Resolutions To Do Business Globally in 2008

Hope you had a very Merry Christmas and that these resolutions I wrote about for Small Business Trends inspires you to take your business global in 2008!

Back with you in the new year. Enjoy.

What Rewards for the Whistle Blower?....1/03

Saw an article about an Atlanta Hospital which settled with the government for $26 Million in order to avoid charges of Medicare fraud.

The whistle-blower, a former employee, collected almost $5 Million.

One of the charges in the lawsuit is that I accused PRMC of Medicare fraud. A comment said that it cost the hospital over $250,000 to clear itself during an audit. If that money was paid to the government, isn't that like deferred prosecution? You're guilty, but they just want you to clean up your act? They don't say that a hospital is guilty, but you can draw your own conclusions....

I didn't actually accuse the hospital, but one might characterize a guilty conscious as being overly sensitive...and you wonder if someone pocketed about $45,000!!!

RBN – New and Improved Storm Botnet for 2008

Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.

Many will now have already seen reports of the Storm Botnet outbreak which started on December 24th “MerryChristmasDude” with good write up at ComputerWorld and for technical details at ISC Sans or HolisticInfoSec (links on footer). This picture is changing rapidly and by December 26th there were new web sites “Uhavepostcard” , “HappyCards2008” and no doubt more to come over the next few days.


Three of the key web sites have the following registrant information, all registered via “ANO REGIONAL NETWORK INFORMATION CENTER DBA RU (Russia)” in chronological order:
Domain Name: MERRYCHRISTMASDUDE.COM - Creation Date: Nov 27 2007
Domain Name: UHAVEPOSTCARD.COM - Creation Date: Dec 23 2007
Domain Name: HAPPYCARDS2008.COM - Creation Date: Dec 26 2007


The key objective for the RBN is to rebuild the Storm Botnet which is shown in various reports over the last few months, from a few million enslaved PCs to more recently a few 100,000’s. One can only further guess as to what the RBN’s main goal is to use a rebuilt Storm Botnet for, e.g. earlier DDOS (Denial of Service attack) on Estonia.


There are some interesting elements concerning which make this attack innovative:

# Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake” BlogSpot (Blogger) links for example on a small sample;

hxxp://dantipXXXX.blogspot.com/?soapwerzpordeecaspewtkk153trajspeak hxxp://isakovkapitonXXXX.blogspot.com/?harkwerzpordeecaspewtkk153trajfloor

The common part of the suffix is “pewtkk153traj” which redirects to Geocities web sites and then a further redirect to the Storm exploit domains.


# Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic” format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.


# The fast-flux technique used to avoid detection in this case is actually “double-flux” characterized by multiple nodes within the network registering and de-registering their addresses (see sample maps below taken within one hour periods and show the fast-flux DNS changes). It is also safe to say this newer Storm Network has now also has improved defense mechanisms, if examined too closely.

Computerworld - Storm Worm Christmas
Computerworld - Storm New Year
ISC Sans - Anticipated Storm
HolisticInfoSec

A heart attack at PRMC's Emergency Room....8/9

I received this as an email which had the patient's name and a lot of additional information as to his identity. I suggested that he consider it carefully and he agreed to my removing overt identification. However, I'm sure that his friends and the hospital personnel know who he is and who they are.

On the morning of Aug 1, 2005, I awoke about 4am at home with severe chest pain. It was an intense pain I had never had before.

Heartburn is something I almost never have, but I got up and chewed a couple of Alka-mints. The pain did not go away and seemed to gain intensity, so I woke my partner, significant other or whatever you want to call him. We have been living together for over 33 years and we have lived in ____ 22 years. He is also an ex-EMT basic. He had me lie down and administered oxygen. This helped a little bit, but I still had chest pain and trouble breathing. We decided I needed to go to the ER in Paris.

He drove me there and we arrived at 5:46am. Once in the ER, I sat at a desk while a nurse took my name, address, etc. and finally I was laid down and hooked up to a monitor with my blood pressure all over the chart and pulse as low as 37. When my pulse dropped below 40, an alarm went off and no one came in. I had to tell the nurse that it had gone off. She just looked at me with a blank look on her face.

Over several hours, I was given an Xray, an ECG and had blood drawn. I was left unattended all of the time while they worked on a couple of more patients that they said were critical. I was there forty-nine minutes before I was given nitro several times with no let up of chest pain.

I was never given any aspirin or any other drug of any kind. I was never asked if I had a history of heartburn or upset stomach. Dr Hobbs came in only once for a very short visit. He never listened to my heart or lungs or asked any questions about my history. My partner was in the room with me when asked by nurse Debra Crews who he was. He replied that he was my significant other.

