Spammers have upped the ante in their bid to tap into interest created by the US presidential election this week to punt penis pills other assorted pharmaceutical tat.…
Read the original here:
McCain ‘dead’ email ruse punts penis pills
When you get spam in your inbox, there are some things you can do to report it. This can help cut down on some of it in the long run.
Credit:
How to Report Spam Emails
Barack Obama is ahead not only in the polls but where it counts the most - in spam messages. However, his presidential rival John McCain can claim his own guaranteed enlarged small victory.…
Source:
McCain pulls ahead in pharmaceutical spam
When:November 13, 2008 Where:Embassy Suites New York102 North End AvenueNew York, NY 10282 What: The threats to messaging platforms have expanded in size and increased in intensity. While viruses, spa…
More here:
Securing Email, Messaging Platforms and Mobile Devices - New York, NY (November 13, 2008)
The Consumerist recently posted a story about a Filipino call center that was inundated from a would-be ID Thief, and whose security center was not equipped to properly investigate and nab the guy.
Fortunately, the call center was small, and the ID Thief was obvious, so workers got to know his voice and mannerisms, and were able to forward him to security with every call. Unfortunately, it turned out the Filipino security staff was unprepared to properly handle the scam, because they didn’t know some of the cultural nuances (like the name “Angela” is female) and they had no access to LexisNexis, the U.S. security database of personal information.
Once the ID Thief caught on to the right answers to the security questions, the security staff refused to deal with him –and told the call center staff to deal with him as a verified account holder and give him account access. Eventually the guy was caught–in the U.S. by someone else — for successfully committing fraud.
Such a shame when this could be easily prevented. Companies want to cut costs, but they’re cutting security also.
Read the full article here.
Go here to read the rest:
The Security Problem in International Call Centers
Lots of spam suddenly showing up claiming to be on behalf of eNom.com, a well-known domain registrar.
Investigating these phishing attempts leads down a very dark hole indeed.
The eNom phishing sites are attempting to gather up domain information. For what purposes exactly is unsure, but I’m sure you could imagine: theft of a large number of domains, redirection of previously “good” domains to harmful content.
The contact information on these sites is all identical, and should be familiar to anyone who investigates this crap. Let’s take one example domain, sys82.net:
Whois sys82.net
Domain Name: SYS82.NET
Registrar: ONLINENIC, INC.
Whois Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com
Name Server: NS1.KOLBERACN.COM
Name Server: NS2.KOLBERACN.COM
Name Server: NS3.KOLBERACN.COM
Name Server: NS4.KOLBERACN.COM
Name Server: NS5.KOLBERACN.COM
Status: ok
Updated Date: 25-oct-2008
Creation Date: 25-oct-2008
Expiration Date: 25-oct-2009…
Domain servers in listed order:
ns1.kolberacn.com ns2.kolberacn.comAdministrator:
Name– Shestakov Yuriy
EMail-: (alexeyvas@safe-mail.net)
tel –: +7.9218839910
org: Shestakov Yuriy
Lenina 21 16
Mirniy,MSK,RU 102422Technical Contactor:
Name– Shestakov Yuriy
EMail-: (alexeyvas@safe-mail.net)
tel –: +7.9218839910
org: Shestakov Yuriy
Lenina 21 16
Mirniy,MSK,RU 102422Billing Contactor:
Name– Shestakov Yuriy
EMail-: (alexeyvas@safe-mail.net)
tel –: +7.9218839910
org: Shestakov Yuriy
Lenina 21 16
Mirniy,MSK,RU 102422Registration Service Provider:
name: Shestakov Yuriy
tel: +7.9218839910
fax: +7.9218839910
web:
Let’s examine what else those dns servers are supporting:
ns1.kolberacn.com
lolita-bbs.name NS ns1.kolberacn.com
ns1.kolberacn.com A 68.48.197.101
ns1.kolberacn.com A 68.80.158.76
ns1.kolberacn.com A 72.2.13.24
ns1.kolberacn.com A 75.60.192.242
ns1.kolberacn.com A 75.187.202.144
ns1.kolberacn.com A 97.82.229.170
ns1.kolberacn.com A 98.229.69.62
ns1.kolberacn.com A 99.245.182.179
xlpreview.com NS ns1.kolberacn.com
sys82.net NS ns1.kolberacn.com
com94.net NS ns1.kolberacn.com
weblola.net NS ns1.kolberacn.com
littlelolita.net NS ns1.kolberacn.com
nude-kids.net NS ns1.kolberacn.com
xlsites.net NS ns1.kolberacn.comThe server state is: 201 Okay
ns2.kolberacn.com
lolita-bbs.name NS ns2.kolberacn.com
ns2.kolberacn.com A 65.182.248.145
ns2.kolberacn.com A 66.30.49.194
ns2.kolberacn.com A 68.48.197.101
ns2.kolberacn.com A 68.80.158.76
ns2.kolberacn.com A 69.208.85.23
ns2.kolberacn.com A 72.2.13.24
ns2.kolberacn.com A 75.60.192.242
ns2.kolberacn.com A 76.112.161.176
ns2.kolberacn.com A 99.245.182.179
ns2.kolberacn.com A 209.60.226.164
ns2.kolberacn.com A 209.252.169.130
xlpreview.com NS ns2.kolberacn.com
sys82.net NS ns2.kolberacn.com
com94.net NS ns2.kolberacn.com
weblola.net NS ns2.kolberacn.com
littlelolita.net NS ns2.kolberacn.com
nude-kids.net NS ns2.kolberacn.com
xlsites.net NS ns2.kolberacn.comThe server state is: 201 Okay
And the rest are supporting several other domains featuring the enom phishing setup.
