Referring to my previous post, here is the skinny on my Anti-Fraudulent Hot Dog Vendor Detector.

Well, hold on. I’m up to Version 2.0. Before I describe that, I really should explain Version 1.0. Here’s a theoretical average day in its life.  Bear with me, there’s actually something to be learned.

• 100 people walk past the fraudulent vendor’s hot dog cart
• 42 buy the bait
• 4 have their card numbers pilfered
• 0.2 notice strange charges on their next bill
• 0.06 bother to report it to their fraudulent hot dog vendor detective (me)
• After 33.3 business days I discern a solid pattern of 2 reports from my clientele, so I mention it to the neighborhood beat cop
• After 66.6 business days, the beat cop discerns a solid pattern of 2 reports from me, so he starts warning hungry-looking pedestrians

Believe it or not, this service was so effective that unimaginative copycats started coming out of the woodwork.  What the hell?  This left me no choice but to release Version 2.0, which has the following benefits over Version 1.0:

• this space intentionally left blank
  

See, a Fraudulent Hot Dog Vendor Detector can only get so good.  No matter how fast it gets at detecting bad guys, they always win by definition.   You can’t detect something that hasn’t happened.  At least at it pertains to hot dogs, which I’m guessing Heisenberg was not a fan of.

What hot dog eating pedestrians would really benefit from is a drop-dead simple way to identify which hot dog vendors are legitimate before they take the bait.  And what online pedestrians would really benefit from is a drop-dead simple way to identify which links and forms are legitimate before they click.

Yeah, I know what you’re thinking.  SiteAdvisor does that, right?  Let’s just say that their green checkmarks are more like black lies.  They’re derived from — get this — a blacklist they compile from scouring Web content.  The checkmarks don’t tell you what’s good — they tell you what’s not bad.

It’s time to blacklist the blacklists.  Or at least, put them in their proper place, meaning somewhere other than “state-of-the-art.”

Attention aux fausses pages d’Orange !

Un mail sous l’allure d’Orange redirige les clients sur une fausse page Web et invite l’utilisateur à donner ses coordonnés bancaires.

La page en question est sous l’adresse whoditty.com/logs/.

Prudence !

Selon F-Secure, le ver en question redirigerait les utilisateurs sur une fausse page Web imitant la banque ING Direct.

La page Web est hébergée en Lithuanie sous l’IP 92.61.38.16.

Le ver n’est pas très répandu, mais il est beaucoup plus dangereux que le ver Ikee.

Cela concerne les iPhones Jailbeakés dont le mot de passe par défaut n’a pas été changé.

Thank you India
Thank you providence
Thank you disillusionment
Thank you nothingness
Thank you clarity
Thank you thank you silence
from Thank U by Alanis Morissette

This week being Thanksgiving in the US and me being a wickedly sarcastic scamp here are some things that I would be thankful for. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 411 style phishing messages. So without further ado, here is a sampling of my favorites. The things I’m thankful for.

I’m thankful for long lost relatives that die and leave me obscene amounts of money.

Dear  Joseph Webster,

I am Ding Xiang Liang, barrister at law. A deceased client of mine, by name Mr. Andrew Webster, who here in after shall be referred to as my client, died as the result of a heart-related condition in November 2004. His heart condition was due to the death of all the members of his family in the Gulf Air Flight Crashes in Persian Gulf Near Bahrain Aired August 23, 2000 – 2:50 p.m. ET as reported on http://transcripts.cnn.com/TRANSCRIPTS/0008/23/bn.08.html.

I have contacted you to assist in distributing the money left behind by my client before it is confiscated or declared unserviceable by the bank where this deposit valued at $19.5 million dollars is lodged. This bank has issued me a notice to contact the next of kin, or the account will be confiscated. My proposition to you is to seek your consent to present you as the next-of-kin and beneficiary of my late client, since you have the same last name, so that the proceeds of this account can be paid to you. Then we can share the amount on a mutually agreed-upon percentage.

I am thankful for helpful bureaucrats that find millions owed to me that I don’t even remember.

Dear Beneficiary,

I am William Griffen, a senior staff with the World Bank fact finding & special duties office. I and the chief security officer (CSO) of this organization have arranged with an officer in computer section engineer Peter Uba to bring out part of your total pending payment sum amounting to US$10 million. Why we did this is because according to information gathered from the banks/security computer, you have been waiting for a long time to receive your money without success.

As I found out that you have almost met all the statutory requirements in respect of your pending payment, your problem is that of interest groups.. A lot of people are interested in your payment and those people are merely doing paper works with you and that explains why you receive fax and phone messages from different people everyday. Also we found out that some of the officials of the parastatals have been extorting a lot of money from you with the pretext of helping you receive your money. I can assure you that this may last for years yet nothing happens if you do not do away with those officers that you call your partners.

I am thankful for strangers who are so impressed with my integrity that they want to send me a fortune.

Dear   Joseph Webster ,

How are you and every member of the family? I hope they are fine? if so may almighty God continue to guide you and protect you in your entire endeavor.I am Mr Yester Koma a Liberian by nationality.

I got your contact through a Christian sister who told us that you are reliable and trust worthy person who can assist us in area of investment, though I did not disclosed to her then strength of what we have in our possession.

I am the eldest Son of Chief George Koma who was killed six years ago in the recent war at Liberia, by some political imgrates. Before he died he was the owner of Koma and sons Diamond Company in Liberia.

After the death of my father, I and my mother quickly rush into my fathers private warehouse and took away (Two trunk boxes One containing$20,million dollars , and the Second one containing 10kgs of Diamond) .

Friend, the two trunk boxes are now in a private security company near Lome Togo international airport awaiting shipment. Dear Sir, what we want you to do for us is to send us your Full name and address also your private phone number to enable me and my mother get all necessary documents needed to get the consignments delivered to your door step through diplomatic means.

I am thankful for dying strangers who seek me out to distribute their fabulous wealth to charities.