After that statement, the atmosphere seemed to change and I was left lying there with only occasional checks on the monitor. Thirty minutes after shift change at eight a.m., Dr. Rowe came and stood in the door. He said I had GERD and gave me a prescription for a prev-pak ($300). He said my sugar level was high at 146. I asked what should it be and he said "140". Then he sent me home.

All the time Dr. Rowe was in the room he didn't come near me. He never examined me or listened to my heart and lungs. He never asked me any questions or medical history. I went home and the chest pain mostly went away late that afternoon. This visit cost the VA over $2,500. I believed the doctor and thought I had GERD.

The rest of the week was spent in agony. My arms hurt, my legs hurt, I couldn't eat, my blood pressure stayed very low and averaged about 70/50 which is really not enough for kidneys to work properly. By Friday morning, August 5th when I went to Bonham to the VA clinic, my blood was toxic and my heart in really bad shape.

They did an EKG and sent me by ambulance to the Bonham hospital to stabilize me before I was sent to Wilson N. Jones Medical Center in Sherman to the emergency room to be sent to a heart cath lab. There I had one stent put in and angioplasty. They left some blockages because I was on the verge of kidney failure, and more dye would have probably shut down my kidneys. I was told by the renal specialist that I came very, very close to death. Fortunately, I have good kidneys and passed the toxins quickly.

I was released on August 7th. Two days stay at the hospital in Sherman cost the VA $140,000. Later the next week, I was charged over $43 for a copy of my medical records from Paris Regional Medical Center to give to my VA doctor. There were no strips from the monitor in the ER in these records or doctor notes.

When I picked up the records, I asked if I was getting a copy of everything in my medical records and was assured that I was. The ECG in these records clearly showed abnormal heart functions.

On August 20th, I had chest pain and it felt as if I had a heavy weight on my chest. I called the Dallas VA hospital and was told to call 911 or go to the nearest ER. I told them I would rather take my chances on the road to Dallas than to go to the ER in Paris again. I went to the ER at the Dallas VA hospital and was admitted and had another heart cath on Monday, August 22nd. They put in another stent and more angioplasty. I was released on the 23rd with medications for my heart and will do follow-up in the cardiology clinic there.

I believe I was denied medical care for the heart attack I was having when I came into the ER at Paris Regional Medical Center for several reasons. First, I did not have the blank check of Medicare or Medicaid. Second, the personnel at the ER seemed to have no training in treatment of chest pain (heart attack) patients which is simply an aspirin and nitro glycerin under the tongue immediately. Third, Dr. Hobbs and Dr. Lowe acted like they really didn't care about me at all and neither listened to my heart, lungs or asked any questions and seemed to have no training in ER procedures.

I truly believe that if my heart attack had been diagnosed properly at the ER at Paris Regional Medical Center, I would not have gone through so much pain and agony and damage to my heart would have been minimal. By not treating me at all, Paris Regional Medical Center has taken years from my life and is liable for all medical expenses, ambulance trips, medicine and all other expenses incurred by the Veterans Administration clinic and hospitals.

So this is the organization that wants to put in a specialty Heart Hospital? Is this the same place that put up the signs for 'The Chest Pain Center'...and then didn't bother to inform the ER, nor staff appropriately?

And the gay issue...do all Essent hospitals have a problem with that? Personnel need to park their personal beliefs at the door. A patient is a patient is a patient...and they need your care. If you can't provide that, you need to get out of the medical field.

Yes, patients can have their own beliefs--and we have to respect them. That's part of the job. That's part of your training. 'First: Do no harm.' That includes 'by omission', as well.

Christmas 2007....1/18

As in the words of Tiny Tim (A Christmas Carol):

"God bless us, every one!"

Merry Christmas.....frank

World Greetings

One of the real joys of the holiday season is the opportunity to say thank you to all our readers and wish you the very best for the new year.

Our toast to you is this: Here's to taking your business global in 2008!

Interest Revived?....1/11

You wonder if Essent is back up on the block. Searches from several corporations that would seem directed towards that end. Even the Aussies appear back in play.

And, it would be a good thought: Buy low.

I have been thinking about the Essent finances. The first significant loss was with Crossroads. Their version of buy high and sell low. Now that happened prior to the blog, although I did mention in the postings around Nov.

Even before the blog got rolling, MVH had serious problems, and their gay rights lawsuit didn't help that a whole lot. I think the Lahey Clinic has positioned themselves well in any case.

Sharon Hospital just keeps on producing.

NVMC is keeping its head above water.

Southwest (odd how a corporation with a Texas presence names a hospital in PA "Southwest") has their own problems. The blog didn't seem to really catch on out there, but there are several loyal followers. They just needed a cash infusion for an update. Essent was part of the baggage.

