the Domain Dossier function at Central Ops and ask for all information available. This returns a lot of information, far more than what is needed to determine the overall status of the domain, but I'll include it all.
Here's the result that I received:
Address lookup
canonical name | nniujo1.eu. |
aliases | |
addresses | 119.69.134.121 124.50.161.134 125.204.99.196 190.26.26.168 210.2.55.58 217.199.233.193 222.237.27.139 77.253.81.44 78.30.202.118 83.28.16.89 87.116.246.107 89.35.139.242 89.78.229.243 93.89.214.166 94.27.116.178 |
Domain Whois record
Queried whois.eu with "nniujo1.eu"...
Domain: nniujo1 Registrant: NOT DISCLOSED! Visit www.eurid.eu for webbased whois. Registrar Technical Contacts: Registrar: Name: HOSTWAY (DOMAINPEOPLE) Website: www.domainpeople.com Nameservers: ns1.sortyn.com ns1.asthomes.com Please visit www.eurid.eu for more info.
Network Whois record
Queried whois.apnic.net with "119.69.134.121"...
inetnum: 119.64.0.0 - 119.71.255.255 netname: Xpeed descr: LG Powercomm descr: 537-18,Bangbaedong,Seochogu, Seoul descr: ******************************************* descr: Allocated to KRNIC Member. descr: If you would like to find assignment descr: information in detail please refer to descr: the KRNIC Whois Database at: descr: http://whois.nic.or.kr/english/index.htm descr: ******************************************* country: KR admin-c: IM333-AP tech-c: IM333-AP status: Allocated Portable remarks: www.powercomm.com mnt-by: MNT-KRNIC-AP mnt-lower: MNT-KRNIC-AP changed: hm-changed@apnic.net 20080115 source: APNIC person: IP Manager nic-hdl: IM333-AP e-mail: ip@powercomm.com e-mail: security@powercomm.com address: 537-18 Bangbae-dong Seocho-gu SEOUL, 137-060 phone: +82-2-2086-5434 fax-no: +82-2-2086-5419 country: KR changed: hostmaster@nida.or.kr 20070103 mnt-by: MNT-KRNIC-AP source: APNIC inetnum: 119.64.0.0 - 119.71.255.255 netname: Xpeed-KR descr: LG POWERCOMM country: KR admin-c: IA469-KR tech-c: IM469-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: hostmaster@nic.or.kr source: KRNIC person: IP Administrator address: Bangbae-dong Seocho-gu SEOUL address: 537-18 country: KR phone: +82-2-2086-5935 e-mail: ip@powercomm.com nic-hdl: IA469-KR mnt-by: MNT-KRNIC-AP changed: hostmaster@nic.or.kr source: KRNIC person: IP Manager address: Bangbae-dong Seocho-gu SEOUL address: 537-18 country: KR phone: +82-2-2086-5935 e-mail: ip@lgpwc.com nic-hdl: IM469-KR mnt-by: MNT-KRNIC-AP changed: hostmaster@nic.or.kr source: KRNIC
DNS records
DNS query for 121.134.69.119.in-addr.arpa returned an error from the server: NameError
name | class | type | data | time to live | |||||||||||||||
nniujo1.eu | IN | SOA |
|
86400s | (1.00:00:00) | ||||||||||||||
nniujo1.eu | IN | A | 210.116.200.199 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 217.199.233.193 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 78.30.202.118 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 83.11.220.70 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 83.28.16.89 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 89.35.139.242 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 91.200.253.247 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 93.89.214.166 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 95.132.145.117 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 95.133.24.92 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 124.199.46.132 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 190.26.26.168 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 190.82.29.181 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 190.193.100.240 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | A | 210.2.55.58 | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | HINFO |
|
1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | NS | ns1.asthomes.com | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | NS | ns2.sortyn.com | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | NS | ns2.asthomes.com | 1800s | (00:30:00) | ||||||||||||||
nniujo1.eu | IN | NS | ns1.sortyn.com | 1800s | (00:30:00) |
Traceroute
Tracing route to nniujo1.eu [119.69.134.121]...
