[odeo=http://odeo.com/audio/19430393/view]

This is a comment feedback show.
This is a clarification and expanasion show. It is a light hearted look at some of the big questions.
Topics covered:
RBN
Cooper
Terence Mckenna
The two Tara's
reply to comments

http://theinfounderground.com/ftp/lav/

NOTE: The show is also called the grabbage show

This is a comment feedback show.
This is a clarification and expansion show. It is a light hearted look at some of the big questions.
Topics covered:
RBN
Cooper
Terence Mckenna
Chem Busters
The two Tara's
reply to comments

http://theinfounderground.com/ftp/lav/

RSI’s Themes:  From the ETF world, RSI continues to pick energy, materials and Latin America.  Its stock picks also favor materials, mining and energy.  Pretty good agreement.  No falling knife candidates for today.

ETF/CEF Medium Volatility:

• ILF - Latin America 40 Index iShares
• IYE - Energy iShares
• VAW - Vanguard Materials VIPERs

Stocks Medium Volatility:

• ABB - Abb Ltd.
• ATN - Atlas Energy Resoucres LLC
• CCK - Crown Holdings Inc.
• CEDC - Central European Distribution Corp.
• FCX - Freeport McMoran Copper&Gold
• GTI - GrafTech Intl Ltd.
• PDA - Perdigao S.A.
• PX - Praxair, Inc.
• RBN - Robbins & Myers, Inc.
• SBS - Companhia de Saneamento
• TGB - Taseko Mines Ltd.

Stocks High Volatility:

• AKS - AKSeel Holding Corp.

New stock for RSI:

Companhia de Saneamento Basico do Estado de Sao Paulo provides water and sewage services in Sao Paulo. The company was founded in 1954 and is headquartered in Sao Paulo, Brazil.

]]> http://rsietf.wordpress.com/2008/04/15/a-nice-but-modest-up-day-rsi-likes-gold/ Wed, 16 Apr 2008 05:40:07 +0000 Marlowe Cassetti http://rsietf.wordpress.com/2008/04/15/a-nice-but-modest-up-day-rsi-likes-gold/ Today in the market, Tuesday April 15, 2008:  Happy tax day..but let's not break out the champagne yet.  The market ended the day up in rather subdued fashion.  All the major averages were about 1/2% up.  Nothing spectacular, but we will take gains.

RSI’s Themes:  RSI's only ETF/CEF is a real asset fund with a majority of its holdings in metals and mining.  Its stock picks also lean in this direction so I have to declare that RSI's theme is mining and in particular gold.

ETF/CEF Medium Volatility:

• BCF - BlackRock Real Asset Equity Trust

RSI has picked this fund in the past and again likes it now.  This CEF sports a PYE of -14.89/6.32/1.08.  Not bad numbers especially when you figure RSI is picking it for its technicals and not these other numbers.  It is heavily weighted towards metals/mining, oil & gas & consumable fuels, energy equipment and chemicals.  It is invested in the US about 46% and the rest international.  This looks great to me.

Stocks Medium Volatility:

• FDP - Fresh Del Monte Produce
• GNA - Gerdau AmeriSteel Corp.
• ITG - Investment Technology Group
• NHP - Nationwide Hlth Prop, Inc.
• RBN - Robbins & Myers, Inc.
• STR - Questar Corp.

As an aside, RSI has been repeatedly picking Del Monte for the past few months.  That a great performing stock.

Stocks High Volatility:

• GOLD - Randgold Resources Ltd.
• ISRG - Intuitive Surgical, Inc.

The new stocks for today are:

Randgold Resources Limited engages in the exploration, mining, and development of gold deposits in Africa.  Randgold was founded in 1995 and is based in St Helier, Channel Islands.

Nationwide Health Properties, Inc. operates as a real estate investment trust (REIT) that invests primarily in healthcare-related senior housing and long-term care facilities in the United States.  NHP pays a yield of 5.10%.