My last wish,

My Name is Mr. Abdul Raham,i am 57years old. Am a citizen of Saudi Arabia, but i am resident in Cayman Island. I was born an Orphan in 1952. I have no Father or Mother, and i have no Relatives.I struggled and Worked Hard and Almighty God blessed me Abundantly with Riches. I used to be a Dealer in Gold, Diamonds and Tantalite. I have no Wife but i happend to have a child of 5Yrs from my late Wife who happens to die of Cancer of the Breast. For 2 years now i am seriously sick. I have been diagnosed with Cancer which was discovered very late, due to my laxity in caring for my health. It has defiled all forms of Medicine, Right now I have only about a Year to Live, according to my Medical Doctor. I have not particularly lived my life so well since after the Death of my wife Four Years ago, as I never really cared for myself but the Business. Though I am very Rich, I was never Generous, I only focused on my Business as that was the only thing I cared for. But now I Regret all this as I now know that there is more to life than just wanting to have or make all the Money in the world. I believe when God gives me a second chance and heal me I would live my life a different way from how I have lived it.

Please i have sowed a seed for my healing; I have willed and given most of my properties andassets to my immediate Orphans childrens and as well as a few close Friends.I want God to be merciful to me and accept my soul and so, I have decided to give Arms to charity Organizations and give succor and comfort to the less privileged of the Tsunami Victims, as I want this to be one of the last good deeds I do on earth. So far, I have donated money to Some charity organizations. Now that my health has deteriorated so badly, I Cannot do this my self anymore. I once asked a close friend of mine to close one of my accounts in Saudi Bank and donate the money which I have there to charity organization and to the less Privileged in Bulgaria and Sudan-Africa he cashed the money but kept it only to himselves.

Hence, I do not trust him anymore, as he seem not to be contended with what I have left for him already. The last of my money, which no one knows of, is the huge cash of Twenty Two million(22 Million US DOLLARS) deposited in the Vault of a financial institution in Europe for Safekeeping. I want you to collect this deposit on my behalf and disburse thus 30percent of the total amount among the Mudslide Earthquake Victims in Asia, Hurricane Katrina, Hurricane Rita, Hurricane Wilma and for the less Privileged, 30percent for you for your time and efforts and 40percent for my only child for his upbringing as you will be responsible for his education,health and other activities.

So i need your urgent reply so that I will not have to go on sourcing for a credible person to handle this project, please if this is what you Know that you can handle kindly respond back to me with the information below.

I am thankful for lawyers who want to protect my fortune from my evil partner – neither of which I knew about.

ATTENTION: BENEFICIARY,

This is to bring to your notice about the due process of your outstanding contractual payment which was suspended by the Federal ministry of Finance thereby stopping the telex unit to pause the transfer of your contract fund to your nominated Bank Account. As a result of this development, verification conducted by the newly appointed Finance Minister inconjunction with the Newly Appointed Member of Presidential Board of Trustee on Debt Verification Panel to contact you and let you Know that your contract casefile has been endorsed for payment awaiting your confirmations.

In view of several efforts already made by us to contact you proved abortive. Based on the new Address submitted to this office on your behalf:

(1) My Office desks have just received a new contact address from Mr. Bill Carlton, to deliver your Payment into a new address as stated bellow: 100 Wellington Street West ,Suite 1200 ,Toronto , Ontario , Canada ,M5K 1J3 The Sum of 8.5 Million US Dollars (Eight Million Five Hundred Thousand USDollars) should be paid to Mr. Bill Carlton, as your beneficiary/Partner..

(2) Please,confirm to our Bank/Office if you have instructed Mr. Bill Carlton,to appoint an attorney/agent on your behalf thereby asking that he receive cashcall Remittance on your behalf as your Partner.

(3) It have come to our notice that you are being contacted by unauthorized individuals with respect to your contract/Inheritance payment but unfortunately this office is not aware of your unofficial dealings and warned that it is at your own risk.

(4) Please, also confirm if you have authorized Mr. Bill Carlton, To change your Residential Address to the following address stated below:100 Wellington Street West ,Suite 1200 ,Toronto , Ontario , Canada ,M5K 1J3We have decided to contact you for re-verification because we suspected that Mr. Bill Carlton, is trying to divert your money through the sworn affidavit to a new different address as your Partner Because of the fraudulent activities going around the globe, The World Bank and IMF advices the Central Bank not to contact you again regarding your Contractual Payment, which is why this Department (Foreign Fund Unit/Audit Department of the Dept Verification Panel Of Federal Ministry of Finance is now in charge of the Fund to be released to you through one of the Nominated Bank by World Bank and IMF.

Therefore, if you had not authorized Mr. Bill Carlton, to claim this Contractual Payment on your behalf as your Partner, Kindly get back to us with the down listed information requested for re-confirmation/verification and for fast and swift release of the Fund to you without any Further Delay.

I am thankful for politicians who urgently need my help with shady foreign real estate investments.

Hello, Webster

I am interested to acquire properties abroad, hence my contact with you. I wish to inform you therefore that I have the intention to invest a total sum US$65 million abroad on real estate. Kindly let me know your terms/conditions for my considerations.

Best regards,
Senator Kathleen.

I am thankful for soldiers who want me to help them smuggle funds out of Iraq.

Fellow Brother,

I hope my email meets you well. I am in need of your assistance. I am in the Engineering military unit here in Ba’qubah in Iraq, we have some amount of funds that we want to move out of the country. My partners and I need a good partner someone we can trust. Basically since we are working for the government we cannot keep these funds, but we want to transfer and move the funds to you, so that you can keep it for us in your safe account or an offshore account. But we are moving it through Diplomatic means, to send it to your house directly or a bank of your choice using Diplomatic Courier Service. The most important thing is that can we trust you? Once the funds get to you, you take your 30% out and keep our own 70%. Your own part of this deal is to find a safe place where the funds can be sent to. Our own part is sending it to you. If you are interested i will furnish you with more details.

Regards,

Sgt. Phillip Newman.

I am thankful for bankers who want me to be the lost heir to a fortune or maybe perform a wedding.

Dearly Beloved,

Let me start by introducing myself to you, I am Dr Stephen Annan, DirectorForeign Remittance Department, CITI BANK GHANA, Accra Head Office. I saw yourcontact during my private search in the internet and I want to believe that youwill be very honest, committed and capable of handling this transaction.