Paris. Paris had its own problems. How Christus was bamboozled into buying Big Mac is beyond me. Maybe the bean counters really believed that two hospitals that were losing money combined would lose it half as fast rather than twice as fast????

The 'due diligence' conducted by Essent missed an awful lot, and Monty was burying as much as he could at that juncture. On paper, the facility looked good (doubling the corporate beds!)...and yes, there were savings areas that were obvious. But, the duplication of services, the number of properties, and the mind-set were essent-ially ignored. When they looked at it rationally, the building of a new facility at the North Campus might well be a fantasy--unless a non-competitive buyer (like the VA) could be found for the South, or a re-designated use (rehab, LTAC) that could stabilize costs could be found.

The cuts were to be expected. The problem is, few realized that. The community was used to a not-for-profit environment, that could deficit spend. The attitude was it doesn't matter what we lose, we'll still have jobs. Essent didn't dissuade that notion during the courtship, but then there is hammer time.

Possibly the way to have gone, was to have involved the community more. But they are in a fix. The heart hospital sounds good "on paper" (again), but the proximity of Dallas, with cheaper pricing and newer facilities, puts a hole in that. Advanced Heart has been directing patients that way for years.

What will play out? Who knows. The lawsuit that Essent is pursuing (you thought it was over????) has to show two things: One, my posts were false. Second, by circulating said falsehoods, enough credence was given that financial losses were incurred. They are hindered by a several things, history, common knowledge, and their own policies.

Global Small Business is BIG Business

Very powerful video.

A hat tip to the Women Presidents' Organization for turning us on to this clip.

A stat not mentioned in the video clip is that global small businesses play a HUGE role in global trade. They typically generate 29 percent of the U.S. export sales in a given year, and in 2005, they accounted for nearly $300 billion of the $906 billion generated by all U.S. exporters.

Here's our mantra for next year ... Get it straight in '08: Go Global!

RBN – $$$ - the retail payment systems

In an extension to analysis of the Russian Business Network (RBN) this is the first element of a series on RBN payment systems.


This article focuses on just one of the several payment systems for its “fakes” retail division i.e. isoftpay.com, this has been reported before namely the Sunbelt Blog (see links on footer) Oct 3rd 06 in the report on the rogue software, also more recently reported within 2-spyware on Dec 10th 07.

In exploring this node of the RBN’s organization it raises several areas of interest; the location(s) of internet operation, SSL and transactional base. Briefly by way of an introduction to later more in depth analysis malware revenue models, analysis solely of isoftpay does provide a starting point for some generalized assumptions of RBN retail revenue. Therefore as mentioned within earlier articles here on fakes and current analysis:

(a) Isoftpay serves as the payment point for such fakes as Bravesentry, and others.


(b) Secure. Isoftpay.com over the last 30 days (mid Nov – Mid Dec) received 187,750 direct unique visitors from the US.


(c) This tends to demonstrate approximately 25% of the unique visitors to those rogue software web sites go back to the payment site. As directed by the exploits downloaded from the “free” trial of the fake anti-spyware.


(d) On a reasonable assumption a high proportion of those directly visiting the secure payment area after downloading the exploit to make the purchase, say 75%, this would provide gross revenue of say $4 million per month from solely US visitors.


(e) As US visitors represent 17 – 40% of the world wide audience for such sites one can assume gross revenue as being in the region of $10 million / month, $120 million per annum.

A significant component is the SSL (Secure Sockets Layer) and certification the figure below shows the current certificate for Isoftpay.

The certificate appears legitimate unfortunately we have not as yet ascertained from Equifax or Geotrust whether it is a forgery, and if not, they should be able to inform us who the purchaser was.

Also of interest is the payment transactions and as site takes Visa and MasterCard, and further enquiries are outstanding as to who the revenues collected are paid to.

Finally as several victims have contacted the authors of this blog, and any transaction is fraudulent. No doubt Equifax, Geotrust, Visa and MasterCard will act swiftly to prevent further fraudulent transactions and ensure victims at least gain a return of their payments?

From the perspective of the RBN’s nodes of operation originally as noted by Sunbelt the IP address in Oct 06 was 69.50.168.101 - AS27595 ATRIVO. The figure below shows the current (Dec 19th 07) and a comparison with locations on Oct 28th 07, the actual only difference is the addition of name server (ns3.isoftpay.com) served from AS4837 CNC Group China. The other servers are some of the RBN’s usual suspects AS9930 TTnet Malaysia, AS4657 StarHub Singapore, and it goes without saying AS27595 Atrivo AKA Intercage, Inhoster, etc.

