- jve4.ru
- nmr43.ru
- po4c.ru
Thursday, 24 July 2008
Asprox: jve4.ru, nmr43.ru and po4c.ru
"ABT Solutions" scam email
Two telltale signs - one is the use of a Google Mail address where you would expect it to come from abtsolutions.net, the other one is that the job offer appears to be too good to be true. The company name is also spelled incorrectly.
Subject: A proposal for collaboration. Additional revenue.
From: job.abtsolutions@gmail.com
Date: Wed, July 23, 2008 11:07 pm
Hello Sir/Madam,
I am Chebotar' Aurelian, Director of ABT Solutins
specializes in innovative IT solutions and complex software projects development.
My company based in Ukraine. We've earned ourselves a reputation of a
reliable and trustworthy partner working successfully with a number of
West European companies and providing them with reliable software
development services in financial and media sectors.
Unfortunately we are currently facing some difficulties with receiving
payments for our services. It usually takes us 10-30 days to receive
a payment and clearing from your country and such delays are harmful
to our business. We do not have so much time to accept every wire transfer.
That's why we are currently looking for partners in your country to help
us accept and process these payments faster.
If you are looking for a chance to make an additional profit you can
become our representative in your country. As our representative you will
receive 8% of every deal we conduct. Your job will be accepting funds in
the form of wire transfers and forwarding them to us.
It is not a full-time job, but rather a very convenient and fast way
to receive additional income. We also consider opening an office in your
country in the nearest future and you will then have certain privileges
should you decide to apply for a full-time job. Please if you are
interested in transacting business with us we will be very glad.
Please contact me for more information via email:
and send us the following information about yourself: job.abtsolutions@gmail.com
1. Your Full Name as it appears on your resume.
2. Education.
3. Your Contact Address.
4. Telephone/Fax number.
5. Your present Occupation and Position currently held.
6. Your Age
Please respond and we will provide you with additional details on how you
can become our representative. Joining us and starting business today will
cost you nothing and you will be able to earn a bit of extra money fast
and easy. Should you have any questions, please feel free to contact us
with all your questions.
Sincerely,
Chebotar' Aurelian,
Director of ABT Solutins.
Wednesday, 23 July 2008
Asprox domains: 23/7/08 - Part II
- cgt4.ru
- kc43.ru
Asprox domains: 23/7/08
- 4cnw.ru
- 4vrs.ru
- 5kc3.ru
- 90mc.ru
- 9jsr.ru
- bts5.ru
- chds.ru
- cvsr.ru
- d5sg.ru
- ecx2.ru
- gb53.ru
- h23f.ru
- jex5.ru
- jvke.ru
- keec.ru
- keje.ru
- kgj3.ru
- lkc2.ru
- lksr.ru
Wednesday, 16 July 2008
"Infopulse Ukraine Ltd" Money Mule Scam
Subject: Earning additional salary with us!
From: jobinfopulse@gmail.com
Date: Wed, July 16, 2008 4:56 pm
Hello Sir/Madam,
I am Alexey Sigov, Director of Infopulse Ukraine Ltd
specializes in innovative IT solutions and complex software projects development.
My company based in Ukraine. We've earned ourselves a reputation of a
reliable and trustworthy partner working successfully with a number of
West European companies and providing them with reliable software
development services in financial and media sectors.
Unfortunately we are currently facing some difficulties with receiving
payments for our services. It usually takes us 10-30 days to receive
a payment and clearing from your country and such delays are harmful
to our business. We do not have so much time to accept every wire transfer.
That's why we are currently looking for partners in your country to help
us accept and process these payments faster.
If you are looking for a chance to make an additional profit you can
become our representative in your country. As our representative you will
receive 8% of every deal we conduct. Your job will be accepting funds in
the form of wire transfers and forwarding them to us.
It is not a full-time job, but rather a very convenient and fast way
to receive additional income. We also consider opening an office in your
country in the nearest future and you will then have certain privileges
should you decide to apply for a full-time job. Please if you are
interested in transacting business with us we will be very glad.
