Results 1 to 16 of 16
  1. #1
    ABW Ambassador AddHandler's Avatar
    Join Date
    January 19th, 2005
    Posts
    1,270
    PHISHING SCAM.. Shut Down
    I got a "PayPal" phishing scam in an e-mail day before yesterday..
    usually I just delete them..
    But I am tired of doing nothing...

    So I got the link (Which Was An IP Address) and turned them into their HOSTING PROVIDER..

    Today - I visit the page - It's GONE.. the site has been shut-down.
    So one e-mail and less than 24 hours is all it took.. the person may have simply moved to another server or something but at least it made me feel good to see their site shut down!


    Muhahahaaaaa.. one for the good guys!

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Great move! Empowering isn't it.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. #3
    ABW Ambassador JoyUnltd's Avatar
    Join Date
    January 19th, 2005
    Location
    Emerald City
    Posts
    2,019
    Congrats! Unfortunately, it doesn't take much to start up again.

    When the spirit moves me, I forward a few with long headers to spoof[at]paypal.com. A few of the IPs can be spam servers and won't do a thing to help you.
    Renée
    Pay no attention to that woman behind the curtain. -Wizardress of Oz

  4. #4
    ABW Ambassador AddHandler's Avatar
    Join Date
    January 19th, 2005
    Posts
    1,270
    EcomCity - Yep made me feel good.. after e-mailing so many merchants about BHO parasites.. and NOTHING..
    It made me feel pretty good to actually get someone shady shut down..


    JoyUnltd - That does no good.. It's PayPals fault and they know it.. they use the e-mail for everything - even including it in the cut and paste code that you have to use in order to go through paypal.. they are idiots.. BUT this guy will have to find another host.. muhahaaaa... and if he does set up again - he'll e-mail me again and the chase is on..

    ----
    I got another one today but it's from a TWC so it probably won't do any good to e-mail them.. they probably know all about it..

  5. #5
    AM Navigator Geno Prussakov's Avatar
    Join Date
    May 10th, 2005
    Location
    Washington D.C. Metro Area
    Posts
    11,798
    Quote Originally Posted by AddHandler
    So I got the link (Which Was An IP Address) and turned them into their HOSTING PROVIDER..

    Today - I visit the page - It's GONE..
    I guess, I should do the same. I'm getting a ton of those every week (from eBay, Bank of America, PayPal, etc)

    Thanks for the hint, AddHandler!

    Geno

  6. #6
    ABW Ambassador JoyUnltd's Avatar
    Join Date
    January 19th, 2005
    Location
    Emerald City
    Posts
    2,019
    AddHandler,
    You're right about PayPal, they have a lot of holes they haven't plugged up yet!
    Renée
    Pay no attention to that woman behind the curtain. -Wizardress of Oz

  7. #7
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Here's someone, and something, much more dangerous then your common phishing exploit. Thanks to our buddies at SunBelt (counterspy) hooking up with the FBI and Federal and State Cybercrime units this trojan backdoor operators ID theft ring will get busted..... http://www.sunbelt-software.com/Press.cfm?id=125
    Sunbelt Software Issues Immediate Protection for Harmful Keylogger. Company to update CounterSpy family of programs to scan and detect Srv.SSA-KeyLogger and will provide a free scan and remediation tool ... http://research.sunbelt-software.com/ssaclean.cfm


    Clearwater, Florida, USA — August 10, 2005 — Sunbelt Software, a leading provider of Windows security solutions, has issued an immediate security fix to thwart a newly identified spyware keylogger uncovered by Sunbelt's Research Team.

    A fix is available to detect and remove the SSA-KeyLogger spyware. For more information please visit the Sunbelt Spyware Research Center. http://research.sunbelt-software.com/Advisory.cfm

    The spyware keylogger, named Srv.SSA-KeyLogger, is a backdoor program that, among other things, secretly steals data from users' internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information. It is a new variant of a family of existing trojans generally known as Dumaru or Nibu.

    This keylogger was identified as a result of one of Sunbelt's lead spyware researcher's earlier discovery of a massive online identity theft ring in which thousands of unsuspecting computer users' personal data had been compromised.

    To protect users from this harmful keylogger, new definitions are being added for the company's CounterSpy and CounterSpy Enterprise antispyware products. Updates to the consumer edition of CounterSpy are available immediately, while customers of the enterprise edition will receive the updates shortly upon completion of platform testing by Sunbelt. Sunbelt is sharing data on the keylogger with other major security companies to insure the industry has the information necessary to react rapidly to this threat.... This discovery is credited to Mr. Patrick Jordan of Sunbelt Software's Spyware Research Department.


