The BBC had a report that the Storm worm is now invading blogs. Messages are posted to blogs that link to web sites that try to inject the worm into your computer. Subject lines for these messages are for example:
are you kidding me? lol
Dude dont send that stuff to my home email...
Dude your gonna get caught, lol
HAHAHAHAHAHA, man your insane!
I cant belive you did this
LMAO, your crazy man
LOL, dude what are you doing
man, who filmed this thing?
oh man your nutz
OMG, what are you thinking
A search with, for example, "HAHAHAHAHAHA, man your insane!" turns up many google blogspot sites. Be extremely careful with such sites. Some of them are just full of Storm Worm spam messages.
However, some of the google sites have now been blocked, most likely by Google or the blog owners, and only registered users can log in.
In any case, this does not bode well at all. This hacker group has now a system of probably over 1 Million infected computers under their control, and I am sure in a short time there will attempts to flood other popular sites.
Friday, August 31, 2007
Tuesday, August 28, 2007
Insights into 419 advance fee frauds
Here is a Web site, scambusters419.co.uk, that will give you plenty of insights into the workings of 419 advance free fraudsters. If you have some spare time, read how the owner plays and fools with the scammers.
Another Web site with some hilarious pictures of scammers is at 419eater.com. Have a look at this site.
These sites are operated by "scambaiters". They respond to SPAM emails of the advance fee fraud (419) type and make fools of the scammers.
See for example this exchange between a scammer and a baiter, where the scammer claims to be Samuel Eze from a bible ministry. I don't want to give away the punch line, but the pictures the guy sends are hilarious.
Enjoy both sites!
Another Web site with some hilarious pictures of scammers is at 419eater.com. Have a look at this site.
These sites are operated by "scambaiters". They respond to SPAM emails of the advance fee fraud (419) type and make fools of the scammers.
See for example this exchange between a scammer and a baiter, where the scammer claims to be Samuel Eze from a bible ministry. I don't want to give away the punch line, but the pictures the guy sends are hilarious.
Enjoy both sites!
Friday, August 24, 2007
More info on HYIPs and scams
Catty Shaq has more infos and discussions of HYIPs and other online money making scams. It also has information on the e-Gold court case.
Thursday, August 23, 2007
HYIPs are essentially scams.
Here is a nice explanation of how the HYIP (High Yield Investment Programs) scams (i.e. Colonyinvest, Wollenberg, SNGInvest, etc.) operate, see WorldLawdirect. It is similar to what you can find on HYIP in Wikipedia.
A simple fact is: "Warren Buffett, one of the world's most successful investors, made around 30% per year during his most successful period." So, any claims of higher profits by HYIPs cannot be real.
Very interesting is also the fact the e-gold, which is used by many HYIP programs as a way to transfer the funds is itself indicted on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, see WLD forum thread on e-gold.
A simple fact is: "Warren Buffett, one of the world's most successful investors, made around 30% per year during his most successful period." So, any claims of higher profits by HYIPs cannot be real.
Very interesting is also the fact the e-gold, which is used by many HYIP programs as a way to transfer the funds is itself indicted on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, see WLD forum thread on e-gold.
Wednesday, August 22, 2007
postcard/e-card and "Membership" SPAM emails are STORM WORM
The Register had yesterday a report that the new series of SPAM emails - the recent "Welcome/Membership" emails - that try to lure you into clicking on a link are attempts to infect your computer with malicious software. They are new permutations of the previous ecard/postcard SPAM emails. If the reader goes to the web site, he is prompted that an applet (little program) needs to be installed for secure login. This program is called "applet.exe", runs on Windows machines (not Mac Os X or Linux), and creates a backdoor on the computer that allows hackers to take over the machine. This piece of malware or Trojan is known as "Storm", "Zhelatin" or W32/Newar. It changes and adapts rapidly, in fact so fast that many antivirus software packages do not yet recognize it intially. This is an extremely dangerous Trojan going around. Between January and May 2007 2817 infected hosts were detected, but this has skyrocketed to 1.7 million infected machines now. F-Secure has a list of Sender and Subject lines that the recent SPAMs use.
Tuesday, August 21, 2007
New phishing or virus attack by email SPAM
New variations of the postcard / e-card spam emails are showing up that try to lure you into clicking on a provided link. This time the spam emails pretend to be a confirmation for a membership registration, or something along those lines, and they try to trick you into clicking on the link. Most likely the given web site will inject a virus into your computer system. Here are some examples:
Subject: Membership Details
From: "Web Players"
Sender: User viqlpkkvxut
New Member,
Are you ready to have fun at Web Players.
Account Number: 828285335
Temorary Login: user3090
Password ID: yg141
For security purposes please login and change the temporary Login ID and Password.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Thank You,
Confirmation Dept.
Web Players
Subject: Member Confirm
From: "Free Ringtones"
Sender: User twcenwfunwi
Dear Member,
Thank You for Joining Free Ringtones.
Membership Number: 28189574868359
Temorary Login: user4810
Your Password ID: qu845
Please keep your account secure by logging in and changing your login info.
Follow this Link: http://xxx.xxx.xxx.xxx
Enjoy,
Confirmation Dept.
Free Ringtones
Subject: Registration Confirmation
From: "Office Antics"
Sender: User neojqgl
New Member,
We are glad you joined Office Antics.
Membership Number: 81718539734
Temp Login ID: user8300
Temorary Password: ch274
Please keep your account secure by logging in and changing your login info.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Thank You,
Membership Support Department
Office Antics
Subject: Dated Confirmation
From: "Online Hook-Up"
Sender: User wcrdzwrbl
Welcome Member,
Here is your membership info for Online Hook-Up.