Please contact me for more information via email:
and send us the following information about yourself: jobinfopulse@gmail.com
1. Your Full Name as it appears on your resume.
2. Education.
3. Your Contact Address.
4. Telephone/Fax number.
5. Your present Occupation and Position currently held.
6. Your Age
Please respond and we will provide you with additional details on how you
can become our representative. Joining us and starting business today will
cost you nothing and you will be able to earn a bit of extra money fast
and easy. Should you have any questions, please feel free to contact us
with all your questions.
Sincerely,
Alexey Sigov,
Director of Infopulse Ukraine Ltd
Asprox domains: 16/7/08
- adwnetw.com
- adpzo.com
- ausbnr.com
- brcporb.ru
- btoperc.ru
- cdport.eu
- cdrpoex.com
- gbradde.tk
- grtsel.ru
- korfd.ru
- movaddw.com
- tctcow.com
- usabnr.com
Tuesday, 15 July 2008
Asprox domains: 15/7/08
- adpzo.com
- adwnetw.com
- ausbnr.com
- bkpadd.mobi
- butdrv.com
- cdport.eu
- cdrpoex.com
- cliprts.com
- gbradde.tk
- gbradp.com
- gitporg.com
- hdrcom.com
- loopadd.com
- movaddw.com
- nopcls.com
- porttw.mobi
- pyttco.com
- tctcow.com
- tertad.mobi
- usabnr.com
Friday, 11 July 2008
"I'm customer from Singapore.."
One in particular is the "Customer from Singapore" email of which the following is an example.
Subject: special order
From: "Tony Canna"
Date: Fri, July 11, 2008 7:45 am
I'm customer from Singapore ,and I would like to purchase some products from your
company,but before we doing bussines,I need your answers for my questions
below.
1.Do you accept credit card for payment?
2.Do you ship overseas via UPS,DHL or FedEX Service ?
Thanks before for the attentions and we are glad to doing more bussines with
your company.
I look Forward to hearing from you soon.
Best Regards,
Tony Canna
Singapore is a pretty good place to do business with. Crime and corruption are very low, and you could be reasonably certain that business transactions from with Singapore would be 100% legitimate. The problem with this email is that the sender isn't from Singapore at all, but from neighbouring Indonesia as an examination of the mail headers shows. At the risk of offending Indonesian readers.. well.. put it this way - Indonesia is a much more tricky place to do business with.
Another telltale mark of a fraud is the phrase "Special order". I don't know why, but these scammers often like to mark their emails with this. Go figure.
This Indonesian/Singaporean scam is actually quite common, so be cautious about people claiming to be from Singapore, check mail headers carefully and check that the delivery address is a real business or residential address if you can (rather than some warehouse at an airport, for example).
Thursday, 10 July 2008
"Dibag Industries AG" money mule scam
Of course there is a PayPal Germany and $78,000 a year for an Office Assistant is probably a little on the high side..
Subject: Office Assistant Required - 1500/week
We are a Germany company, we are doing business all over the Europe, our main
activities are real estate investments and digital currencies exchanges.
As a result of expading our business in North American region, our company must keep
up with our American customers accepting the most popular payments in the United
States: Paypal. We are currently seeking an dependable and enthusiastic US
representative to handle the transactions.
Being located in Germany, a transfer via Paypal system sent here can take up to 14
days to arrive, therefore we need a US representative with an US paypal account who
able to accept the payments from our US customers.
This will significantly improve our business, that's why we can pay 5% from every
transfer processed.
Almost anyone is accepted, but a verified paypal account is required, an account
where you will be receiving the transfers.
If you are interested to find more about this position, let me know at:
martin_rohwerder@live.com
Thank you,
Martin Rohwerder
Dibag Industries AG
Asprox domains: 10/7/08
- adwnetw.com
- ausadd.com
- ausbnr.com
- bnsdrv.com
- butdrv.com
- cdrpoex.com
- crtbond.com
- destad.mobi
- destbnp.com
- drvadw.com
- gbradw.com
- loopadd.com
- movaddw.com
- nopcls.com
- porttw.mobi
- pyttco.com
- tertad.mobi
- usaadw.com
- usabnr.com
Two more new ones as well:
- bkpadd.mobi
- tctcow.com
Wednesday, 9 July 2008
ZoneAlarm: "The firewall has blocked Internet access to.."
ZoneAlarm Security Alert
Protected
The firewall has blocked Internet access to whatever.com (0.0.0.0) (HTTP) from your computer (TCP Flags: S)
This is because the Microsoft patch you just applied has made some fairly significant changes to the way your PC looks up internet names (such as web pages, email hosts etc) and ZoneAlarm isn't aware of those changes and is consequently having a panic.
It isn't really a fault with the patch, and given the nature of the change, you can perhaps expect ZoneAlarm not to cope [see note below]. If you really want some more technical background read this article at the Internet Storm Center: Multiple Vendors DNS Spoofing Vulnerability.
As a temporary workaround, the best advice is to deinstall the KB951748 until ZoneAlarm is updated. It is an important update, but you are either going to have to disable ZoneAlarm or remove the patch and at the moment my advice would be to stick with ZoneAlarm.
To remove the patch in Windows XP (Vista will be similar):
- Click Start and select Control Panel (or Start.. Settings.. Control Panel depending on your setup).
- Open "Add or Remove Programs"
- Tick "Show Updates"
- Scroll down (probably very near the bottom of the list) to Security Update for Windows XP (KB951748) (Vista may be worded differently, but the key thing to look for is KB951748).
- Click Remove
- Follow the steps to remove the patch and then reboot
Update 1:
Sandi made the following comment:
It is not necessary to uninstall the patch, or disable/remove Zonealarm. Simply reset the ZoneAlarm database:Update 2:
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
"To solve this, just reset the ZA database and the ZA will be "fresh" as when it was first installed:
Boot your computer into the Safe Mode
Navigate to the c:\windows\internet logs folder
Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
Clean the Recycle Bin
Reboot into the normal mode
ZA will be just like new with no previous settings or data
Once this is finished, reboot back into the normal mode and in the new network found windows, set the new network to Trusted.
Then do this to ensure the ZA is setup properly:
Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc
1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
3. Click OK and Apply. Then do the same for the DHCP server.
4. The localhost (127.0.0.1) must be listed as Trusted.
5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
Plus it must have both Trusted and Internet Access."
ZoneAlarm have a press release with a couple of workarounds here.
Workaround to Sudden Loss of Internet Access Problem
Date Published : 8 July 2008
Date Last Revised : 9 July 2008
Overview :
Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected. Impact :
Sudden loss of internet access Platforms Affected :
ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Download and install the latest versions which solve the loss of internet access problem here:
ZoneAlarm Internet Security Suite ZoneAlarm Pro ZoneAlarm Antivirus ZoneAlarm Anti-Spyware ZoneAlarm Basic Firewall - or follow the directions below.
Option 1: Move Internet Zone slider to Medium
- Navigate to the "ZoneAlarm Firewall" panel
- Click on the "Firewall" tab
- Move the "Internet Zone" slider to medium
Option 2: Uninstall the hotfix
- Click the "Start Menu"
- Click "Control Panel", or click "Settings" then "Control Panel"
- Click on "Add or Remove Programs"
- On the top of the add/remove programs dialog box, you should see a checkbox that says "show updates". Select this checkbox
- Scroll down until you see "Security update for Windows (KB951748)"
- Click "Remove" to uninstall the hotfix
Asprox domains: 9/7/08
- adwnetw.com
- ausadd.com
- ausbnr.com
- bnsdrv.com
- butdrv.com
- cdrpoex.com
- cliprts.com
- crtbond.com
- destbnp.com
- drvadw.com
- gbradp.com
- gbradw.com
- hdrcom.com
- loopadd.com
- movaddw.com
- nopcls.com
- tctcow.com
- usaadp.com
- usaadw.com
- usabnr.com
"Ban Ki-moon / United Nations" scam
An almost laughable scam email claiming to be from Ban Ki-moon (the UN's Secretary General) offering to reward victims of scams with $250,000. Of course if you are daft enough to fall for it, then you will soon find that there will be problems that will require up-front fees to be paid etc etc. Note that the reply-to address is actually mrbankimoonun1@sify.com (a free email service provider in India) although the email originated from Google Mail. You can be reasonably assured that Ban Ki-moon does not need to use a free email provider.