First, let me explain the source of this fund and what you are expected todo. A foreigner, late MR RONALD M. EBELING worked with the Ghanaian GOLD/MINERALRESOURCES COMMISSION and had a functional account with CITI BANK until his deathsome years ago. The deceased Ronald Ebeling banked with us and had a closingbalance as at 22nd November 2000 worth $8,000,000.00 (Eight Million U.S Dollars)

CITI BANK has been expecting any of his close relatives to make claim onthe fund since there was no record of any beneficiary stated in the depositoryagreement. Efforts have been made by the Bank Agents to get in touch with RonaldEbeling’s family or relative but to no avail.

Based on the perceived possibility of not being able to locate RonaldEbeling’s relatives, the management under the influence of our chairman and theboard of directors are making arrangements for the fund to be declared unclaimedand channeled to an unknown account. It is based on this fact, I have contactedyou to approach the Bank as the next-of-kin to Late Ronald Ebeling so that thefund will be released and paid into your account as the beneficiary/next-of-kinto the deceased.

But mostly I’m thankful that Google Translate isn’t any better than it is. Otherwise this stuff wouldn’t be nearly as amusing. So Happy Thanksgiving. So long and thanks for all the phish.

Hello Gabriel Iovino,

http://referer.us/1/UdBiS3
created by our free redirection service (http://referer.us/) and it redirects to http://planetchiltern.com/phpformgenerator/use/striker/form1.html
I checked this page and it looks NOT like a phishing webpage, it’s a sign UP page, not a sign in. Then I checked “planetchiltern.com” on McAfee SiteAdvisor, it says fine.

“vn27.9hz.com” seems a phishing site according to “phishtank.com“, however, I cannot open it.

Therefor, I will not remove the url or block the site, thank you for your email and understanding.

Best regards,

======= At 2009-11-22, 05:48:49 you wrote: =======

>—–BEGIN PGP SIGNED MESSAGE—–
>Hash: SHA1
>
>Greetings,
>
>The following URL on your network has been identified as redirecting to
>a Phishing webpage:
>
>!!Warning these URL(s) may contain live malware!!
>
>[url]hxxp://referer.us/1/UdBiS3
>
>Path to this URL was seen via these links:
>
>1. hxxp://vn27.9hz.com/
>2. hxxp://referer.us/1/UdBiS3
>3. hxxp://planetchiltern.com/phpformgenerator/use/striker/form1.html
>
>Here is the Phishing email with full mail headers:
>

>> Return-Path: <bintsann@staff.pccu.edu.tw>
>> Received: from relays.pccu.edu.tw (relays.pccu.edu.tw [140.137.16.12])
>> by smtp.xxx.edu (8.14.3/8.14.3) with ESMTP id nAKNEtMW017993
>> for <xxx@xxx.xxx.edu>; Fri, 20 Nov 2009 15:14:56 -0800
>> Received: from faculty.pccu.edu.tw (faculty.pccu.edu.tw [140.137.16.1])
>> by relays.pccu.edu.tw (Postfix) with ESMTP id 915E81CAD80;
>> Sat, 21 Nov 2009 07:14:50 +0800 (CST)
>> From: “bintsann” <bintsann@staff.pccu.edu.tw>
>> Reply-To: webmaster.team0@live.com
>> Subject: System Administrator
>> Date: Sat, 21 Nov 2009 07:14:50 +0800
>> Message-Id: <20091120231450.M94072@staff.pccu.edu.tw>
>> X-Mailer: OpenWebMail 2.53
>> X-OriginatingIP: 213.255.218.244 (bintsann)
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>> charset=big5
>> To: undisclosed-recipients:;
>> Content-Transfer-Encoding: quoted-printable
>> X-MIME-Autoconverted: from 8bit to quoted-printable by smtp.xxx.edu id nAKNEuee018002
>>
>> Your mailbox has exceeded the storage limit which is 20GB as set by your=20
>> administrator; you are currently running on 20.9GB,
>>
>> You may not be able to send or receive new mail until you re-validate you=
>> r=20
>> mailbox.
>>
>> To re-validate your mailbox please click the link below:
>>
>> hxxp://vn27.9hz.com/
>>
>> If the link above doesn=A1=A6t work please copy and paste the link below =
>> to your=20
>> browser window
>>
>> hxxp://vn27.9hz.com/
>>
>> Thanks Bintsann Staff, =20
>> System Administrator

>
>Should you feel you’ve received this report in error, please let us know.
>
>On behalf of the REN-ISAC Team,
>
>Gabriel Iovino
>Principal Security Engineer, REN-ISAC
>http://www.ren-isac.net
>24×7 Watch Desk +1(317)278-6630
>—–BEGIN PGP SIGNATURE—–
>Version: GnuPG v1.4.9 (MingW32)
>Comment: Using GnuPG with Mozilla – http://enigmail.mozdev.org/
>
>iEYEARECAAYFAksItKEACgkQwqygxIz+pTvlggCgsu4RXH6LfyMbZzGqpDxMX3xl
>CqAAn0WytQ9D5×4477RMHUmyOjhnDXxJ
>=i9YP
>—–END PGP SIGNATURE—–

= = = = = = = = = = = = = = = = = = = =

@referer.us
2009-11-22

This past week, I got a fax from Princeton Who’s Who.  Wow, why would my little start-up business get something like this.  You know the thoughts that go through your mind, “I must be doing something right, I have attracted attention of  Who’s Who for Princeton NJ who want to list me”  Excited about the progress, I printed out the form that I was to fill out and return. 

‘We are pleased to inform you that you and your business have been selected to be published for free in the 2009/2010 Edition of Princeton Who’s Who of Executives, Professionals & Entrepreneurs.’ Who me?  Wow… ‘On November 16th, your candidacy was approved.  Your prompt response is needed to ensure your correct information is published.  For accuracy purposes, please be sure to fill out the information below and FAX it back to 609-6132-5918 at the earliest opportunity.’  Boy oh Boy, that LinkedIn account must be working!!

Then it hit me.  It was faxed to ‘Owner/Manager’, not directly to me.  No mention of my name or my company name (Two Sisters Travel). Better Google it to make sure that this is legitimate.   Now my excitement is starting to wane.  Sure enough, this is a scam.

Apparently this isn’t so “free”. They get you to send them your information to get you interested and excited.  Then they contact you to upgrade to the “premier’ level but for a fee.  $876 worth of a fee.  Well, that just deflated this bubble. 