Below is shown in figures two IP and AS maps of the Isoftpay and related domains









References: Sunbelt 10/06 2-Spyware.com 21/07

Gambling Market Is Part Global

The United States has reached a deal with the European Union, Japan and Canada to keep its Internet gambling market closed to foreign companies, but is continuing talks with India, Antigua and Barbuda, Macau and Costa Rica, U.S. trade officials said on Monday.

Read more here.

Web Design and Marketing Solutions

At GlobeTrade, we make going global easy. In his new book, "Web Design and Marketing Solutions For Websites," Kevin Potts makes web design and marketing solutions simple. I wish we would have had this book on hand when we redesigned GlobeTrade!

Note: Globalization is covered briefly on Page 22.

Another Does Case....12/29

There is another aspect to the lawsuit. Essent does want to know who contacted me with 'tips'. Another 'Doe' case was in the media and finalized last year. That was the Apple vs Does, based on another blog and its sources.

May 26th, 2006

Huge Win for Online
Journalists' Source Protection
EFF Arguments Secure Reporters' Privilege for Internet News Gatherers

San Jose - A California state appeals court ruled in favor of the Electronic Frontier Foundation's (EFF's) petition on behalf of three online journalists Friday, holding that the online journalists have the same right to protect the confidentiality of their sources as offline reporters do.

"Today's decision is a victory for the rights of journalists, whether online or offline, and for the public at large," said EFF Staff Attorney Kurt Opsahl, who argued the case before the appeals court last month. "The court has upheld the strong protections for the free flow of information to the press, and from the press to the public."

In their decision, the judges wrote: "We can think of no workable test or principle that would distinguish 'legitimate' from 'illegitimate' news. Any attempt by courts to draw such a distinction would imperil a fundamental purpose of the First Amendment, which is to identify the best, most important, and most valuable ideas not by any sociological or economic formula, rule of law, or process of government, but through the rough and tumble competition of the memetic marketplace."

The case began when Apple Computer sued several unnamed individuals, called "Does," who allegedly leaked information about an upcoming product to online news sites PowerPage and AppleInsider. As part of its investigation, Apple subpoenaed Nfox -- PowerPage's email service provider -- for communications and unpublished materials obtained by PowerPage publisher Jason O'Grady. A trial court upheld the subpoena.

But Friday, the court said that O'Grady is protected by California's reporter's shield law, as well as the constitutional privilege against disclosure of confidential sources. The court also agreed with EFF that Apple's subpoena to email service provider Nfox was unenforceable because it violated the federal Stored Communications Act, which requires direct subpoenas of account holders.

"In addition to being a free speech victory for every citizen reporter who uses the Internet to distribute news, today's decision is a profound electronic privacy victory for everyone who uses email," said EFF Staff Attorney Kevin Bankston. "The court correctly found that under federal law, civil litigants can't subpoena your stored email from your service provider."

EFF worked with co-counsel Thomas Moore III and Richard Wiebe in this case.

For the full decision in the case.

For more on Apple v. Does: http://www.eff.org/Censorship/Apple_v_Does/

While this is a California case, if you will note, the our appeals court utilized the Cahill decision in their call.

Interesting Column By Thomas Friedman

A fascinating post by one of my favorite minds: Thomas Friedman. It's a little off course to our work here but once in a while you just to have go with it -- provided it's that good. And it is.

My Rights??....12/21

Had a comment tossed my way that set me a bit on edge:

That's all you have to say about the appeals court decision? How bout a shout-out and a way-to-go for the 6th court of appeals making a stand for your first amendment rights?

It isn't just my rights, it's everyone's. The court's decision was in line with what I had been saying, and the opinion was well within my comfort zone: That I had an expectation of privacy, that if sufficient proof was rendered, the privacy would be set aside, however, prior to that I would have a chance to refute the presented matters.

Maybe it is because I take it for granted that the opposite had me so riled. However, the ruling set things right and all's well with my personal corner of the judicial system.

Should Essent pursue the case? It's their right. But, with the legal commentary that I've received, and my lawyer's counsel, I really don't feel that the facts support an adverse judgment.

But that isn't Essent's goal. Their goal, through the whole matter, is disclosure of my identity and what recourse they might have outside the legal proceedings. Kind of who-are-you-and-how-can-we-make-your-life-miserable.

I'm criticized for bringing up Holly as an example, but she is a PRIME example of what Essent has done and is capable of. And, for merely being suspected of being me, several employees have been fired, or was that just used as a public excuse? IT functions have decreased with the centralized data management, so somewhat less experienced and knowledgeable staffing is required.

Contemplate this: What kind of a split can the Paris medical community sustain now? In their current state, what kind of fence-mending can Essent provide, or would they even try? Is this whole thing merely to cow possible dissidents?



So much for a corporate showplace.

