one person's caching name server had been told that www.networksolutions.com's "A" record was that of ICANN's web server. the last person who did this sort of thing spent time in jail for it, so i'm not expecting anyone to claim credit publically this time. the current work is either a dark and stupid joke, or an attempt to discredit ICANN, or an attempt to prompt earlier deployment of DNSSEC. (while we plugged the particular hole used by eugene kashpureff a few years ago, it is widely known that DNS cannot be made secure from this kind of attack without new technology like DNSSEC.) if anyone who has a corrupted BIND server would dump its cache and send me the IP address that the corrupt A RR came from, i'd appreciate it (and i'll share it with CERT and the FBI.)