    This identity theft ring is tied into the discovery last week by SunBelt's "CounterSpy S/W group of huge server files shared by Identity thieves -log-in pilferers, cyber con-ment -terrorists and info peddlers. The front end exploit was tied to the operators of the www.Coolwebsearch.com BHO and their network of sleezy affiliate installers.
    http://research.sunbelt-software.com/Advisory.cfm

    Remember any of these names from ABW parasitware posts?
    Here are the top 10 spyware threats discovered by ThreatNet for the past 24 hours:


    Threat Name Percentage Category
    01. eZula.TopText 13% Adware
    02. Claria.DashBar 8% Adware
    03. ABetterInternet.Aurora 7% Adware
    04. iSearch.DesktopSearch 7% Spyware
    05. AvenueMedia.DyFuCA 6% Adware
    06. IST.ISTbar 6% Spyware
    07. ShopAtHome 6% Spyware
    08. IST.SlotchBar 6% Adware
    09. ABetterInternet 5% Adware
    10. 180search Assistant 5% Adware
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  8. #8
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    ABW has an obligation to uncover who really is www.CoolwebSearch.com and what networks(s) and affiliate related enities monitize them and their criminal partners.

    domain: coolwebsearch.com
    owner: InterWeb Solutions Inc
    organization: InterWeb Solutions Inc
    email: admin@iweb-commerce.com
    address: P.O. Box 362
    address: Road Town
    city: Tortola
    postal-code: 65113
    country: IO
    +18 483 6704391
    fax: +18 483 6704391
    admin-c: admin@iweb-commerce.com#0
    tech-c: admin@iweb-commerce.com#0
    billing-c: admin@iweb-commerce.com#0
    nserver: ns1.maximumhost.com
    nserver: ns2.rosexxxgarden.com
    status: lock
    created: 2001-06-01 06:51:34 UTC
    modified: 2004-11-11 01:56:08 UTC
    expires: 2007-06-01 00:51:23 UTC
    ________________________________

    Now CWschredder will remove most variants of CWS.

    http://www.adwarereport.com/mt/archives/000051.html

    CWS seems to be winning, leaving users at risk as they employ more Spyware and backdoor trojans into their weekly infestation arsenal.

    http://www.theregister.co.uk/2004/06/29/cws_shredder/
    The author has released latest version of CWShredder (1.59), the only antidote to the trojan, but warns that his app won't be updated again: "I have a few bugs to fix, but after that there's not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal."

    He has tracked CWS and its modifications ever since it first appeared last summer, claiming that it is "the most complex, invisible and devious hijacker" ever programmed. He is not joking: We run afoul of CWS not too long ago and the only way to remove the sucker was to replace the entire Windows Registry with a previous version. Even MSIE 6 Service Pack 2 (beta) couldn't provide any protection.

    The first modifications weren't even identified as such, according to Bellekom. Users began to report significant slowdowns when they typed messages into text boxes. Merijn believes CoolWebSearch is part of a new strain of trojans that install through the ByteVerify exploit in the MS Java Virtual Machine.

    Fighting CoolWebSearch has become a daunting task. The criminals behind it often engage in Distributed Denial of Service (DDoS) attacks against sites that host CWShredder. Some variants try to cripple CWShredder and other spyware removal tools. New versions of CWS are released almost every few weeks. Bellekom's chronicle of variants pretty much reads like a horror story. Merijn calls the latest variants "a living hell".

    ..."The trojan often redirects users to sites affiliated with CoolWebSearch, a Russian pay-per-click search engine where companies can bid for keywords. The site accumulated over 1000 affiliates since last year, all with their own site. CWS itself denies any involvement with the trojan: "We are buying surfers' searches from webmasters all over the world. Maybe some webmasters, who are sending visitor traffic to us, are challenging your system's security," the company says.

    Perhaps. But only if there is money involved. Do largely unknown Russian search sites or their affiliates earn that much money? We doubt it, not without the help of their western counterparts, anyway. Which may be the key to the solution: follow the money trail and you may get some answers. "

    ______________________________

    Domain name: http://www.iweb-commerce.com/
    Registrar: PacNames
    Referral URL: http://www.pacnames.com/

    Domain Registrant: TOTALNIC-86169 (REGISTRANT@IWEB-COMMERCE.COM)
    InterWeb Solutions Inc

    P.O. Box 362
    Road Town
    Tortola British Virgin Islan 65113
    US

    Tele +00.00000000
    Fax: +00.00000000


    Administrative, Technical Contact: TOTALNIC-71808 (INTERWEB@MAXIMUMHOST.COM)
    IWeb Server Administrator

    P.O. Box 362
    Road Town
    Tortola British Virgin Island 65113
    BR
    Tele 714-979-3344
    _________________________________

    now doing a search at http://www.iweb-commerce.com/ for discount computers shows some interesting folks paying the Russian Mob for traffic. Dell4me.com AARP.org (??) eBates.com and some of their sleazy affiliates and ToshibaDirect.com
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  9. #9
    ABW Ambassador DesignerWiz's Avatar
    Join Date
    January 18th, 2005
    Location
    U.S.A
    Posts
    2,777
    If you go to coolwebsearch.com main page they emphatically deny any affiliation with this, and are considering lawsuits against Yahoo & others.