Sorry for the late post tonight, but it is posted prior to market opening....right?

Ron Paul was a guest on Coast To Coast AM with George Noory from 1 - 2 AM on March 25, 2008. During questions a disingenuous Neocon named Joe called in to ask Ron Paul about his supporters believing in "conspiracy theories". This was similar to what CNN did during the debates.

Ron Paul answered and said while he did not believe the Government did 9/11 he was not satisfied with the investigation and would like a new investigation into 9/11.

http://www.youtube.com/watch?v=OumAnh8oWbU

"UNPO condemms the draconian Chinese response that has led to substantial loss of life and countless detentions and beatings, and calls upon the Chinese authorities at all levels to enter into a constructive dialoque designed to end the violence and promote a return to peace within Tibet as soon as possible"

And since every Keylogger needs a Server, guess where the Server is located! Damm right: In China!!! xsz.8800.org, this server is allready quite known by internet security specalists: "8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks."(F-Secure)

And that's not it! There many more of these attacks going on right now! All of them have in common that the sender adress is spoofed to look like a trusted party and that they all have an infected file attached to it that has something to do with Pro-Tibeteriasm.

I do not know, if this is the doing of (recently growing) chinese intelligence services, some other politically/economically driven party or rouge black hat hackers (the later seems quite unlikely though). I guess, the chinese government wouldn't hinder anyone doing just this kind of stuff. The fact, that this is acutally happening should be enough, to cause an international outcry!

There is another thing, that really concerns me: The Russian Business Network (RBN), one of the worst areas in the Internet in terms of cybercrime recently shut down it's servers/lost connection to the rest of the internet. While there have been reports suggesting, the RBN re-opened it's doors, there are RBN-like structures arising on chinese ground - perhaps even financed by the RBN. At the same time, Chinese government recently decided to form a military cyber-unit and international govermental agencies see themselves confronted with acts of chinese reconnaissance and sometimes even attacks. Of course, they are not directly traceable to the chinese government, still...Many security specialists believe, that china is kinda seeking worldwide cyber-dominance. All this suggests, that China does have the ressources to stop those RBN-derivates but nothing seems to happen! What does this mean? Propably China even likes the RBN to gain a foothold in China so they can pretend to be rouge hackers while attacking...let's say the german Reichstag (as allready happend if I'm not mistaken). Of course, this is all a hypothesis, nothing real! But feel yourself warned: Secure your Computer! Hard times are to come!

Whoever it is, they are trying to spy on Pro-Tibetian groups and individuals. So if you get an unrequested mail by any party with any kind of attachement: double check, if the file is clean via antivirus-software and by sending (do not use the reply function but any known mail addy) a mail asking, if this mail really originates from the specified sender! Furthermore: Inform other Pro-tibetian Individuals/Groups of this new threat.

RSI’s Themes:  On the ETF/CEF there were just a few picks however we had a lot of stocks picks today.  Certainly the RSI theme favors energy, materials and technology. Tread lightly on some of these energy names since there is evidence that oil prices may have peaked, and despite what RSI thinks, I would use caution on the energy sector.

ETF/CEF Low Volatility:

• IGE - Natural Resources iShares S&P/GSCI Index Fund
• NPI - Nuveen Prem Incm Muni Fund
• VDE - Vanguard Energy VIPERs

Although these funds are rated low volatility they do jump around.  NPI is new to RSI so a few facts on this CEF.  Its YPE is 5.43, -7.52, 1.16, not bad numbers and the yield is tax free, but check with your tax advisor first.  The muni-bond market has been very nervous of late and its chart reflects the anxiety.

Stocks Low Volatility:

• STR - Questar Corp.

