23 July 2010 Related: Deteque page on the Conflicker virus: https://deteque.com/eyechart/ A sends: Avi Freedman, one of the ultimate Internet insiders, has teamed up with a fellow Internet Systems Consortium (ISC) member named Andy Fried (who is also a member of the FOP Grand Lodge and a former IRS investigator), along with the IRS itself, to unleash a stealth web-bot called the PhishMongers. Freedman and Fried have essentially privatized an IRS system called OFDP and started running it from a company called Deteque. This private company runs on Freedman's network, and the network of the ISC. Another government spying function contracted out. Freedman especially should be aware that running a web bot which doesn't identify itself or obey the Robots Exclusion Standard is improper. Avi and Andy are government spies. Block their networks from your networks: 198.186.194.0/24

198.186.190.0/23 198.186.192.0/23 If you have any balls, you can also try blocking the ISC: 149.20.0.0/16 ========================================================================== From my web logs: 198.186.192.44 - - [15/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1" 198.186.192.44 - - [16/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1" 198.186.192.44 - - [18/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1" No user agent string provided. ========================================================================== A little DNS probing: 198.186.192.44 -PTR-> ofdp-3.phishmongers.com. phishmongers.com. -TXT-> "v=spf1 mx mx:irs.gov ip4:198.186.193.197 ~all" 198.186.193.197 -PTR-> atom2.deteque.com. deteque.com. -TXT-> "v=spf1 mx include:aspmx.googlemail.com ip4:198.186.193.48/28 ip4:198.186.193.192/27 ip4:149.20.54.184 ip4:149.20.51.18 ip4:149.20.4.210 ~all" ========================================================================== What is the meaning of "ofdp-3"? "OFDP Mission. To reduce online fraud against the IRS and taxpayers." http://www.irs.gov/pub/irs-utl/online_fraud_detection_and_prevention.pdf ========================================================================== http://www.robtex.com/r/x?q=ofdp-3.phishmongers.com&odns=in+dns Ofdp.irs.gov is a domain controlled by three name servers at treas.gov. Two of them are on the same ... ofdp-3-lo.phishmongers.com ofdp-3.phishmongers.com ========================================================================== ARIN assignments: NetRange: 198.186.190.0 - 198.186.194.255 OrgName: Prescient Software, Inc. OrgTechName: Freedman, Avi OrgTechEmail: domains@freedman.net NetRange: 149.20.0.0 - 149.20.255.255 OrgName: Internet Systems Consortium, Inc. OrgTechName: Internet Systems Consortium NOC OrgTechEmail: noc@isc.org ========================================================================== http://krebsonsecurity.com/2010/03/dozens-of-zeus-botnets-knocked-offline/ "Andy Fried, owner of Deteque, a computer security consultancy in Alexandria, Va... a former cyber fraud investigator with the IRS." ========================================================================== Andrew H. Fried's former employers, via ZoomInfo: Internet Systems Consortium U.S. Department of the Treasury U.S. Treasury Department Bryan Cave LLP U.S. Internal Revenue Service ========================================================================== Fried is the Financial Secretary of the Fraternal Order of Police (FOP) Grand Lodge: Andrew Fried 5211 Ballycastle Circle Alexandria, VA 22315 http://swinefludc.wordpress.com/swine/fop/ ==========================================================================