    Hmmmmmmmmmmm
    Ray Thomas
    Webmaster Resources: http://DesignerWiz.com
    ABW Board Category: Programming / Coding
    http://forum.abestweb.com/forumdisplay.php?f=190

  10. #10
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Just a lame CYA move.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  11. #11
    ABW Ambassador Andy's Avatar
    Join Date
    January 18th, 2005
    Posts
    4,178
    I almost always forward spoofed messages to eBay. They do act quickly from what I've seen...usually within hours, the site is GONE!

    Any profits being generated are going towards setting up a new site, and I hope I've saved a few innocent people from revealing their private information to these scammers.

    Andy

  12. #12
    Member C.Whyte's Avatar
    Join Date
    August 2nd, 2005
    Location
    Santa Cruz, CA
    Posts
    68
    You all probably know this, but I will say it anyways. There are ways to tell if you are being phished with Paypal. I've reported a bunch to spoof[at]paypal.com and have called them a few times to try to see what they were doing about it. Paypal told me a couple things to look out for to tell if you are being phished or not:
    1. Paypal will always address you by your full name, never by your login or email.
    2. Paypal will never ask for any log in / personal information through an email.

    ...I only have 2 lol, sorry guys. Hope that helps someone who is debating opening an email!

    Also, I cannot beleive CoolWebSearch is still causing problems! I remember using the CWShredder YEARS ago on my brothers computer! Something needs to be done about that.

  13. #13
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    But Paypal really is partially at fault.

    1. They let people hotlink their nav images.
    2. They still send you emails that link to non-paypal domains for various functions.

    #2 is the biggie for me, how can they tell people not to click, then tell people, oh yeah but trust these...

    Chet

  14. #14
    ABW Ambassador AddHandler's Avatar
    Join Date
    January 19th, 2005
    Posts
    1,270
    chetf - and they use your e-mail address in the code that you place on your pages.. so if you have paypal links anyone can get your e-mail addy.. no problem..

    Most people do not consider them legit and for good reason - they don't act like it.. any business dealing in Credit Cards or any other type of payments - that has allowed this stuff to go on for so incredibly loooong.. is NOT LEGIT..

  15. #15
    ABW Ambassador AddHandler's Avatar
    Join Date
    January 19th, 2005
    Posts
    1,270
    Thumbs up
    And the chase is on.. LOL

    I just got another paypal phishing scam and reported them = SHUT DOWN..
    It has got to be the same person.. so I will continue to follow them where ever they go and get them shut down at every turn!

    Sooner or later they will either give up or start from scratch with another database of extracted e-mail addys..!!! There is no way they could tell it's me and just delete MY e-mail addy from their database.. Sooner or later they will run out of places to host their crap!

    Actually this is kind of FUN... muhahahaaaaa!
    SUCKS


  16. #16
    Member
    Join Date
    July 22nd, 2005
    Posts
    66
    Generally these sites will always get shut down within around 24-48 hours. The more resilient ones will be up for more than a week; in many cases they are hosted in countries whose top priorities are not shutting down phishing attacks. I don't want to offend anyone by naming particular countries...

    Check out www.fraudeliminator.com if you're interested; there is a report fraud feature in the product to report fraud directly (if you come across a new site).

    Quote Originally Posted by AddHandler
    And the chase is on.. LOL

    I just got another paypal phishing scam and reported them = SHUT DOWN..
    It has got to be the same person.. so I will continue to follow them where ever they go and get them shut down at every turn!

    Sooner or later they will either give up or start from scratch with another database of extracted e-mail addys..!!! There is no way they could tell it's me and just delete MY e-mail addy from their database.. Sooner or later they will run out of places to host their crap!

    Actually this is kind of FUN... muhahahaaaaa!
    SUCKS


  17. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Phishing Scam or Real?
    By isellstuff in forum Google Affiliate Network - GAN
    Replies: 14
    Last Post: November 15th, 2009, 11:36 PM
  2. Twist on phishing scam
    By knight01 in forum Domains & Hosting
    Replies: 4
    Last Post: October 29th, 2008, 03:08 PM
  3. New AMAZON phishing scam?
    By Rexanne in forum Amazon
    Replies: 5
    Last Post: January 16th, 2006, 09:54 AM
  4. New AMAZON phishing scam?
    By Rexanne in forum Suspicious Activity!
    Replies: 0
    Last Post: September 12th, 2005, 11:25 AM
  5. The Worst Phishing Scam Ever!!!
    By CDC in forum Midnight Cafe'
    Replies: 5
    Last Post: July 17th, 2004, 02:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •