Jump to content


Photo

Another Russian Bank Scam


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,564 posts

Posted 16 July 2004 - 08:29 AM

FYI...from the Internet Storm Center:

- http://isc.sans.org/...date=2004-07-16
Updated July 16th 2004 12:24 UTC
"...A reader contacted the ISC early on Friday morning to report yet another online banking scam. In this case, the victim receives a forged email from PayPal instructing them that their account appears to have unauthorized access attempts and they need to change their password for their protection. Clicking on the embedded link takes the victim to a web site hosted by a cable modem user near New York City.
If the victim is using Internet Explorer and the browser is not patched for the .chm exploit, the victim's browser is directed to download several files including executables from a web hosting site in Atlanta. The .chm patch is at http://www.microsoft...n/ms04-013.mspx
The files on the Atlanta site attempt to capture login and password activity, then upload that information to a data repository at the same site. As of early morning on July 16th there appears to be over 11,000 victims with over 16,000 captured passwords and account information. The data collection starts in early May and is unfortunately still continuing. The Atlanta site has been notified. The Department of Homeland Security and US-CERT have also been notified..."

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,564 posts

Posted 16 July 2004 - 12:32 PM

FYI...

- http://isc.sans.org/...date=2004-07-16
Updated July 16th 2004 17:09 UTC
"After comparing notes with the US-CERT this morning, we have come to the conclusion that this episode is another page in a long chapter of similar activity...Write up on the malware is online at
- http://spamwatch.cod...article&sid=142
The sites we have been looking at have files dated as early as April 23rd, so it is likely that this scam has been working since then or earlier. The URL above is dated June 3rd, confirming that it has been in circulation at least six weeks...The id directory and the text.txt files contain data on the compromised computers (keystrokes and so forth). Both are quite large and indicate that thousands of accounts have been hijacked..."

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button