The name “David Berg” returns three listings for the State of Minnesota, only one of which is within commuting distance of Golden Valley. However a search for David Berg, WebDirect LLC returns only the WHOIS data. This is very unusual for a person with an Internet-related profession such as agent for a domain registrar which suggests that the name is an alias.

GreyLogic did find a direct connection between WebDirect LLC and Nicholas Lidiaev, a well-known Russian criminal alias connected to hundreds of malware sites as well as the spear phishing attack against .mil and .gov employees reported in the 08 Feb 2010 issue of IntelFusion FLASH Traffic (IFT).

This is an abstract version. The complete article is available to IntelFusion FLASH Traffic subscribers.