Warming Up??....12/18

Well, Essent's boardroom is probably seeing a bit more reds in their color schemes, considering the ruling handed down on the appeal. For one of the more confusing documents (not that I disagree, of course), follow the link. The ruling isn't confusing (pretty much what I indicated, a Cahill based decision), the formatting is. Don't know what the problem with my browser is.

While there's not singing yet, she's warming up in the wings.

Demand for U.S. Products Abroad Outpaces Supply

Despite demand for American-made products abroad, small-business owners’ reluctance to export often means that their products do not find their way into global markets, trade experts told GlobalAtlanta.

Find out what the danger is in not going global here.

Keeping You at the Forefront of Global Small Business

What's really holding you back from going global in 2008? Probably a lot of things but most of all I suspect it's knowledge.

But if knowledge is power, why not harness it by reading these very insightful reports that shed light on international issues affecting businesses around the world?

I read them once, twice and even gave a talk about the amazing results in Atlanta on November 13th.

So don't let the length of the reports intimidate you. It's worth it to explore. Dig deep. After all, 95 percent of the world population resides outside the United States. Are you tapping into it to grow your business?

Read more here. Spread the word.

Burning Rubber....12/12

For those who are wondering why the appeals court is taking their time, let's run through some statistics:

62% of cases are disposed of with in 6 months.
25% in 6-12
13% in 12-24
0% longer than 24.

Realize these are last year's statistics, but will probably hold. What complicates this case are the issues involved. A 'constitutional' issue, a somewhat obtuse decision, and statutes that support neither.

So while we're spinning our wheels, they are turning and just need a little traction. What might render the case moot is if it outlasts Essent, and it would seem that that might be the case. Some in corporate are wondering if it will last a year.

Ever Wonder??....12/13

Do we wonder about the Essent Board of Directors? Who they are, what other companies they're involved with? It does become interesting. I was perusing the Business Week description of the Essent corporate structure (which is way out of date) and found the board members.

David Mayer -Jazz Pharmaceuticals
Ron Wolford -ForHealth Technologies
James Elrod Jr. -Vestar Capital
Bryan Cressey -Thoma Cressey
Steven Silver -GoldToeMoretz
Jeff Goldsmith -Cerner
Bryan Marsal -GoldToeMoretz

One tidbit noticed about Cerner--The CEO and the Board vice-Chairman have sold a net of 55,000 shares within the last three months. How much confidence do they have?

As for Essent--Connery has decided not to pursue the lawsuit against Essent for an early release of the money for his shares.

How To Dress Globally

Yellow in China is a don't and so is leather in India. Want to know more? Read Where Yellow's a Faux Pas and White is Death.

Who's Resumes are in Play?....12/9

You have to wonder...since Essent was Hud's baby, how many executives with the company had personal commitments from Hud, promises if you will, that were keeping them in place? Is Essent due for an outflow of 'talent'?

While Essent is shopping for a new CEO, they might peruse the other aisles as well.

Buying companies is like buying stocks: Some people buy on momentum, some buy when they figure a stock is at its lowest point. There was consideration a while back--when Essent was in its game. Now, however: How low can you go???

RBN – The Russian Business Network, Now and Then

Observing the Russian Business Network (RBN) this blog is pleased to introduce readers to a highly informative 70 page study of RBN by David Bizeul which you can download in PDF format in English (see links on article footer).

Figure 1 – RBN Offices
12 Levashovskiy Prospect.
197110 Saint-Petersburg, - Russia

The study provides extensive information and analysis on the background of the RBN; from its probable physical locations (see figure 1 for the RBN offices), Russian cybercrime, and one of the study’s conclusions is very telling, this blog wholeheartedly agrees with and also add international law enforcement.

“There are some countermeasures available but none makes sense for the home user or even companies. Only ISPs, IXPs and Internet regulators can help in mitigating the risks originating from RBN and other malicious groups.”

As with most investigation of RBN, including this blog, we are confined to retrospective analysis, however David’s RBN study is very important, as it provides a definitive image of the RBN just before they reorganized. This is crucial for authors of this blog and other researchers as it provides a comparative base for current analysis and RBN activity. For example within a very early article on this blog we described the Internet serving locations of a number of exploit and Rock phish, landing web sites. This can be seen in Figure 2 (click to enlarge) with the previous and current servers for these domains.

Interestingly AS36420 for the 75.125.89.178 IP address resolves to Everyones-Internet3 – for this and to show connection, this is the same route as shown on Castlecops for Lloyds TSB, Rock Phish (banking ID phishing).

The name servers shown for all in Figure 2, are our good friends, i.e. AS 27595 i.e. Atrivo, Intercage, Inhoster, Estdomains. With even more interest is the same name-server also hosts the following “fakes”.

e.g. - antispygolden.com, hitvirus.com, malwareburn.com, procodec.com, videohook.com, virusheal.com

These are purely a sample for this server, below are shown in Figures 3 and 4 the IP mapping as samples.

