ScamBlog

Scamdex

Scamdex's Somewhat Cynical Take on Scams
Scamdex is a resource about scams, mainly internet-based. It contains a huge archive of carefully sifted email scams, categorized and analysed. The ScamBlog is commentary on the world of scams - scams which get bigger, cleverer and nastier day by day. These are our thoughts on stuff that makes us mad.Blog Directory - Blogged

3 Nov '07

Who owns Westpac-site.org?

by mxw @ 11:33 am. Filed under Email Scams, Identity Theft, Trojans, Viruses, banking, spoof websites

Why do I ask? Well, I got a spam/scam email today that pretends to be an alert from Microsoft, via the Secret Service that a backdoor has been found in Windows XP and that a patch has been released which will ‘fix’ this vulnerability.

Well, as you can imagine, the ‘patch‘ turns out to be a trojan/virus/worm thingy itself.

interestingly, this scammer uses imageshack.us to host his images. Here’s one:
Scammer ImageThe download site was WWW.WESTPAC-SITE.ORG which is hosted by one-and-one, a huge internet web hosting company and the rest of the details are probably spurious (Ian Arend from Victoria, Australia).

If you go to the westpac-site.org website, you find the beginnings of a Pharming operation, attempting to extract the PIN numbers of people’s credit cards for Bank of America accounts.

I have send emails to the relevant ISPs to try to get this site down as soon as possible, but people will get burned (unless that is, they see this posting first!)

Link To This Post
1. Click inside the codebox
2. Right-Click then Copy
3. Paste the HTML code into your webpage
codebox
powered by Linkubaitor

21 Aug '07

New Email offers Registration (with Virus Payload)

by mxw @ 6:52 am. Filed under Email Scams, Trojans, Viruses, Worms

I’ve received several emails today, all matching the same pattern. The email comes iwth a range of subjected and from a range of senders but the enclosed web link, when clicked brings you to the same html, all located on different IP addresses. The few ip addresses I looked up seemed to be typical home computer users which probably means that they are infected machines running spam bots .

Here’s one – Subject is ‘Registration Details

Greetings,We are so happy you joined Ringtone World.User Number: 8191539133Temorary Login: user4089Your Password ID: ce630Be Secure. Change your Login ID and Password.Use this link to change your Login info: http://24.14.127.121/Thank You,Technical ServicesRingtone World

Going to the link brings up this webpage (it also loads a fake video viewer window with no content):

If you do not see the Secure Login Window please install our Secure Login Applet.

Clicking on the link will download the file applet.exe which my Fprot antivirus recognised as a virus but failed to identify the name.

Other subjects
‘User Services’, ‘User Info’, ‘Internal Support’, ‘Technical Support’, ‘Registration Details’

Other Sites
‘Pet World’, ‘Ringtone World’, ‘Funny-Files’, ‘Recipies-Galore’, ‘Ringtone Heaven’ and plenty more.

Link To This Post
1. Click inside the codebox
2. Right-Click then Copy
3. Paste the HTML code into your webpage
codebox
powered by Linkubaitor

View blog top tags

Recent ScamBlog Posts

Scamdex Sponsors

Spam Blocked

Contact the ScamBlog

Your Name (required)

Your Email (required)

Subject

Your Message

captcha
Confirm code

Scamdex Sponsors

Categories

ScamBlog Archives

Tags

Meta

14,921 spam comments
blocked by
Akismet
[powered by WordPress.] 27 queries. 0.342 seconds