The reason why I’m blogging about this?  Just to get this out there as much as possible.  It just amazes me how there are such unethical people out there on the web who will stoop to any level to get what people work so hard to earn.  And unfortunately, people fall for it!  Some aren’t as lucky as I was and  have those bells and whistles go off until AFTER they give them their credit card information to pay for the “premier” level.  By that time it is too late!  And that all ripples down to the credit card companies, which we have recently found out, put it right back to the credit card holder who is now paying outrageous interest rates and crazy fees! (Oh don’t get me started on that! Who ever heard of making someone with responsible credit – pays on time, etc.,  pay a fee because they DO pay on time??)

Anyway, if this blog helps just one person not fall for this scam,  it is well worth the time that I have taken to write it.  Bottom Line, if it seems too good to be true, it probably is.  If you get a fax from Princeton Who’s Who (click on link below), toss it in the trash or shred it, and you will have saved yourself $800+. 

Princeton Who’s Who

On another subject, I will be cruising again from December 6-13th on NCL’s Jewel.  Hopefully this time, all will go well and I can blog from the ship and post my pictures from the cruise right away.  Keep your fingers crossed.  And please join me for my blogs from NCL’s Jewel, right here in 2 weeks time.

Talk to you then!

Consumer & Business Alert
This Is A Fraudulent Website
ScamFraudAlert.com Recommend That You
Do Not Conduct
or Transact Business With This Site

Address lookup

Domain Whois record

Queried whois.internic.net with “dom software777.net”…
Domain Name: SOFTWARE777.NET
Registrar: CHINA SPRINGBOARD INC.
Whois Server: whois.namerich.cn
Referral URL: http://www.namerich.cn
Name Server: NS1.CUERMORADS.COM
Name Server: NS2.CUERMORADS.COM
Name Server: NS3.CUERMORADS.COM
Name Server: NS4.CUERMORADS.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 20-nov-2009
Creation Date: 12-nov-2009
Expiration Date: 12-nov-2010

Last update of whois database: Sat, 21 Nov 2009 08:52:31 UTC

Queried whois.namerich.cn with “software777.net”…
DomainName : software777.net 

RSP: China Springboard Inc.
URL: http://www.namerich.cn

Name Server :NS1.CUERMORADS.COM
Name Server :NS4.CUERMORADS.COM
Name Server :NS2.CUERMORADS.COM
Name Server :NS3.CUERMORADS.COM

Status :clientTransferProhibited
Status :clientDeleteProhibited

Creation Date :2009-11-12
Expiration Date :2010-11-12
Last Update Date :2009-11-21

Registrant ID :V-X-64668-23345
Registrant Name :wang xia
Registrant Organization :wang xia
Registrant Address :beijingshichanghailu111hao
Registrant City :beijing
Registrant Province/State :beijing
Registrant Country Code :CN
Registrant Postal Code :234232
Registrant Phone Number :+86.010546236554
Registrant Fax :+86.010546236554
Registrant Email :dfdfddf2@sina.com

Administrative ID :V-X-64668-23345
Administrative Name :wang xia
Administrative Organization :wang xia
Administrative Address :beijingshichanghailu111hao
Administrative City :beijing
Administrative Province/State :beijing
Administrative Country Code :CN
Administrative Postal Code :234232
Administrative Phone Number :+86.010546236554
Administrative Fax :+86.010546236554
Administrative Email :dfdfddf2@sina.com

Billing ID :V-X-64668-23345
Billing Name :wang xia
Billing Organization :wang xia
Billing Address :beijingshichanghailu111hao
Billing City :beijing
Billing Province/State :beijing
Billing Country Code :CN
Billing Postal Code :234232
Billing Phone Number :+86.010546236554
Billing Fax :+86.010546236554
Billing Email :dfdfddf2@sina.com

Technical ID :V-X-64668-23345
Technical Name :wang xia
Technical Organization :wang xia
Technical Address :beijingshichanghailu111hao
Technical City :beijing
Technical Province/State :beijing
Technical Country Code :CN
Technical Postal Code :234232
Technical Phone Number :+86.010546236554
Technical Fax :+86.010546236554
Technical Email :dfdfddf2@sina.com
; Please register your domains at

; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “59.63.41.17″…
inetnum: 59.62.0.0 – 59.63.255.255
netname: CHINANET-JX
descr: CHINANET Jiangxi province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: JN113-AP
remarks: service provider

status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-IP-WWF
changed: hm-changed@apnic.net 20050208
source: APNIC

role: JXDCB NET

address: DATA COMMUNICATION BUREAY
address: NO.39,YANJIANG NORTH ROAD,NANCHANG,JIANGXI
country: CN
phone: +86 791 6730586
fax-no: +86 791 6707755
e-mail: hostmaster@public1.nc.jx.cn

trouble: send spam reports to hostmaster@public1.nc.jx.cn
trouble: and abuse reports to hostmaster@public1.nc.jx.cn

admin-c: XY1-AP
tech-c: WZ1-CN
tech-c: WW49-AP
nic-hdl: JN113-AP

remarks: http://www.online.jx.cn
notify: hostmaster@public1.nc.jx.cn

mnt-by: MAINT-IP-WWF
changed: hm-changed@apnic.net 20020812
source: APNIC
person: Chinanet Hostmaster

nic-hdl: CH93-AP

e-mail: anti-spam@ns.chinanet.cn.net

address: No.31 ,jingrong street,beijing

address: 100032

phone: +86-10-58501724

fax-no: +86-10-58501724

country: CN

changed: dingsy@cndata.com 20070416

mnt-by: MAINT-CHINANET

source: APNIC

DNS records

DNS query for 17.41.63.59.in-addr.arpa returned an error from the server: NameError

– end –

Listed Domains registered at CHINA SPRINGBOARD INC.