We hope this provides further examples of the RBN’s current well being, also to add we are pleased to announce in collaboration with David Bizeul we will provide an update for this RBN study, within the next few weeks.

Figure 3. Name Server Map example

Figure 4 - IP Map example

References and downloads:

David Bizeul - RBN Study here or here - Castlecops Rock Phish - Original RBN IP blog article

12 Days of Christmas in a Web 2.0 World

On the first day of Christmas,
my cool colleague sent to me
A tip to expand my business globally

On the second day of Christmas,
my cool colleague sent to me
Two social networks,
And a tip to expand my business globally!

On the third day of Christmas,
my cool colleague sent to me
Three Del.icio.us bookmarks,
Two social networks,
And a tip to expand my business globally!

On the fourth day of Christmas,
my cool colleague sent to me
Four YouTube videos,
Three Del.icio.us bookmarks,
Two social networks,
And a tip to expand my business globally!

On the fifth day of Christmas,
my cool colleague sent to me
Five Second Lives, ...

Read more here.

Networking Is Going Global

Whether you live in Kansas or Kuala Lumpur, networking is going global and many Chamber organizations in the United States are encouraging it. Why?

Sharing ideas on a regular basis helps support economic development, job creation and the marketing efforts of area cities.

But for many chamber organizations in Greater Kansas City, networking is going global.

The potential for tapping into huge overseas markets, including India and China, is becoming increasingly important for chamber members, particularly ones with expertise in the biosciences and information technology.

Read more.

Pakistan Repercussions?....12/17

With all the turmoil in Pakistan, the question becomes: How will this affect local healthcare if the political climate changes for the worse? We have several Pakistani physicians in our community, prime example is Doctor Hashmi.

The New England Journal of Medicine indicates: "Pakistan has contributed approximately 10,000 international medical graduates (IMGs) to the United States...." Only 300 have returned to the medically underserved country. Should there be changes in the relationship between the US and Pakistan, how will that affect those physicians currently in the country on resident alien or dual citizenship status? With those with a large portion of their wealth, or the majority of their family in Pakistan.

The new heart hospital, comes to mind. Speculation is all anyone can do without the facts, but that's probably what Essent is having to do as well. Assurances can only be based on the current situation, rather than a future one.

I would imagine that there will be no great changes, but one can never tell....

Awfully Quiet in Nashville....12/4

I figure that they're actually beginning to realize what Hud saddled them with. One scenario:

He bought hospitals that no one else wanted, but looked good on paper, tried to run "the big con" ala the Sting, and with him gone, things will probably fall apart.

He could sell the idea that the hospitals weren't profitable while they were being renovated. That renovation would take years. And years to start. Meanwhile, he could acquire some actually good properties (Muskogee comes to mind, as well as Weatherford) and borrow against the idea that his corporation owned five hospitals that they were willing to put money into. Sort of how they got Paris.

Or:

He actually believed that he could package a working system that would make the 15-20% return that he forecasted from bankrupt hospitals.

Your choice.

Small Businesses Going Global

Question: Why does the U.S. Small Business Administration, an independent domestic agency of the federal government, have an international trade mission?

Answer: Because doing business internationally is where future growth lies for many small businesses!

Read more here and be sure to get yourself a complimentary online copy of Breaking Into the Trade Game: A Small Business Guide to Exporting.

Separately, but related, be sure to check out our new Globe Tour (right side panel) on our blog!

RBN – Google Search Exploits

The Russian Business Network (RBN) has been busy again with a significant amount of loaded web search results which lead to malware sites as reported by Sunbelt.


The good news first is being able to precisely pin point the exploiters back to newer RBN core retail centers as previously exposed in this blog on Nov 8th 07 – i.e. iFramecash, myrdns, hostfresh, and AS 27595 i.e. Atrivo, Intercage, Inhoster. Also as reported this is the same end route as the Bank of India hack, fake anti-spywares and fake codecs.


The bad news is, as predicted and one of the probable reasons for dropping their RBnetwork IP ranges , the RBN is increasingly using botnet based fast-flux techniques (see Wikipedia) to hide the initial delivery sites behind an ever-changing network of compromised hosts i.e. "double-flux" nodes within the network registering and de-registering their addresses as part of the DNS SOA (start of authority) record list for the DNS (domain name server). This provides an additional layer of redundancy and survivability within the malware network as seen in the case of the fake codecs.