Subject: SCAMMED VICTIM/ US$ 250,000.00 BENEFICIARY.REF/PAYMENTS CODE:078654
From: "info@unitednation.org"
Date: Wed, July 9, 2008 12:44 pm
ZENITH BANK COMPENSATION UNIT, IN AFFILIATION WITH THE UNITED
NATION. Send acopy of your response to official email:
zenithba_nkplc19_51@hotmail.com
ATTN:Sir/Madam,
How are you today? Hope all is well with you and family?,You may not
understand why this mail came to you.
We have been having a meeting for the passed 7 months which ended 2 days ago
with the then secretary to the United Nations
This email is to all the people that have been scammed in any part of the
world, the United Nations have agreed to compensate them with the sum of US$
250,000.00
(Two Hundred and Fifty Thousand United States Dollars)This includes every
foriegn contractors that may have not received their contract sum, and
people that have had an unfinished transaction or international businesses
that failed due to
Government problems etc.
Your name and email was in the list submitted by our Monitoring Team of
Economic and Financial Crime Commission observers and this is why we are
contacting you, this have been agreed upon and have been signed.
You are advised to contact Mr. Jim Ovia of ZENITH BANK NIGERIA PLC, as he is
our representative in Nigeria, contact him immediately for your Cheque/
International Bank Draft of USD$ 250,000.00 (Two Hundred and Fifty
Thousand United
States Dollars) This funds are in a Bank Draft for security purpose ok? so
he will send it to you and you can clear it in any bank of your choice.
Therefore, you should send him your full Name and telephone number/your
correct mailing address where you want him to send the Draft to you.
Contact Mr. Jim Ovia immediately for your Cheque:
Person to Contact Mr. Jim Ovia
Telephone No: +234_8064109875.
Email: zenithba_nkplc19_51@hotmail.com
Goodluck and kind regards,
Mr. Ban Ki Moon
Secretary (UNITED NATIONS).
Making the world a better place
Monday, 7 July 2008
Who are Vivids Media GmbH?
The odd thing is that Vivids Media GmbH doesn't appear to have a web site or any traceable contact details. However, most of the domain registrations have a contact telephone number in Berlin of +49.3094413291 and some searching around gives this page with what looks like the correct contact details of:
Name: Vivids Media GmbHThat indicates that Vivid Media GmbH is related to klikdomains.com and therefore klikvip.com which are part of another company that claims to be in Berlin, Klik Media GmbH (some of the alleged goings on of this company are mentioned here). A short step away from Klik are a whole set of domains registered via Estdomains (a familiar name to many) and things start to get seedy from there.
Email Address: support@klikdomains.com
Address: Leege-Gr str. 41
City: Berlin
Zip: 13055
Country : Germany
Tel No.: +49.3094413291
There's no evidence that Vivid Media GmbH is directly invovled in anything bad - in fact there is barely any evidence that Vivid Media GmbH actually exists at all. Spammers and other bad guys do have a knack of finding registrars who are slow at terminating their accounts, so let's be charitable and say that Vivids Media are just understaffed in their abuse department.
The problem is that if you want to contact Vivids Media, then it seems to be very difficult. Their website is 56823.myorderbox.com which is a sort of white label domain registrar site. Myorderbox.com seems to be based in India, and looks to be a reseller of ResellerClub which in turns registers names through PublicDomainRegistry.com.
Complicated? Well, yes.. but ultimately PublicDomainRegistry.com are the registrar and it turns out that there is some light at the end of the tunnel. You will find that most of the domains used in these SQL Injection attacks have false WHOIS data, and you can report false WHOIS data here. Hopefully then the domain will be suspended.. not that it really matters too much because the bad guys will just register some more.