Domain Date/Time Added

#1 orgarnuveros.net Sat, 21 Nov 2009 08:36:39 +0000

#2 elitevips24.net Sat, 21 Nov 2009 08:10:07 +0000

#3 hotcan.net Sat, 21 Nov 2009 08:07:02 +0000

#4 willcan.net Sat, 21 Nov 2009 07:59:22 +0000

#5 amazedshopp.com Sat, 21 Nov 2009 07:57:58 +0000

#6 kingspingame.net Sat, 21 Nov 2009 07:54:08 +0000

#7 himgold.net Sat, 21 Nov 2009 07:27:41 +0000

#8 ardiromabos.net Sat, 21 Nov 2009 07:18:50 +0000

#9 createlamp.com Sat, 21 Nov 2009 07:07:02 +0000

#10 feverhandle.com Sat, 21 Nov 2009 07:05:59 +0000

#11 orpeak.com Sat, 21 Nov 2009 07:04:40 +0000

#12 raisenoon.com Sat, 21 Nov 2009 07:00:31 +0000

#13 drawroad.com Sat, 21 Nov 2009 06:45:14 +0000

#14 urketoniafos.net Sat, 21 Nov 2009 06:21:11 +0000

#15 lifttotal.com Sat, 21 Nov 2009 06:12:14 +0000

#16 grassaroma.com Sat, 21 Nov 2009 06:11:17 +0000

#17 yellowwere.com Sat, 21 Nov 2009 05:53:22 +0000

#18 appearfill.com Sat, 21 Nov 2009 05:40:04 +0000

#19 shegot.net Sat, 21 Nov 2009 05:38:01 +0000

#20 agreesoil.com Sat, 21 Nov 2009 05:31:01 +0000

#21 daringday.com Sat, 21 Nov 2009 04:47:44 +0000

#22 himnot.net Sat, 21 Nov 2009 04:18:05 +0000

#23 kiropadonts.net Sat, 21 Nov 2009 04:16:32 +0000

#24 gameroyalruby.net Sat, 21 Nov 2009 02:09:38 +0000

#25 gamerubyroyal.net Sat, 21 Nov 2009 02:08:26 +0000

#26 cheap-rx4u.com Sat, 21 Nov 2009 02:06:19 +0000

#27 drawrain.com Sat, 21 Nov 2009 01:40:00 +0000

#28 findthemmedsherenow.com Sat, 21 Nov 2009 01:34:36 +0000

#29 superbmove.com Sat, 21 Nov 2009 00:51:39 +0000

#30 meds-for-you-today.com Fri, 20 Nov 2009 22:07:15 +0000

#31 meds-for-you-now.com Fri, 20 Nov 2009 21:54:25 +0000

#32 refill-your-meds-today.com Fri, 20 Nov 2009 21:43:57 +0000

#33 rx-refill-now.com Fri, 20 Nov 2009 21:43:42 +0000

#34 your-rx-for-cheap.com Fri, 20 Nov 2009 21:43:31 +0000

#35 fastest-rx-today.com Fri, 20 Nov 2009 21:42:44 +0000

#36 bestquality-rx-today.com Fri, 20 Nov 2009 21:40:43 +0000

#37 refill-all-meds.com Fri, 20 Nov 2009 21:39:44 +0000

#38 no-doctor-wait.com Fri, 20 Nov 2009 21:39:23 +0000

#39 meds-for-cheap.com Fri, 20 Nov 2009 21:39:10 +0000

#40 medicine-daily.com Fri, 20 Nov 2009 21:21:19 +0000

#41 kinggamespin.net Fri, 20 Nov 2009 20:29:24 +0000

#42 ospakyrekass.net Fri, 20 Nov 2009 19:21:47 +0000

#43 booststrong.com Fri, 20 Nov 2009 18:02:30 +0000

#44 tellbold.com Fri, 20 Nov 2009 16:36:11 +0000

#45 hopedisc.com Fri, 20 Nov 2009 16:14:30 +0000

#46 hopestable.com Fri, 20 Nov 2009 16:01:36 +0000

#47 posterlobndon1.com Fri, 20 Nov 2009 15:34:33 +0000

#48 hopecreate.com Fri, 20 Nov 2009 14:55:45 +0000

#49 unedomergods.net Fri, 20 Nov 2009 14:30:02 +0000

#50 suffixbits.com Fri, 20 Nov 2009 12:49:16 +0000

#51 fuperasconts.net Fri, 20 Nov 2009 10:24:06 +0000

#52 meatyear.com Fri, 20 Nov 2009 09:52:00 +0000

#53 drugqualitybread.com Fri, 20 Nov 2009 08:59:30 +0000

#54 desirejump.com Fri, 20 Nov 2009 07:54:15 +0000

#55 vurtersonats.net Fri, 20 Nov 2009 05:02:42 +0000

#56 titodarombs.net Fri, 20 Nov 2009 03:23:57 +0000

#57 flushlamp.com Fri, 20 Nov 2009 03:08:54 +0000

#58 saltroot.com Fri, 20 Nov 2009 02:15:00 +0000

#59 themjoy.com Fri, 20 Nov 2009 01:51:29 +0000

#60 nutrition-lab.com Fri, 20 Nov 2009 01:32:55 +0000

#61 vagrstore.com Fri, 20 Nov 2009 00:59:05 +0000

#62 winterfour.com Thu, 19 Nov 2009 22:09:34 +0000

#63 resultdeep.com Thu, 19 Nov 2009 22:05:23 +0000

#64 basican.com Thu, 19 Nov 2009 21:19:07 +0000

#65 gladend.com Thu, 19 Nov 2009 19:59:08 +0000

#66 zondubaris.net Thu, 19 Nov 2009 19:13:17 +0000

#67 eatspeech.com Thu, 19 Nov 2009 17:15:42 +0000

#68 checkhumane.com Thu, 19 Nov 2009 17:10:39 +0000

#69 logbright.com Thu, 19 Nov 2009 17:07:16 +0000

#70 whoserope.com Thu, 19 Nov 2009 17:03:29 +0000

#71 verbstreet.com Thu, 19 Nov 2009 16:59:20 +0000

#72 indastorgus.net Thu, 19 Nov 2009 16:54:06 +0000

#73 juicymore.com Thu, 19 Nov 2009 16:52:41 +0000

#74 seetail.com Thu, 19 Nov 2009 16:34:08 +0000

#75 boostjoin.com Thu, 19 Nov 2009 16:20:27 +0000

#76 placelowly.com Thu, 19 Nov 2009 13:06:21 +0000

#77 freshwife.com Thu, 19 Nov 2009 12:52:56 +0000

#78 greatroyalplay.net Thu, 19 Nov 2009 10:24:48 +0000

#79 gameeuroland.net Thu, 19 Nov 2009 10:22:18 +0000

#80 gamelandeuro.net Thu, 19 Nov 2009 10:11:04 +0000

#81 landgameeuro.net Thu, 19 Nov 2009 10:06:43 +0000

#82 fabledblue.com Thu, 19 Nov 2009 09:45:13 +0000