Confirmation Number: 94429852
Login ID: user8191
Password ID: da684
Your temporary Login Info will expire in 24 hours. Please login and change it.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Enjoy,
Welcome Department
Online Hook-Up
Subject: Your Member Info
From: "Free Web Tools"
Sender: User fwunefx
Welcome,
Are you ready to have fun at Free Web Tools.
Account Number: 6179795186753
Your Temp. Login ID: user8774
Password ID: gl565
Please keep your account secure by logging in and changing your login info.
Click on the secure link or paste it to your browser: http://xxx.xxx.xxx.xx
Thank You,
Welcome Department
Free Web Tools
Subject: Membership Details
From: "Web Players"
Sender: User viqlpkkvxut
New Member,
Are you ready to have fun at Web Players.
Account Number: 828285335
Temorary Login: user3090
Password ID: yg141
For security purposes please login and change the temporary Login ID and Password.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Thank You,
Confirmation Dept.
Web Players
Subject: Member Confirm
From: "Free Ringtones"
Sender: User twcenwfunwi
Dear Member,
Thank You for Joining Free Ringtones.
Membership Number: 28189574868359
Temorary Login: user4810
Your Password ID: qu845
Please keep your account secure by logging in and changing your login info.
Follow this Link: http://xxx.xxx.xxx.xxx
Enjoy,
Confirmation Dept.
Free Ringtones
Subject: Registration Confirmation
From: "Office Antics"
Sender: User neojqgl
New Member,
We are glad you joined Office Antics.
Membership Number: 81718539734
Temp Login ID: user8300
Temorary Password: ch274
Please keep your account secure by logging in and changing your login info.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Thank You,
Membership Support Department
Office Antics
Subject: Dated Confirmation
From: "Online Hook-Up"
Sender: User wcrdzwrbl
Welcome Member,
Here is your membership info for Online Hook-Up.
Confirmation Number: 94429852
Login ID: user8191
Password ID: da684
Your temporary Login Info will expire in 24 hours. Please login and change it.
Use this link to change your Login info: http://xxx.xxx.xxx.xx
Enjoy,
Welcome Department
Online Hook-Up
Subject: Your Member Info
From: "Free Web Tools"
Sender: User fwunefx
Welcome,
Are you ready to have fun at Free Web Tools.
Account Number: 6179795186753
Your Temp. Login ID: user8774
Password ID: gl565
Please keep your account secure by logging in and changing your login info.
Click on the secure link or paste it to your browser: http://xxx.xxx.xxx.xx
Thank You,
Welcome Department
Free Web Tools
Thursday, August 16, 2007
Wollenberg International (www.wollenberginternational.com), part 2
Wollenberg International claims to be based in Panama. The address they give is (click for larger picture):
Searching with this address, one finds that this is exactly the same address used by another fraudulent investment web site: Scandinavian Networking Group (www.snginvest.com), which has been exposed at sng-scam.info. Here is an excerpt of the Panamanian documents of SNG (taken from moneymakergroup):
As one will notice, the address is the same as for Wollenberg. So, either Wollenberg ING copied it from SNG, or they are the same operation. In either case, this looks like a scam.
The same address is used by what looks like yet another dubious investment site, siaminvestcorp.com (Siam Gain S.A.):
Siaminvestcorp has links to Hatfield Oak International, which in turn had links with SNGinvest (see sng-scam.info).
Then there is a representative of the a3union.com based in this apartment:
Furthere, we find an application form under vmover.com listing Hatfield Oak's address in the same place:
although Hatfield seems to have another address:
Vmover.com itself is an advertisement board for such sites as AmityFunds, SNGInvest, A3Union, ExclusiveCircle, FantasticPay, FeederFund, FX Club and more.
Sewercash has previously exposed Amityfunds as also being located in the same place Findings on Amityfunds
And people involved in Amityfunds and SNGinvest are prosecuted:
If you look at the Torre Cosmos Floor plans, the apartment tower where the address is, you will find that it contains 2- and 3-bedroom apartments, and four 2-bedroom penthouses on top. Apartment A on the 13th floor is a 3-bedroom apartment.
Well, well, this little apartment in Panama is pretty crowded...
Hence, Wollenberg is lying about being in Panama, or it's part of the SNGinvest/Amityfunds circle of fraudulent companies.
Searching with this address, one finds that this is exactly the same address used by another fraudulent investment web site: Scandinavian Networking Group (www.snginvest.com), which has been exposed at sng-scam.info. Here is an excerpt of the Panamanian documents of SNG (taken from moneymakergroup):
As one will notice, the address is the same as for Wollenberg. So, either Wollenberg ING copied it from SNG, or they are the same operation. In either case, this looks like a scam.
The same address is used by what looks like yet another dubious investment site, siaminvestcorp.com (Siam Gain S.A.):
Siaminvestcorp has links to Hatfield Oak International, which in turn had links with SNGinvest (see sng-scam.info).
Then there is a representative of the a3union.com based in this apartment:
Furthere, we find an application form under vmover.com listing Hatfield Oak's address in the same place:
although Hatfield seems to have another address:
Vmover.com itself is an advertisement board for such sites as AmityFunds, SNGInvest, A3Union, ExclusiveCircle, FantasticPay, FeederFund, FX Club and more.
Sewercash has previously exposed Amityfunds as also being located in the same place Findings on Amityfunds
And people involved in Amityfunds and SNGinvest are prosecuted:
If you look at the Torre Cosmos Floor plans, the apartment tower where the address is, you will find that it contains 2- and 3-bedroom apartments, and four 2-bedroom penthouses on top. Apartment A on the 13th floor is a 3-bedroom apartment.
Well, well, this little apartment in Panama is pretty crowded...
Hence, Wollenberg is lying about being in Panama, or it's part of the SNGinvest/Amityfunds circle of fraudulent companies.
Subscribe to:
Posts (Atom)