hop | rtt | rtt | rtt | ip address | fully qualified domain name |
1 | 1 | 1 | 1 | 70.84.211.97 | 61.d3.5446.static.theplanet.com |
2 | 0 | 0 | 0 | 70.87.254.1 | po101.dsr01.dllstx5.theplanet.com |
3 | 0 | 0 | 0 | 70.85.127.105 | po51.dsr01.dllstx3.theplanet.com |
4 | 0 | 0 | 0 | 70.87.253.9 | et3-1.ibr04.dllstx3.theplanet.com |
5 | 0 | 0 | 0 | 4.71.122.1 | te-3-4.car4.dallas1.level3.net |
6 | 11 | 1 | 1 | 4.69.145.116 | ae-73-70.ebr3.dallas1.level3.net |
7 | 33 | 33 | 35 | 4.69.132.77 | ae-3.ebr2.losangeles1.level3.net |
8 | 54 | 53 | 54 | 4.69.132.13 | ae-2.ebr2.sanjose1.level3.net |
9 | 51 | 53 | 53 | 4.69.134.214 | ae-72-72.csw2.sanjose1.level3.net |
10 | 46 | 46 | 46 | 4.68.18.75 | ae-11-79.car1.sanjose2.level3.net |
11 | 45 | 45 | 45 | 4.68.111.134 | dacom-level3-te.sanjose2.level3.net |
12 | 47 | 46 | 47 | 203.255.234.45 |
13 | 212 | 212 | 232 | 203.233.52.33 |
14 | 229 | 231 | 261 | 210.120.246.65 |
15 | 235 | 227 | 226 | 210.120.102.94 |
16 | 230 | 219 | 254 | 210.107.126.117 |
17 | 235 | 254 | 211 | 203.248.208.26 |
18 | 192 | 187 | 189 | 211.63.35.162 |
19 | 188 | 182 | 187 | 203.248.227.250 |
20 | * | * | * |
21 | * | * | * |
22 | * | * | * |
23 | * | * | * |
Trace aborted
Service scan
FTP - 21 | Error: TimedOut |
SMTP - 25 | Error: TimedOut |
HTTP - 80 | Error: TimedOut |
Further Research
Why is the registrant "NOT DISCLOSED"? That's because the EU registrar uses a CAPTCHA to ensure that the query is being posed by a real person. In this case, Central Ops cannot discern the registered name of the owner (which will probably be false, anyway) but it can tell me where to look (www.eurid.eu). Before I look there, let's see what Central Ops was able to tell me.
Look at the "Network Whois record". This reveals where the website is hosted. It is on a server in Korea. This section has contact information for the hosting company. I could send a message to the technical contact to report the problem, but it appears that the hosting company has already acted. The DNS Record query returned a name error, Central Ops wasn't able to ping the site, and the service scan reported an error on port 80 (used for Web traffic).
Although this could be the end of the road, I decided to post the query at www.eurid.eu. This registrar has code in place that makes it difficult to scrape the text off the screen, so here is a screen image.
A few things stand out in the EU whois result.
First, there's the date. I did this research on 25 Oct 2009. The domain name had been registered on 24 Oct 2009, just one day earlier. Every site must be new at some time in its history, but it's extremely unlikely that a brand new site will be used to distribute any legitimate security updates.
There's also the question of the address: "13953 sw 68th st" simply doesn't look like a European address. I've never been to Brussels, but a street address such as the one shown shouts "United States" to me.
Google Earth agrees. Brussels has streets with names such as Bergstraat and Elkstraat.
On the other hand, the telephone country code at least matches the claimed country. 32 is Belgium.
Microsoft is a large company with a substantial legal department. Do you think that said legal department would use a Hotmail address and type names in lower case?
Yeah, neither do I.
