Intercage – Spam/Malware Friendly ISP Back Online


There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.

Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing IP addresses under the management of Intercage were hosting a number of sites engaged in phishing, malware propagation, and other illegal activities.

It’s a pretty bold move by UnitedLayer..but Intercage and their website is back online now.

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world’s cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer’s move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion’s share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

It looks like it’s going to hurt them with between a quarter and a half of their revenue coming from this one customer! They shouldn’t have put all their eggs in one basket, especially a malware ridden Eastern European basket.

I think Internet Exchanges and upstream providers need to be more vigilant about spam and malware propagation sites, if hosts refuse to sort the problem out – pull the plug!

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

“We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed,” said UnitedLayer COO Richard Donaldson. “And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)…then we will terminate them like we would any other client.”

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today’s law enforcement in overcoming a rat’s nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens’ best interests at heart.

There is definitely a potential for abuse here and it’s something that needs to be watched. More people need to take time to submit abuse reports, headers and IP addresses to the upstream providers, data centers and hosts involved.

Some may not know what the sites on their network are doing, some may actually be hacked, and some may be complicit with the spammers – but either way people need to report!

It’s an interesting story and definitely one to watch, let’s just hope no-one starts to abuse this with RIAA take-down notices etc.

Source: The Register

Posted in: Legal Issues, Malware, Spammers & Scammers

, , , , , ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


4 Responses to Intercage – Spam/Malware Friendly ISP Back Online

  1. Morgan Storey October 7, 2008 at 4:56 am #

    Anyone got a list of their ip blocks… drop x.x.x.x/16 :)

  2. terrery October 7, 2008 at 11:44 am #

    ”There is definitely a potential for abuse here and it

  3. Morgan Storey October 7, 2008 at 10:35 pm #

    If intercage is anything like the previous Russian Business Network, it will take these reports of abuse and file them straight in the bin.

  4. SpikyHead October 8, 2008 at 12:45 am #

    @terrery
    “i strongly believe if someone notice abuse of website