This particular web search exploit for the unfortunate end user can be shown as:

From investigation into the actual Trojan downloads this shows the use of the newer undistributed till now edition of MPack which includes a host of exploits including the scam.Iwin, keyloggers, DNS changers, etc. Despite the difficulty of tracking botnet fast-flux usage by detailed investigation of the specific domain name servers the details are as follows, with this information Google and other search engines should easily eliminate such a threat, and hopefully provides law enforcement with further evidence:


1 – The web search “fake” sites.

All researched in this exploit all these fake web search sites emanate from 2dayhost.com an apparent botnet based at AS8001 Net Access Corporation 1719 Route 10 Suite 318 Parsippany, NJ 07054. In the following sample of the domains and name servers involved at this stage: feidqaadppta.cn - igekqzeabkwz.cn - luewusxrijke.cn - zhvmizyycuzz.cn All were registered very recently on Nov 25th 2007 under Name Server: ns1.erik-kartman2.com and Name Server: ns2.erik-kartman2.com – also based at 2dayhost.com / AS8001 Net Access Corporation (please note despite the .cn the domains and registrant have nothing to do with China).

Figure2 – Fake search site map



2 – Victim Reception sites.

As mentioned earlier the “usual suspects” of iFramecash, myrdns, hostfresh, and AS 27595 i.e. Atrivo, Intercage, Inhoster, are responsible. The following 3 figures show the relationship (click on the pic to see full size):

Figure 3. Victim reception A




Figure 4. Victim reception B

Figure 5. Victim reception C

Hoping to Grow Global in 2008?

Better start planning now.

Essent should keep community informed....12/7

This is the first time I've seen the Paris News take a chunk out of the hospital:

Staff reports
The Paris News

Published November 26, 2007

Officials at Essent Healthcare, the parent company of Paris Regional Medical Center, need to keep this community informed of events such as a change in leadership at the top as happened earlier this month in Nashville, Tenn.

The Paris News became aware through a third party, and almost a week later, the companys founder, Hud Connery, had been forced to step down as chief executive officer by the companys board of directors and that Mike Browder had been named acting chief executive officer.

Essent public relations specialist David Jarrard did respond to a request for information for a Nov. 19 story, but an e-mail communications problem prevented us from receiving a response in time for that days edition.

Jarrards response was brief, stating the board of directors has a commenced a search for a permanent chief executive officer. He also said in the written statement that Browder joined Essent in 2001 as chief financial officer and that he served in a similar post for TMC HealthCare. From 1993 to 1999, Browder served as vice president of finance operations for Health Management Associates, Inc., where he was responsible for financial operations at 32 hospitals.

We should have received that information as soon as an event of this magnitude took place, not a week later and only at our request.

Members of our community should be kept abreast of what is going on with Essent. Paris Regional Medical Center is one of this communitys largest employers and serves the medical needs of the majority of our residents. In the past this newspaper has been supportive of our local hospital, but being left out in the cold about major events does little to help a relationship. After all, it is the responsibility of this newspaper to keep residents informed. A change in Essent leadership certainly warranted an immediate notification.

Actually, Hud's change in status happened in October. I posted the news on the 9th of November.

What If....12/8

Dux has been more than willing to say that he wants to get rid of those elements that Bitch, Piss and Moan at the hospital, but let's look at that....

His definition of bitching, pissing and moaning might be a bit different than ours. For one thing, those that are recognizing problems, and suggesting solutions are the ones that aren't saying, "That's not my job." Maybe administration would prefer that they were, but patients don't.

Housekeeping used a wax that was softened by the cleaning solution they used to mop it. It produced a sensation of sticking to fly-paper as you walked. Solution: Change the wax, or change the cleaner. The extra money spent would be paid back in public perception almost immediately.

An effective suggestion program can make the difference between red and black ink, but the opinion is anyone that doesn't believe that the moon is made of green cheese (admin's view), is a troublemaker.

Toyota is often cited as having one of the best suggestion programs of any corporation. They also had not laid off any employees since 1950 (not sure if that still holds true, but probably so.)

When you feel that your ideas do not fall on deaf ears, you are far more likely to feel appreciated for your efforts. As admin has found, complaints that you hear are backed 10 to 1 with those you don't. This blog could be a demonstration of that.

Complaints are opportunities (ironically, the link is about Vandy.) And the first part of a problem-solving process is to identify the problem. Those that don't appreciate that fact are doomed to failure.

Say the hospital did get rid of all those who have read or commented to the blog. Can you say, Ghost Town?

Best Countries for Global Business

The World Economic Forum (WEF) each year handicaps the economic-development race. The Global Competitiveness Report tallies 113 factors that contribute to an economy's competitiveness -- a buzzword that roughly boils down to how well a country is positioned to squeeze efficiency out of its businesses and attract companies and investment from abroad.

Components of the resulting Global Competitiveness Index range from the quality of a nation's roads to the independence of its judiciary to the incidence of tuberculosis to how easy it is to hire an engineer. Parts of the index are culled from official data; many others are drawn from a survey of 11,000 international business executives. This year TIME partners with the WEF to bring you in-depth data on 37 key countries at time.com/globalbusiness.

Note, this is different from what we reported October 10, 2007 on the World Bank's Doing Business 2008.

Rumors and Propaganda....11/26

Not quite the latest rumor, but it is said that former CEO W. Hudson Connery Jr. was walked from Essent by security and that he is under investigation for embezzlement (a possible criminal charge, forthcoming?) I'd say that it qualifies as not "not unfriendly". What do you think? I can't say that this is first, or second, or third-hand (can you say anonymous?), but you never can tell.

Remember, this is dealing with a capitalization of over $200 million dollars. How tight is the cookie-jar lid? (Note: The real financials from Crossroads were never made available to the CT officials when they were considering Essent's purchase of Sharon Hospital. That was mentioned in the decision summary.)

An aside: In searching for records on Connery and CT, I ran across a house owned by Hud and an Ann Moore. It would appear that Ann Moore used to be in the clique of former Governor John G. Rowland, who pleaded guilty to a corruption charge (his administration approved the Sharon conversion from not-for-profit to for-profit, first in CT). I can follow Ms Moore's career through the CT governmental positions she held, as a lobbyist, and to a law firm (UPDIKE, KELLY & SPELLACY, P.C), after which she disappears (career-wise), apparently not practicing. They even hired an attorney to prepare a variance for submission on the house.

Looking at Hud's replacement, Mike Browder's duty description caused another series of questions, see if you can find and answer them:

"Michael Browder joined Essent in 2001, and is responsible for all traditional corporate financial functions including routine reporting and capital structure development. In addition, he is responsible for information systems development, corporate risk management/insurance and detailed acquisition support functions, including due diligence."

Did you see? Corporate risk management, insurance, and due diligence. Responsibility for due diligence puts him in the hot seat for failing to recognize PRMC's shortcomings, insurance for the gay couple's lawsuit, and risk management for the go ahead on the actual Essent-Doe lawsuit. You wonder why he wasn't out the door before Hud....

The ABCs of Foreign Trade Zones

Manufacturers familiar with foreign-trade zones know the obvious benefits, namely no duties on goods exported from the foreign-trade zone (FTZ) and the deferral of duties until goods are moved outside the FTZ. But, according to Greg Jones, corporate secretary and senior consultant with Foreign-Trade Zone Corp., there are other key points to consider.

Read more here.

RBN – Fake Codecs

With the ongoing tracking of “fake” software websites related to the Russian Business Network (RBN) and their associates it is important to note the growth of the fake codec websites. A codec is a small program that's allows an operating system or a program to properly play audio or video in a particular format, e.g. MP3, WAV, Xvid, MPEG, Indeo and Cinepak.









Figure 1. Sample “fake” codec site - Gamecodec.com



This article is cumulative snapshot report based upon current and historical community reporting from; Zlob Watch (peki.blogspot), Sunbelt, and the excellent earlier work of Jahewi's Fake Codec Information (unfortunately last updated Jan 20th 07). The key issues are:

• Currently shown here (see fig. 2 below) 53 active, with the 60 earlier reported mostly dormant domains (see fig. 3 below) provides for a total of at least 113 “fake” codec web sites operational over an 18 month period. It would appear many of the active domains alternate on a regular basis from being non resolvable (apparently offline) to online.

• The prime exploits from these sites are (a) Zlob - shows fake error messages and silently installs fake anti-spyware products. (b) DNSChanger silently adds rogue DNS name servers to your PC or Mac. These name servers will resolve non-existing domains (typo-squatting) to IP addresses associated with the authors to generate revenue and could potentially re-routes traffic from legitimate web sites to other suspicious web sites. Ref peki.blogspot
  

Note: We should clarify that the Mac fake codecs are only for the DNS changing trojans and that not all the sites listed will spawn Mac stuff.

• These exploits are designed for Mac and Windows users; with the attack vector similar to the “fake” anti-spywares however the technique is varied by constantly emerging new domains but mostly to a singular web landing page interface.

• Most importantly all 113 domains are or were registered with Estdomains, similarly all of the active 53 domains in fig. 2 are hosted by AS27595 by Atrivo; AKA – Intercage, Inhoster, Cernal, etc. Also added should be AS 36445 a newer Autonomous Server apparently used by Cernal. For blocking purposes the following IP ranges should be incorporated:

64.28.176.0/20 AS27595 INTERCAGE
85.255.118.0/20 AS27595 INTERCAGE
85.255.112.0/20 AS36445 CERNEL

Figure 4 - Sample IP Map - Zerocodec