Fraud

FBI Press Release
Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business

Malware Secretly Re-Routed More Than 4 Million Computers, Generating at Least $14 Million in Fraudulent Advertising Fees for the Defendants

In conjunction with the arrests yesterday, authorities in the United States seized computers at various locations, froze the defendants’ financial accounts, and disabled their network of U.S.-based computers—including dozens of rogue DNS servers located in New York and Chicago. Additionally, authorities in the United States took steps with their foreign counterparts to freeze the defendants’ assets located in other countries. Remediation efforts were immediately undertaken to minimize any disruption of Internet service to the users of computers infected with the Malware. This remediation was necessary because the dismantling of the defendants’ rogue DNS servers—to which millions of computers worldwide had been redirected—would potentially have caused all of those computers, for all practical purposes, to lose access to websites.

The remediation effort is being carried out pursuant to the order of a Manhattan federal court judge. As part of that order, the defendant’s rogue DNS servers have been replaced with legitimate ones. Internet Systems Consortium (“ISC”), a not-for-profit entity, was appointed by the court to act as a third-party receiver for a limited period of 120 days during which time it will administer the replacement DNS servers. Although the replacement DNS servers will provide continuity of Internet service to victims, those replacement servers will not remove the Malware from the infected computers. Users who believe their computers may be infected can find additional information at FBI.gov.

http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business

{ 0 comments }

Shady Reshipping Centers

by certifiedbug on October 14, 2011

in Internet Security

Krebs On Security offers readers a behind-the-scenes look at a organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics.

Shady Reshipping Centers Exposed, Part I

There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.

http://krebsonsecurity.com/2011/10/shady-reshipping-centers-exposed-part-i/

{ 0 comments }

Rejected Federal Tax Transaction Scam

by certifiedbug on October 4, 2011

in Internet Security

A malicious scam which continues to do the rounds with three caught by my spam filter, the transaction ID changes.

How does IRS e-file work?A. You or your tax professional, prepare your tax return. In many cases, the tax professional is also the Electronic Return Originator (ERO) who is authorized to file your return electronically to the IRS. Ask your tax professional to file your return through IRS e-file.You sign your electronic tax return by either using a Self-Select PIN for e-file for a completely paperless return, or by signing Form 8453, US. Individual Income Tax Transmittal for an IRS e-file Return.See ” If the return is electronic, how do I sign it?” for more information.After you sign the return using a Self-Select PIN or Form 8453,the ERO transmits the return to the IRS or to a third-party transmitter who then forwards the entire electronic record to the IRS for processing. Once received at the IRS, the return is automatically checked by computers for errors and missing information. If it cannot be processed, it is sent back to the originating transmitter (usually the ERO) to clarify any necessary information. After correction, the transmitter retransmits the return to the IRS. Within 48 hours of electronically sending your return to IRS, the IRS sends an acknowledgment to the transmitter stating the return is accepted for processing. This is your proof of filing and assurance that the IRS has your return information. The Authorized IRS e-file Provider then sends Form 8453 to the IRS.If due a refund, you can expect to receive it in approximately three weeks from the acknowledgment date – even faster with Direct Deposit (half the time as when filed on paper). If you owe tax, see “What if I owe Money?” for payment options available this year.

Internal Revenue Service,
Metro Plex 1,
8401 Corporate Drive, Suite 300,
Landover, MD 20785

Forbes. 6/23/2011
http://www.forbes.com/sites/kellyphillipserb/2011/06/23/tax-scams-making-the-rounds-again/

{ 0 comments }

Ach ‘payment canceled’ spam

by certifiedbug on September 28, 2011

in Internet Security

Resurgence of malicious ACH spam, the digit number changes randomly from email to email.

Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.

The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.

Reference:
http://garwarner.blogspot.com/2011/05/ach-spammer-switches-to-shortened-urls.html

http://labs.m86security.com/tag/malicious-spam/

{ 0 comments }

Stolen Bank Cards Vendor Hacked

August 17, 2011

Krebs On Security Brian Krebs recently wrote about an online service that was selling access to stolen credit and debit card data. “The real news is that few of these fraud shops are secure enough to keep their stock of stolen data from being pilfered by thieves’, said Krebs. A prime example is the shop [...]

Read the full article →

Crook used Facebook to hack neighbors’ bank accounts

August 17, 2011

According to the Daily Telegraph 33-year-old Iain Wood, of Newcastle, befriended people living in his apartment block, intercepted their mail and used their personal details to get past on-line bank security checks using clues gleaned from Facebook and Friends Reunited. Graham Cluley Stop sharing personal information and stop telling the truth http://nakedsecurity.sophos.com/2011/08/15/fraudster-jailed-after-pillaging-facebook-accounts-for-personal-information/

Read the full article →

NYC “Uniform Traffic Ticket” tops spammed malware

August 17, 2011

GarWarner Email attachments that contain malicious code are still being used to infect computers and steal the data found on those computers. While it is easy to find people who discount this threat, believing no one would be foolish enough to open one of these email attachments, the criminals are working hard to make their [...]

Read the full article →

eThieves Steal $217k

August 17, 2011

Last month Cyber Criminals stole $217,000 from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization. Krebs On Security Lea French, MECA’s chief financial officer, said the trouble began when an employee with access to the organization’s online accounts opened a booby-trapped email attachment containing password-stealing malware. The attackers used MECA’s online banking credentials [...]

Read the full article →

Australia National Lottery 419

June 21, 2011

This old scam is still making the rounds looking for victims, one arrived in my mailbox. If you receive a similar email please do not respond to the scammer, just delete. http://www.419baiter.com/_scam_emails/lotto_scams/australia-national-lottery-fake-lotto-scam.html http://certifiedbug.com/blog/2006/12/29/consumeraffairs-top-10-scams-of-2006/

Read the full article →

Fake Parcel Service notification a spammed malware attack

June 9, 2011

I haven’t received one of these in the mail box myself, not yet anyway. Graham Cluley’s post at his naked security blog. Outbreak: United Parcel Service notification malware attack spammed out Cybercriminals are attempting to infect computers around the world, disguising their attack as an email claiming to come from United Parcel Service about a [...]

Read the full article →