Stocks Medium Volatility:

• AKS - AKSteel Holding Corp.
• BAP - Credicorp Ltd.
• CHU - China Unicom Ltd.
• GEF - Greif Bros. Corp.
• GGB - Gerdau Usa
• HOS - Hornbeck Offshore Services Inc.
• NE - Noble Drilling Corp.
• ORCL - Oracle Corp.
• PEG - Public Service Enterprise
• ROS - Rostelecom
• UL - Unilever PLC
• WFT - Weatherford Intl

Stocks High Volatility:

• AAPL - Apple, Inc.
• RBN - Robbins & Myers, Inc.

There are five newbies on the stock list, so let's have a look at them:

Apple Inc. designs, manufactures, and sells personal computers, portable digital music players, and mobile communication devices, as well as related software, services, peripherals, and networking solutions worldwide.

China Unicom Limited, an integrated telecommunications operator, offers a range of telecommunications services in China.

Hornbeck Offshore Services, Inc., through its subsidiaries, provides offshore supply vessels (OSVs) to the offshore oil and gas exploration and production industry.

Noble Corporation provides various services for the oil and gas industry in the United States and internationally.

Questar Corporation operates as a natural gas-focused energy company.

Catch a Falling Knife:

I cannot believe this but there are 104 CFK funds on the list.  Too many to list tonight, but maybe later this week I will list them. 

Parting note, in yesterday's blog I goofed and said that it was Tuesday.  Not so, today is Tuesday.  Sorry for the slip.

RSI’s Themes:  In the ETF/CEF arena the theme was definitely consumer staples (a very defensive move), European, clean energy and utilities (again).  The stock selections favor foreign, telecom and energy. 

ETF/CEF Low Volatility:

• KXI - iShares S&P Global Consumer Staples Sector Index Fund
• XLP - Consumer Staples Select Sector SPDR

ETF/CEF Low Volatility:

• CEE - Central European Eqty Fund
• PBW - Powershares Wilderhill Clean Energy Portfolio
• UTF - Cohen & Steers Select Utility Fund Inc.

CEE and UTF are both Closed End Funds (CEF).  The utility fund pays a whopping 9% yield!  And it has good potential for appreciation back to the $28 level.  Take a look at this one.

Stocks Low Volatility:

• ACL - Alcon Inc.

Stocks Medium Volatility:

• BKC - Burger King Holdings Inc.
• BTM -Brasil Telecom SA
• CVD - Covance, Inc.
• GBL - Gamco Investors Inc.
• KPN - Royal Ptt Nederland NV

Stocks High Volatility:

• MBT - Mobil Telesystems
• RBN  - Robbins & Myers, Inc.
• VIVO - Meridian Bioscience Inc.

Today we have five new stocks as follows:

Burger King Holdings, Inc., through its subsidiaries, owns and franchises fast food hamburger restaurants.

Covance, Inc., a drug development services company, provides early-stage and late-stage product development services to the pharmaceutical, biotechnology, and medical device industries worldwide.

GAMCO Investors, Inc. together with its subsidiaries, provides investment advisory services primarily in the United States

Mobile TeleSystems OJSC, together with its subsidiaries, provides mobile cellular communications services in the Russian Federation, Ukraine, Uzbekistan, and Turkmenistan.

Robbins & Myers, Inc. and its subsidiaries supply engineered equipment and systems for various applications in energy, industrial, chemical, and pharmaceutical markets worldwide.

Catch a Falling Knife:

BGT - Blackrock Global Floating Rate Income Trust
DIM - Wisdom Tree Intl Mid Cap Dividend Fund
DLS - Wisdom Tree International Small Cap Dividend Fund
EFA - EAFE Index iShares
ETG - Eaton Vance Tax-Advantaged Global Dividend Income Fund
EWJ - Japan iShares
EWQ - France iShares
EWU - United Kingdom iShares
FCT - First Trust/Four Corners Senior Floating Rate Income Fund II
FEU - streetTRACKS Dow Jones STOXX 50 Fund
IBB - Biotech iShares
IEV - Europe 350 iShares
IJH - MidCap 400 iShares
ITF - TOPIX 150 Index iShares
IVW - S&P 500 Growth iShares
IWP - Russell Mid-Cap Growth iShares
IWR - Russell Mid-Cap iShares
IYZ - Telecom iShares
JKG - iShares Morningstar Mid Core Index Fund
MDY - S&P Midcap SPDRs
PWB - Powershares Dynamic Large Cap
PWC - PowerShares Dynamic Market Portfolio
SWH - Software Holders
TTH - Telecom Holders
VGK - Vanguard European VIPERs
VO - Vanguard Mid Cap VIPERs
VOX - Vanguard Telecommunication Services VIPERs
VVR - Van Kampen Senior Income