#83 flushhot.com Thu, 19 Nov 2009 07:33:31 +0000

#84 melukorasors.net Thu, 19 Nov 2009 07:20:40 +0000

#85 cheapermedicine2009.com Thu, 19 Nov 2009 06:56:52 +0000

#86 milkcome.com Thu, 19 Nov 2009 06:27:16 +0000

#87 77-33.com Thu, 19 Nov 2009 05:23:30 +0000

#88 pressdouble.com Thu, 19 Nov 2009 05:09:37 +0000

#89 cutermorads.net Thu, 19 Nov 2009 04:59:21 +0000

#90 royalplaygreat.net Thu, 19 Nov 2009 03:21:02 +0000

#91 casinokingspin.net Thu, 19 Nov 2009 02:21:07 +0000

#92 luxuryplayeuro.net Thu, 19 Nov 2009 02:12:44 +0000

#93 movewant.com Thu, 19 Nov 2009 01:56:19 +0000

#94 hadwheel.com Thu, 19 Nov 2009 01:52:27 +0000

#95 flushsheet.com Thu, 19 Nov 2009 01:46:28 +0000

#96 multidry.com Thu, 19 Nov 2009 00:08:59 +0000

#97 scorelength.com Wed, 18 Nov 2009 22:37:33 +0000

#98 trucktrue.com Wed, 18 Nov 2009 21:38:20 +0000

#99 politemodest.com Wed, 18 Nov 2009 21:27:48 +0000

#100 belowcostrx.com Wed, 18 Nov 2009 21:19:36 +0000

#101 pressroot.com Wed, 18 Nov 2009 21:08:54 +0000

#102 nalbox.net Wed, 18 Nov 2009 21:00:07 +0000

#103 zirdobalkons.net Wed, 18 Nov 2009 20:58:30 +0000

#104 playcasinostars.net Wed, 18 Nov 2009 20:55:47 +0000

#105 playstarscasino.net Wed, 18 Nov 2009 20:55:32 +0000

#106 casinoplaystars.net Wed, 18 Nov 2009 20:53:46 +0000

#107 ormeant.com Wed, 18 Nov 2009 18:53:08 +0000

#108 miomerandos.net Wed, 18 Nov 2009 18:03:19 +0000

#109 pickthan.com Wed, 18 Nov 2009 17:48:22 +0000

#110 staybegan.com Wed, 18 Nov 2009 17:47:53 +0000

#111 gamevegasopen.net Wed, 18 Nov 2009 17:46:23 +0000

#112 leddoes.com Wed, 18 Nov 2009 16:20:18 +0000

#113 nightyour.com Wed, 18 Nov 2009 14:46:54 +0000

#114 eurodicegreat.net Wed, 18 Nov 2009 14:44:15 +0000

#115 camelocate.com Wed, 18 Nov 2009 13:26:33 +0000

#116 ogieromass.net Wed, 18 Nov 2009 12:45:13 +0000

#117 appearpast.com Wed, 18 Nov 2009 12:10:18 +0000

#118 yourcodeine.com Wed, 18 Nov 2009 11:00:38 +0000

#119 longtangy.com Wed, 18 Nov 2009 10:40:06 +0000

#120 greatrxcatch.com Wed, 18 Nov 2009 07:42:00 +0000

#121 makeylate.com Wed, 18 Nov 2009 07:12:37 +0000

#122 feromanos.net Wed, 18 Nov 2009 06:20:46 +0000

#123 solvetable.com Wed, 18 Nov 2009 06:08:56 +0000

#124 extrafar.com Wed, 18 Nov 2009 06:04:13 +0000

#125 doesmother.com Wed, 18 Nov 2009 05:15:49 +0000

#126 tipbull.net Wed, 18 Nov 2009 04:57:42 +0000

#127 software777.net Wed, 18 Nov 2009 04:49:31 +0000

#128 33-66.com Wed, 18 Nov 2009 04:43:30 +0000

#129 remtuplasoms.net Wed, 18 Nov 2009 04:01:04 +0000

#130 redthey.com Wed, 18 Nov 2009 03:37:56 +0000

#131 soundmy.com Wed, 18 Nov 2009 02:34:57 +0000

#132 eagerpotent.com Wed, 18 Nov 2009 01:47:56 +0000

#133 whenhas.com Wed, 18 Nov 2009 01:41:40 +0000

#134 getrxeasilyonline.com Wed, 18 Nov 2009 01:41:31 +0000

#135 tiodarombs.net Wed, 18 Nov 2009 01:39:18 +0000

#136 portekohios.net Wed, 18 Nov 2009 00:12:13 +0000

#137 drinkspicy.com Tue, 17 Nov 2009 23:10:19 +0000

#138 glassgot.com Tue, 17 Nov 2009 22:17:11 +0000

#139 cardpose.com Tue, 17 Nov 2009 21:18:57 +0000

#140 numboklavers.net Tue, 17 Nov 2009 20:54:22 +0000

#141 silentdaring.com Tue, 17 Nov 2009 20:14:37 +0000

#142 readyadore.com Tue, 17 Nov 2009 19:23:25 +0000

#143 edsherebuy.com Tue, 17 Nov 2009 19:05:28 +0000

#144 mostyard.com Tue, 17 Nov 2009 18:48:49 +0000

#145 greatgameeuro.net Tue, 17 Nov 2009 18:44:43 +0000

#146 gamegreateuro.net Tue, 17 Nov 2009 18:34:51 +0000

#147 fabrecord.com Tue, 17 Nov 2009 17:11:42 +0000

#148 casinobeststars.net Tue, 17 Nov 2009 17:02:24 +0000

#149 boldsecond.com Tue, 17 Nov 2009 15:36:59 +0000

#150 ageshore.com Tue, 17 Nov 2009 15:20:50 +0000

#151 drugsearl93.net Tue, 17 Nov 2009 14:28:50 +0000

#152 commoncatch.com Tue, 17 Nov 2009 14:23:29 +0000

#153 grepondass.net Tue, 17 Nov 2009 13:34:10 +0000

#154 luxurygreatroyal.net Tue, 17 Nov 2009 11:45:04 +0000

#155 samcorefos.net Tue, 17 Nov 2009 11:22:26 +0000

#156 eagerfour.com Tue, 17 Nov 2009 10:37:33 +0000

#157 cookfeel.com Tue, 17 Nov 2009 08:54:29 +0000

#158 onlineseth2.net Tue, 17 Nov 2009 08:39:30 +0000

#159 quartbeat.com Tue, 17 Nov 2009 07:21:54 +0000

#160 drugsedwin62.net Tue, 17 Nov 2009 07:05:02 +0000

#161 coreinovels.net Tue, 17 Nov 2009 06:39:57 +0000

#162 royalrubycasino.net Tue, 17 Nov 2009 06:27:00 +0000

#163 rubycasinoroyal.net Tue, 17 Nov 2009 06:23:48 +0000