The instant I see a message such as the one used for this example, I know that it's a fraud because Microsoft doesn't notify users of anything by e-mail. For that reason, the entire exercise was unnecessary. But sometimes the fraudulent nature of a message isn't as clear and that's when the ability to use tools such as Central Ops, various registrars around the world, Google Maps, Google Search, and Google Earth can come in handy.
Drag Race! Windows 7 versus Ubuntu Linux 9.04
I've said that Windows 7 is fast, but that Ubuntu Linux is faster. I've also said how slow Vista was. During the 2 years I used Vista, start-up could take 5 minutes or more and sometimes the shutdown process ran for more than 15 minutes. Normal was more like 2 or 3 minutes for startup and 5 minutes for shutdown. The 2 operating systems I use regularly now are Windows 7 and Ubuntu, so I decided to stage a little drag race.
Here's how I set it up: The notebook computer has both operating systems on it. When the machine boots, the GRUB boot loader offers a choice of operating systems. That became my starting point.
I was looking for how long it took for the operating system to become usable, to load a word processor program, and to type the words "Hello World".
The other test was how long it was from the time I selected "shut down" until power was off.
I recorded the time test and you can listen to it:
PLAY AUDIO 4:10 (mp3 file)
The differences between Windows 7 and Ubuntu are significant, but not as profound as they would be had I run a similar test with Vista. Here are the times I obtained from the recording:
Start up | Shut down | |
---|---|---|
Windows 7 | 01:26.5 | 00:17.1 |
Ubuntu 9.04 | 01:00.2 | 00:01.6 |
Ubuntu loses a second or so in the start-up process because I must type my user name. On the notebook computer, there is just one user defined so I need only type the password. The password is the same for both operating systems.
Although it took about 25% more time to start Windows, open Word, and type "Hello World", this difference (26 seconds) is insignificant. The Windows shutdown can take considerably longer than what I've shown here because Windows installs updates as part of the shutdown process. In some cases, I've seen Windows 7 take 3 or 4 minutes to shut down, but I don't recall seeing the process take longer.
How's Windows 7 Working for You?
Most of the people I have heard from who are using Windows 7 like it, particularly those who have upgraded from Vista. But not everyone. It's not uncommon for savvy users to wait for SP1 to show up when Microsoft rolls out a new operating system, but this time that's probably not the best course of action.
Lots of computers are sold in the 4th quarter. I described last week one that I bought for use at home. Many more will be holiday gifts and they will come with Windows 7. The big question for a lot of people is whether to upgrade an existing computer. That depends on how comfortable you are with the implications of an operating system upgrade. This is not a step to be taken lightly and it's one that requires some homework.
I heard from listener Chuck Roderick, who described his experience:
I recently took the plunge and installed Windows 7. It really wasn't as bad as I thought it would be. I installed it on my Dell XPS 420 which was running Vista Home. I did all of my homework and made sure that I had installed all Windows updates that were needed and backed up my files, just in case. I installed the 32 bit system since it was an "overlay" install and off we went.
I had no problems whatsoever with the install and just thought that I would write and tell you and the other listeners my experience. It took about 2 hours for the process to be completed and with that said I wish Microsoft would employ a little bit more of graphic entertainment for those who set diligently by the computer ready to troubleshoot at the first sign of a problem.
I got the family pack which is for 3 computers under one roof (I have 2 and a spare, now) and for the price, WOW!
This is the first time I have ever done the upgrade to windows this early from the release date, Usually I wait with patience for all of the horror stories to surface from the testers and reviewers who run the beta tests and this time there were very few and of little concern about the OS.
Bill, thank you for the great job you do on TBWW providing us the information we want.
That's not the universal experience, though. A friend of mine who is definitely a tech-savvy person upgraded his HP notebook to Windows 7 from Vista and has had some significant problems with the installation. My preference, even if an in-place upgrade is possible, is to perform a fresh installation. That's almost always the path with the greatest opportunity for success.
Witch Oit Fir Typos!