So the answer to the question "who are Vivids Media GmbH?" is "I don't know" but for most practical puporses you wouldn't need to deal with them if complaining about one of these domains, go to the registrar and report it there.
Asprox domains: 7/7/08 and another SQL Injection mitigation article
- adbtch.com
- aladbnr.com
- allocbn.mobi
- adwadb.mobi
- apidad.com
- appdad.com
- asodbr.com
- asslad.com
- blcadw.com
- blockkd.com
- bnradd.mobi
- bnrbase.com
- bnrbasead.com
- bnrbtch.com
- browsad.com
- brsadd.com
- canclvr.com
- catdbw.mobi
- clrbbd.com
- dbgbron.com
- ktrcom.com
- loctenv.com
- lokriet.com
- mainadt.com
- mainbvd.com
- portadrd.com
- portwbr.com
- stiwdd.com
- ucomddv.com
- upcomd.com
Thursday, 3 July 2008
Asprox domains: 3/7/08 and ngg.js
- adwadb.mobi
- allocbn.mobi
- canclvr.com
- catdbw.mobi
- ktrcom.com
- lokriet.com
- mainbvd.com
- portwbr.com
- stiwdd.com
- testwvr.com
- upcomd.com
- ucomddv.com
Wednesday, 2 July 2008
Asprox domains: 2/7/08
- adupd.mobi
- adwste.mobi
- bnrupdate.mobi
- cntrl62.com
- config73.com
- cont67.com
- csl24.com
- debug73.com
- default37.com
- get49.net
- pid72.com
- pid76.net
- web923.com
Best advice to to block access to these sites and check your logs.
Monday, 30 June 2008
"Royal Alliance Financial Investment" scam
There is no such company as "Royal Alliance Financial Investment" in the UK. Originating IP is 196.216.69.54 which is allocated to Swift Global Kenya Limited in Nairobi. Finance companies do not generally use free email accounts to solicit business, and the address is clearly wrong. Avoid.
From: "Royal Alliance Financial Investment"
Date: Mon, June 30, 2008 3:43 pm
Royal Alliance Financial Investment
(Financial Aid Professionals)
Contant Address:85 Fleet Street.
London EC4Y 1AE.
Manchester United Kingdom.
Are you searching for a Genuine loan? at an affordable interest rate ?
processed within 4 to 6 working days. Have you been turned down constantly
by your Banks and other financial institutions? The goodnews is here !!!
Welcome to Royal Alliance Financial Investment,interest rate at 3%.It
gladdens our
hearts to bring to your notice that we offer all kinds of loan to any
part of the world.Being a licensed and registered company under the
finance ministry here in the United Kingdom we make available to customers
legitimate loan offers that are quick and affordable with interest rate at
a mere 3%.
Our Packages include:*Home Loan *Auto Loan*Mortgage Loan*Business
Loan*International Loan*Personal Loan*And Much More.
Please if you are delighted and interested in our financial offer,Do not
hesitate to contact us if in need of our service as you will be required
to furnish us with the following details to commence with the process of
your loan sum accordingly
1st INFORMATIONS NEEDED ARE
First Name:___________________________
Last Name:____________________________
Gender:_______________________________
Marital status:_______________________
Contact Address:______________________
City/Zip code:________________________
Country:______________________________
Date of Birth:________________________
Amount Needed as Loan:________________
Loan Duration:________________________
Monthly Income/Yearly Income:_________
Occupation:___________________________
Business name:________________________
Purpose for Loan:_____________________
Phone:________________________________
Fax:__________________________________
Thanks For Your Patronage!
'Your Business Is Our Blessing'
Mr,Jerry Mccarthy,
London Operations Manager,
Contant Address:85 Fleet Street.
London EC4Y 1AE.
Manchester United Kingdom.
Email:royalalliance.finance02@gmail.com
visit.royalalliance@gmail.com
Asprox: new domains including .mobi
It's the first time that I've seen .mobi used in this way. Blocking access to all .mobi domains will probably do little harm.