#164 rubdoes.com Tue, 17 Nov 2009 05:56:36 +0000

#165 valuenight.com Tue, 17 Nov 2009 05:42:32 +0000

#166 cropafter.com Tue, 17 Nov 2009 04:54:29 +0000

#167 zoportovukas.net Tue, 17 Nov 2009 04:50:50 +0000

#168 novirgomers.net Tue, 17 Nov 2009 03:17:06 +0000

#169 tiechange.com Tue, 17 Nov 2009 02:52:49 +0000

#170 topcheap-ed.com Tue, 17 Nov 2009 02:20:59 +0000

#171 foundcase.com Tue, 17 Nov 2009 02:15:41 +0000

#172 refillstorerxnow.com Tue, 17 Nov 2009 01:57:41 +0000

#173 mainmakey.com Tue, 17 Nov 2009 01:48:47 +0000

#174 fishhope.com Tue, 17 Nov 2009 01:45:00 +0000

#175 quality-codeines.com Tue, 17 Nov 2009 01:38:37 +0000

#176 elaboratesz.com Tue, 17 Nov 2009 01:35:10 +0000

#177 readywe.com Tue, 17 Nov 2009 01:29:30 +0000

#178 wirtokrages.net Tue, 17 Nov 2009 01:06:23 +0000

#179 printhumane.com Tue, 17 Nov 2009 00:02:23 +0000

#180 vrigolosams.net Mon, 16 Nov 2009 23:56:45 +0000

#181 pharmtowney21.net Mon, 16 Nov 2009 23:18:57 +0000

#182 kingspincasino.net Mon, 16 Nov 2009 22:23:44 +0000

#183 kingcasinospin.net Mon, 16 Nov 2009 22:20:04 +0000

#184 mouthmighty.com Mon, 16 Nov 2009 21:03:28 +0000

#185 safeextra.com Mon, 16 Nov 2009 20:57:17 +0000

#186 alsoof.com Mon, 16 Nov 2009 18:03:00 +0000

#187 sidethey.com Mon, 16 Nov 2009 17:40:27 +0000

#188 elite2009-jackpots.com Mon, 16 Nov 2009 17:02:41 +0000

#189 rollmonth.com Mon, 16 Nov 2009 16:36:17 +0000

#190 termdoes.com Mon, 16 Nov 2009 15:03:46 +0000

#191 vanishhold.com Mon, 16 Nov 2009 14:09:12 +0000

#192 starscasino888.net Mon, 16 Nov 2009 14:08:57 +0000

#193 exactcome.com Mon, 16 Nov 2009 14:04:52 +0000

#194 germinatbig.com Mon, 16 Nov 2009 13:49:38 +0000

#195 awareplay.com Mon, 16 Nov 2009 13:44:09 +0000

#196 vurtesonats.net Mon, 16 Nov 2009 11:25:13 +0000

#197 rootmunchy.com Mon, 16 Nov 2009 10:54:48 +0000

#198 luxuryroyalgreat.net Mon, 16 Nov 2009 10:38:50 +0000

#199 royalgreatluxury.net Mon, 16 Nov 2009 10:21:27 +0000

#200 kiropladonts.net Mon, 16 Nov 2009 10:19:31 +0000

#201 playeuroluxury.net Mon, 16 Nov 2009 09:51:31 +0000

#202 storychaste.com Mon, 16 Nov 2009 08:58:53 +0000

Klanten van de ING zijn opnieuw het doelwit van een phishingaanval die inspeelt op de “migratie” tussen de Postbank. “Vanwege de migratie tussen Postbank en ING verzoeken wij u eenmalig uw primair IP-adres te bevestigen”, zo is in de e-mail te lezen, waarvan inmiddels al vijf varianten zijn rondgegaan.

Lees meer

http://news.cnet.com/8301-27080_3-10396786-245.html?tag=nl.e404

Today I learned that there is such a thing as overlay banking, which provides a way to pay in webshops through your online banking system. Contrary to how in the Netherlands popular iDeal system works, with overlay banking you provide your credentials (including a one-time-password/TAN code)  to a hopefully trusted third party. Technically, you could say this third party is very similar to someone doing a man-in-the-middle attack. The Dutch National Bank and others expressed their concerns about this, and I completely agree. Although I can imagine that the specific party providing this overlay banking service (the German Payment Networking) may very well be trustworthy, one should of course never give ones credentials to a third party. There are many technical solutions to avoid this (e.g., OAuth), and let someone act on your behalf without having to give them your credentials. What worries me most is that this may educate people to be more susceptible to phishing and man-in-the-middle attacks!  Apparently Payment Networking disagrees (article in Dutch), and considers their system secure because they adhere to high security standards. This does not however take my ‘educating people to do the wrong thing’ concern away.
Of course, one may also argue that in addition to raising concerns about overlay banking, the European banks should speed up the process of standardizing interfaces that allow competing international online payment systems. I can imagine that overlay banking is simple a way to provide cheap online payment, and with proper standards and fair competition, this should be possible without the above described security risks.

“Jusqu’ici, les rapports de criminologie virtuelle McAfee publiés chaque année s’intéressaient plutôt aux méthodes, aux cibles et aux comportements des cybercriminels.