My favorite keyboard, a Microsoft Natural Media keyboard, was wearing out. The arrow keys were sticking and no matter how much I cleaned the mechanical parts of the assembly, I couldn't get any improvement. I even tried a judicious application of WD40. No change. So I bought a similar keyboard, Microsoft's Natural Ergonomic 4000 keyboard. It's slightly different from the old keyboard, but that slight difference is enough to toss my fingers into a tizzy.
The most significant changes involved the Ins and Del keys. Neither is now where I expect it and I'm constantly hitting one of them when I want the Home or End key.
But some of the keys have changed in size, too, which means that the letters aren't quite where my fingers expect them. Now I often get an "i" when I'm expecting a "u". The Enter and Shift keys are smaller and for some reason this causes me to hit Enter rather too often when all I want is a capital letter.
I'll get used to it, but you (which was originally yoiu) may see more (nire) than the usual (isial) selection of typos while (whole) I retrain (retraon) my fingers.
On the plus side, the Microsoft Intellipoint software that runs the keyboard has many more features than the previous version. Among them, my favorite: The ability to turn off the CAPS LOCK key. That detestable hold-over from the days of manual typewriters is my least favorite key.
Windows 7 got to show off a bit when I loaded the software. A few seconds after the setup program started to load, I received a message from Windows 7: This application cannot be loaded because it does not operate properly under this version of the operating system. The message provided a link to the location where I could download the new version.
The installation was a breeze and, when I later plugged the keyboard in, all of the special features worked as expected.
Now if only I could accelerate the process of updating my fingers. This is going to be difficult because the Microsoft Natural Media keyboard at the office is still working just fine.
Short Circuits
Ubuntu 9.10 Slips onto My Notebook Computer
Last week, I mentioned Ubuntu 9.10, which was to become available late last week. It's now on my notebook computer and it appears to have brought some worthwhile improvements. I would be able to tell you more if the download had gone faster. Those who download new versions of Ubuntu during the first few days of a new release will often have to put up with modem-like download speeds. In this case, the result was worth the delay.
When it comes to upgrades, Microsoft still has a lot to learn from Ubuntu. When I started the computer and asked Ubuntu to check for program updates, it told me that a new version of the operating system was available. I could perform a standard update or a full upgrade. I decided on the full upgrade.
The updater started enumerating the new files that would be needed. As it turned out, the number of files needed was quite large.
Under normal circumstances, the download would have taken 15 to 20 minutes, but downloads are always slow for the first couple of days. After initially suggesting that the download would take 10 hours or more, the update process settled on 2 to 3 hours.
It was correct and, a couple of hours later the download ended. Then the actual update process started. By the time the upgrades (all 1000+ of them) had been installed and the system had rebooted, it was well past my bed time.
GRUB still shows version 9.04, but I expected that. I'll need to modify the text that the boot loader displays. The boot process has changed for the better. Instead of having to type your user name now, you'll see a Windows-like list of available user names. All you need do is select one and provide the appropriate password.
My recommendation continues to be that if you're at all comfortable with the idea of creating a dual-boot system, installing Ubuntu along with whatever version of Windows you're using is a good idea.
Spam King Sanford Wallace Ordered to Pay $711 Million to Facebook
Sanford Wallace is accused of massive spamming and hit with huge fines. He goes to court and promises to reform. Then he walks out of court and continues to earn the title "spam king". What does it take to put someone like this in a place where he cannot continue to flout the law?
In the latest trial, a California court awarded Facebook $711 million after finding that Wallace gained access to users' accounts and sent messages that claimed to be from them. In addition to the judgment, the judge in San Jose referred Wallace to the US Attorney's office for prosecution for criminal contempt of court.
It's about time!
In 2008, MySpace won a $230 million judgment against Wallace because of similar activities. Two years before that, he was fined $4 million because he ran a scam operation that infected computers with spyware.
Here's hoping that Sanford Wallace is sentenced to spend some time in prison.