Some interesting stuff here, I found some funds of interest.  I'll be tracking them to see if there are some recoveries in the offing.  Remember the old adage, buy low and sell high?  Well here are some funds making new lows and maybe sometime in the future they will be higher....no guarantees.

These stocks are up in price and up in volume by:

ILMN +1,279%
EWI +825%
TNE +547%
NCR +535%
LOGI +405%
DOX +399%
PYZ +366%
UAUA +335%
RBN +333%
PGNX +303%
GHDX +281%
AKNS +240%
THOR +222%
DV +191%
NCMI +140%
IMCI +135%
VOLC +130%
ULBI +129%
GYMB +125%
AGP +125%

Then, it was last year when this trojan stand-out to the crowd of other competing malwares. A new variant arrived to users via email employing social engineering tactics to attract users in clicking the link to video. However, the video does not play successfully without installing the required codec. This tricky behavior persuades the user to install the fake codec - unknowingly, the user has just installed the malware!

The spurs of shares, free downloads, blogs and social websites has become a perfect time for Zlob to infiltrate networks. Evidently, the increasing domain names and clicks have been utility for Zlob to stay visible in search engines.

Yes, all of this works in Windows until late this year (November), this trojan crosses over to Mac specifically OS X. Suddenly, a list of domain names is capable to download installers both for Windows and Mac users. Domain names hosting Zlob fake codec for Mac user does not sleep, it stays online 24x7 and it’s increasing in numbers. It’s out there in-the-wild!

These sites are smart enough to check if you are running in Windows or Mac. Then, it gives you the right installer either in Windows Executable (EXE) or Disk Image (DMG) for Mac.

Who's behind Zlob? Let's investigate its network connection ...

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Web Site: http://codecdemo.com

A-->64.28.184.189--PTR->64.28.184.189-rev.cernel.net
NS-->ns1.codecdemo.com---A-->64.28.181.226--PTR->64-28-181-226-rev.cernel.net
NS-->ns2.codecdemo.com----A-->64.28.181.227--PTR->64-28-181-227-rev.cernel.net
MX-->10mail.codecdemo.com--A-->64.28.184.164--PTR->64-28-184-164-rev.cernel.net

NET ----> gw1.cernel.net [ 64.28.176.1]--> AS27595
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

There are some places in the world where life is dangerous. Internet has some dark zones too and RBN is one of them. RBN stands for Russian Business Network and it’s a nebulous organisation which aims to fulfil cyber crime.

This study aims to provide some enlightenment on RBN activities and tries to detail how they work. Indeed RBN has many constituents and it’s hard to have an exact idea on the goal of some of them and the way they’re linked with other constituents.
There are some countermeasures available but they don't make sense for home users or even companies. Only ISPs, IXPs and internet regulators can help mitigating risks originating from RBN and other malicious groups.

http://research-labs.net/news/13-Russian+Business+Network+study.html

http://www.bizeul.org/files/RBN_study.pdf

See you to the next post.. :)

Se c'è un caso in cui la parola "cybercrimine" è particolarmente appropriata è quello in cui rientra la banda di bravi ragazzi telematici di Russian Business Network, il provider di servizi di rete che dall'antica città russa costituisce la testa di ponte di alcuni dei peggiori attacchi e minacce attualmente in circolazione su Internet.