Pourtant, à l’époque où nous rédigions le rapport 2007 déjà, de nombreux experts faisaient observer que, non contents de s’espionner mutuellement dans le cyberespace, certains Etats développaient des techniques d’attaque informatique toujours plus sophistiquées.

Depuis la publication de ce rapport, le concept de cyberguerre revient régulièrement au centre des débats face à la multiplication des attaques et des intrusions réseau apparemment motivées par des objectifs politiques et non plus par le profit, ce qui les distingue incontestablement du cybercrime à proprement parler.

Dans le rapport de cette année, nous avons donc décidé de nous pencher sur l’éventualité d’une guerre menée au coeur du cyberespace.“

McAfee

http://www.01net.com/Pdf_01net/6735rpt_virtual_criminology_1009_fr_fnl_lores.pdf

Vérification des certificats de sécurité, identification des sites à risque, authentification anonyme, détection des sites de phishing et des fichiers malveillants… ZDNet.fr sélectionne 10 extensions pour protéger sa navigation sur Firefox.

Suivez le guide >> ZDNet.fr

Per aggirare i sistemi di protezione antiphishing alcune e-mail contengono un regalino sottoforma di allegato; in questo allegato si trova una pagina web salvata in formato MHT (pagina web completa)  che contiene la copia esatta della videata di accesso al sistema online della banca.

La differenza rispetto al phishing “tradizionale”, dove bisogna cliccare per andare su un sito fasullo, consiste nel fatto che l’allegato dell’email contiene una pagina web perfettamente funzionante nella quale vi viene richiesto di inserire direttamente utente e password, senza necessità di cliccare su un link, che potrebbe essere intercettato e bloccato dai sistemi di protezione antiphishing.

Inutile dire dove finiranno i dati una volta inseriti….

Nei casi peggiori l’apertura dell’allegato può provocare anche l’esecuzione di un codice malevolo che può installare del malware nel vostro computer.

Ecco il testo di una email di questo tipo:

Da: Phoenix Informatica Bancaria S.p.A
[mailto:assistenza_ib@in-bank-online.net]
Inviato: lunedì 16 novembre 2009 16.01
Oggetto: Comunicazioni dalla Banca dal 16 Novembre 2009
Priorità: Alta

Gentile Cliente,
Un nuovo documento di rendicontazione e a sua disposizione.
Potre consultarlo e salvarlo sul suo PC entro un anno da oggi, visitando
l’area Estratto conto e documentazione dei suoi Servizi via internet.
Per l’assistenza ai Servizi via internet puo contattare il numero verde
800.827.455, gratuito anche da cellulare.
Cordiali saluti.
Servizio Banca di Credito Cooperativo Online
—
Questo e un messaggio automatico.
Per disabilitare il servizio puo utilizzare la funzione Modifica
abilitazioni (Comunicazioni > Estratto conto e documentazione).

Copyright © Banca di Credito Cooperativo S.p.A

L’allegato, una volta aperto, si presenta così:

La pagina web dentro l’allegato è ‘attiva’ nel senso che consente di inserire utente e password (in alto a destra).

L’indirizzo web che si nasconde dietro i campi della pagina è:

http://**pcvirtual.comoj.com**/jsp/Login.jsp.htm#

(gli asterischi per neutralizzare il link)

Quindi, se inserite in queste videate le vostre credenziali di accesso finiranno direttamente in pasto ai phisher!!

This is the third attack on the InBoxRevenge antispam forums within one month. The first DDoS attack which was posted below was on October 28, 2009.

Since about 10:45 Eastern Time on Monday, November 16th, 2009, IBR’s forums are once again offline.

We will give you more details as they become available. It seems that spammers are definitely still very angry with the content posted on IBR.

We will continue to spread information online via various twitter accounts, blogs, and other websites about collecting information which leads to shutting down illegal spammer operations. Attacks such as this one and others do not stop our efforts as we continue to report spamming operations.

As a reminder, check out our other websites online for updates:

Twitter: http://twitter.com/inboxrevenge
Other blogs:

http://garwarner.blogspot.com/

http://inboxrevenge.blogspot.com

http://inboxrevenge.spaces.live.com

Wiki:

http://spamtrackers.org

Please note: that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com

http://spamitmustfall.blogspot.com

It looks like fraudsters used the run up to the October tax deadline to ramp up a scheme to gather private information from people. At the same time a more dangerous scam was coming across from America. What was happening and what can be done?

Tax refunds?

HMRC reported a record 83,000 scam e-mails in September. In one day alone a massive 10,000 reports were made. Given that these are only the e-mails reported, the actual numbers are probably even higher. It’s more than a bit worrying.

One scam says something like “You have a tax refund, click here”. It directs the person to a website asking for credit or debit card details. These sites only live for a couple of hours before they are closed down and replaced by a new site. Although several have been shut down, they are fiendishly hard to track.

The second fraud was perhaps more worrying.

A US scam appears to be moving to the UK. In the States an e-mail claiming to be from the American federal tax authority, IRS, threatening fines and penalties actually had a Trojan attached.

Andrew Brandt of US internet security company Webroot wrote a great blog about it.

Phishing and Trojans 

Sending fake e-mails to gather personal information is commonly called “phishing”. Crooks send millions of emails pretending to be from a well-known respected organisation such as a bank. The e-mail scares the recipient into visiting a genuine-looking but fraudulent website where data is captured. 

A trojan is a computer program that installs itself on your computer and without you knowing can send your personal details, passwords and usernames etc to the criminals who sent the e-mail.

Both are tools used by criminals for identity theft.

What to do? 

Fortunately, it’s easy to spot – HMRC will never send an e-mail regarding a tax refund. They will only ever send you a letter in those circumstances. As John Harrison, head of customer contact at HMRC says: “We never use e-mails, telephone calls or external companies in these circumstances.”

So, if you have an email purporting to be from HMRC saying you are owed a tax refund, it’s a scam. Simple as that.

If you are concerned about an e-mail you have received, the important thing is never to open it or click on any link it contains. Just delete it.  

HMRC have a really informative and up to date web site with details of the latest scams and frauds. Click here for more information.

Alternatively, simply send the e-mail immediately to phishing@hmrc.gsi.gov.uk without opening it and then delete it. They’ll deal with it.  

A more in-depth version of this article appears on msn money.

Palestinian suspected of phishing Israeli bank accounts