Note the diversity of the ip addresses associated with those domains: every single one of these is being hosted via a botnet, assumedly home computers infected with the Asprox infection. I had been reading up on several investigations into that exploit, and now it appears it’s directly a part of my own spam investigations.
Many of the domains supported by those name servers are, of course, sites which promote, sell, and distribute child pornography. Fortunately, as I write this, all of these sites are not responding. (Good work on getting those shut down, whoever you are.)
A quick investigation of one of those sites leads to a payment processing site known as Avalonpay.com. A quick search on that domain turns up an interesting blog entry on matchent.com concerning a similar investigation. The registrant contact data for that domain includes the company name “Absolutee Corp. Ltd.”, allegedly based in Hong Kong:
Note the company name used, ABSOLUTEE CORP. LTD.
Compare with an article in Wired News, http://www.wired.com/politics/security/news/2007/10/russian_network , about the Russian Business Network from October 2007, quote:“Jaret [note: speaking on behalf of RBN] also says there’s no mystery about the company’s ownership. According to Jaret, an offshore company called First Connect Telecom Limited Inc. owns RBN, though the company’s principals remain anonymous. The registration information for the company’s website lists a company called Absolutee Corp. LTD as the owner of the domain name. “
The article also mentioned that the whois info for RBN was changed later. And it has now expired.
So:
- eNom Phishing sites (all featuring alexeyvas@safe-mail.net contact email in whois.)
- Rogue DNS servers (All featuring fake Chinese registrant information in whois.)
- Child porn sites (All featuring absolutee.com registrant information in whois.)
- Avalonpay.com (Payment processor for child porn sites, also featuring absolutee.com registrant information in whois.)
ALL hosted using botnet-supported fast-flux servers.
You would think that this guy’s days in this industry were numbered, but sadly you’d be wrong, at least to gauge it from how long he’s maintained these operations.
I would love it if anyone from Russian law enforcement would investigate this scumbag. I guess I would first have to figure out how much they charge to do that. (Pardon my cynicism.)
Stay far, far away from any email related to these eNom “securiy bulletin” emails.
SiL / IKS / concerned citizen
Excerpt from:
eNom Phishing, Child Porn and Avalonpay.com
New research in the Netherlands uses cameraphone images to generate biometric data, in order to authenticate users on ad-hoc mobile networks. If you want to use a PDA or other device, just take a couple pictures, the system scans your face and you’re set to go.
Biometric data is generally regarded as being ill-suited for cryptography: each measurement, even when taken by the same device, of the same feature on the same person will differ slightly. This noise in the data makes it difficult to extract a cryptographic key in the traditional sense. Other recent work has shown that it’s possible to use just the noise in a biometric measurement to generate a cryptographic key—the new method relies on this principle.
Researchers put together a system that can be implemented on any device equipped with a camera. Facial recognition software is then used to produce biometric measurements of a person’s face, which should stay constant through changes in hairstyle, makeup, etc. Users take a picture of themselves, then uses a random string that, combined with the biometric information, forms the equivalent of a public key.
When two people need to establish a connection between their devices, they exchange these public keys, and each then takes a picture of the other device’s owner. The biometric data from this new picture is used to try to extract the random string from the public key.
It sounds a little like social networking in the cryptography world — and a bit hairier than just using a password. Do you think it’s a good idea?
Read the full article here.
The new RSA wireless security survey was released today. It reveals that while New York has a very dense concentration of hot spots, Paris is growing dramatically, with its hot spots up 300% from last year. But what does the report say about security of those spots?
Adrian at Securosis has this comment:
If your [sic] an IT manager, you have very little way to assess risk from this report, so just assume wireless hotspots are compromised and that you need to deploy a system to thwart these attacks on externally accessible corporate WiFi. And as an end users, if you think you are safe just because you have established an encrypted connection at Starbucks, think again. The guy in the tiny corner apartment overlooking the store makes his living by sniffing personal information and passwords.
Good advice, I’ll be checking my bank accounts from home and not Starbucks.
Thought it might be interesting to find a report about ID Theft — what percentage is caused by data breaches, versus internal data theft, versus wifi hot spot sniffers, versus other methods, I wonder?
See original here:
That Guy Above Starbucks, Stealing Your Passwords
You would be hard pressed to flip through any technology magazine or online IT publication without finding an article about some new Web 2.0 capability. And while there have been tremendous advancemen…
More:
Identity Management 2.0: The Secret Revolution
Blogger and infosec professional Kai Roar has a recent post about how all businesses should get professional design work done to make sure their web platforms are secure –
As an entrepreneur, it is very easy to think you will save some bucks by buying a cheap website from some some kid (your own, your neighbor+++), and focus only on saving cash.
This approach is wrong.
Again, this approach is wrong. Let me tell you why.
You are running a serious business, and your website is an increasingly important window towards your potential and existing clients.
I agree with the idea that a web site is important, and the design and content are important. But I disagree that ALL entrepreneurs need professionally designed web sites with tons of back-end bells and whistles and that security is a huge issue for all web sites.
Many web sites provide only content with minimal interaction. For many small businesses like restaurants, local retail stores, and so on, they will only be providing information about services, hours, maybe a product catalog. Their biggest security concern will be that their passwords get loose and their site gets hacked, or that someone enacts a phishing scam in their name. But as far as security goes, much of the “web security” rules are minimal here, because there’s no web application to secure.
This is a really different situation than a high-tech venture which will be built around user interaction, and will probably have several coders who are focused in different aspects of the site development. If there’s a web portal and user interface and customer database, that’s when security gets more complex, and of course professional designers need to be employed.
But I think for many businesses, it’s going over the top to say that security has to be a major focus of the site design. I do agree that businesses should consider what they want to achieve before building anything, and then build the site around those goals, with security, branding/design, and content in mind.
Credit:
How Much Does a Web Site Cost?