Ne parla diffusamente il Washington Post, che in un articolo mette assieme le poche informazioni disponibili pubblicamente sull'organizzazione e qualche indiscrezione degli addetti ai lavori. La conclusione? Senza regolamentazioni legali sopranazionali forti, RBN non potrà che continuare a prosperare.

Sarà ma la mia oramai implacabile curiosità mi porta a vedere di che si tratta. Sarà mai che riesco a trovare un hosting decente ;)

Prendo i miei appunti di "information gathering", che un giorno di questi devrò passare in formato elettronico necessariamente, e comincio a farmi un pò i fatti di questi tizi.

Per prima cosa un bel ping al loro dominio ci sta più che bene

ma qualcosa mi dice che non sarà una strada percorribile.

Fantastico, semplicemnete superbo ... il loro dominio viene distribuito con redirezione su di un indirizzo di localhost 127.x.y.z, ok questi non sono stupidi! Ma non demordo giocano con i DNS? Bene!

Dig (un tool un programma)

#dig @dns.cineca.it rbnnetwork.com SOA

Siamo una rete universitaria no? Allora facciamola questa ricerca applicata...

; <<>> DiG 9.3.4 <<>> @dns.cineca.it rbnnetwork.com SOA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58129
;; flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0
;; QUESTION SECTION:
;; rbnnetwork.com.              IN   SOA
;; ANSWER SECTION:

rbnnetwork.com.         3284    IN   SOA     ns1.rbnnetwork.com.
                                             support.rbnnetwork.com. 
;; AUTHORITY SECTION:
rbnnetwork.com.         3284    IN   NS      ns2.rbnnetwork.com.
rbnnetwork.com.         3284    IN   NS      ns1.rbnnetwork.com.
;; Query time: 16 msec
;; SERVER: 130.186.1.53#53(130.186.1.53)
;; WHEN: Wed Oct 17 15:33:17 2007
;; MSG SIZE  rcvd: 112

Perfetto, un DNS da qualche parte doveva pur rispondere, aggiungiamo un pò di magia (ANY al posto di SOA) alla query

rbnnetwork.com.  3600  IN  SOA  ns1.rbnnetwork.com.
                                support.rbnnetwork.com.
rbnnetwork.com.  3600  IN  NS   ns1.rbnnetwork.com.
rbnnetwork.com.  3600  IN  NS   ns2.rbnnetwork.com.
rbnnetwork.com.  3600  IN  TXT  "v=spf1 ip4:208.72.171.180 mx"
rbnnetwork.com.  3600  IN  MX   10 mail.rbnnetwork.com.
rbnnetwork.com.  3600  IN  A    127.0.0.1

Ops! I DNS sono come le portinaie sanno tutto.

Informazioni che ne tiriamo fuori:

• presenza di due NS server (ns1, ns2) rispettivamente con IP 81.95.144.3, 81.95.145.3
• con un reverse DNS (host -a $IP) scopriamo che 208.72.171.180 che fà riferimento a mail.4stat.org
• scopriamo l'arcano del 127.0.0.1, si vede chiaramente che fa riferimento ad un campo A puntato sul dominio
• mail.$DOMAIN e support.$DOMAIN puntano a 127.0.0.1 e sono tutti CNAME

Ora viene il bello. Finalmente siamo riusciti a tirare fuori da questo marasma degli indirizzi IP (molto vicini quindi presumibilmente appartenenti alla stessa assegnazione)

Whois (lasciamo all'immaginazione cosa fà)

#whois 81.95.144.3

Boom!

inetnum:   81.95.144.0 - 81.95.147.255
netname:   RBNET
descr:     RBusiness Network
admin-c:   RNR4-RIPE
tech-c:    RNR4-RIPE
mnt-by:    RBN-MNT
status:    ASSIGNED PA
country:   PA
remarks:   INFRA-AW
changed:   noc@rbnnetwork.com 20060620
source:    RIPE

Prime informazioni:

• L'intera classe di indirizzi assegnati ai tizi per il dominio specificato, ottima informazione per cominciare un test perimetrale (host by host)
• Finalmente la descizine dei tizi in questione (come se uno a questo punto non li conoscesse)
• Country: PA? Uhm vedremo!
• L'indirizzo email del NOC modificato nel giugno del 2006
• ...continua

role:       RBusiness Network Registry
address:    RBusiness Network
address:    The Century Tower Building
address:    Ricardo J. Alfari Avenue
address:    Panama City
address:    Republic of Panama
phone:      +1 401 369 8152
remarks:    Points of contact for RBusiness Network Operations
remarks:    ------------------------------------------------------
remarks:    Routing and peering issues:         noc@rbnnetwork.com
remarks:    SPAM and Network security issues: abuse@rbnnetwork.com
remarks:    Customer support:               support@rbnnetwork.com
remarks:    General information:               info@rbnnetwork.com
remarks:    ------------------------------------------------------
e-mail:     noc@rbnnetwork.com

continuiamo con le informazioni:

• Capito il PA di prima? Il tutto risiede (almeno sulla carta) a Panama
• La via corretta non è Alfari ma Alfaro (santo Google)
• Un numero di telefono (appena ricarico skype faccio una prova)
• Alcune email di contatto (fà ridere la report mail per lo spam abuse)
• ... continua

Finalmente gli admin-c ed i tech-c:

e-mail:    noc@rbnnetwork.com
admin-c:   JK4668-RIPE
tech-c:    JI424-RIPE
nic-hdl:   RNR4-RIPE
mnt-by:    RBN-MNT
changed:   support@rbnnetwork.com 20070304
source:    RIPE

Con qualche altra interrogazione ai database RIPE scopriamo che

• JK4668-RIPE si chiama John Kerch(finto sicuramente) il suo numero di telefono è +1 401 369 8152 e risponde a questa mail ripe@rbnnetwork.com
• JI424-RIPE si chaima Joseph Igopolo(finto anche lui?)il suo numero di telefono è +1 401 369 8152 (ma guarda un pò) e risponde a questa mail support@rbnnetwork.com (di sicuro un alias)
• ancora ...

% Information related to '81.95.144.0/20AS40989
route:     81.95.144.0/20
descr:     TcS Network
origin:    AS40989
mnt-by:    RBN-MNT
changed:   support@rbnnetwork.com 20060608
source:    RIPE

Vediamo con ultima cosa che tutta "la baracca" ICT degli RBN sembra essere gestita dalla TcS Network che fà capo sempre alle stesse persone.

Riassumendo

Qualcuno s'è preso la bega di star dietro a questa associazione che, senza sbilanciarsi può definirsi, a delinquere:

The Russian Business Network (also known as RBN) is a Russian Internet Service Provider based in St. Petersburg which is notorious for its hosting of illegal and dubious businesses, including child pornography, phishing and malware distribution sites.^[1]

The RBN has been described as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and immoral activities, with individual activies earning up to $150m in one year. Businesses that take active stands against such attacks are sometimes targetted by denial of service attacks originating in the RBN network.^[2] RBN sells its services to these operations for $600 per month.^[1]

The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.^[2]

Maggiori e più dettagliate informazioni qui

The attack initially reported by SunbeltBLOG, had reported that Bank of India's website was "seriously compromised" and attempts were made to load multiple pieces of malware which were different password stealing Trojans.

The attack was the handiwork of Russian Business Network (RBN), an underground criminal gang in Russia responsible for many attacks in the past.

Read rest of Bank of India's website now safe

Bank of India website has come under attack and is serving malware. The attack reported by SunbeltBLOG reports that Bank of India was "seriously compromised" and attempts are being made to load multiple pieces of malware.
Confirming the attack, senior security specalist, FSecure, Patrick Runald, says hidden iframe have been inserted on the front page of the site which is loading URL from another website. This file in turn uses three iframes to load three other URLs

Read More on Bank of India Breached