Monday, November 16, 2009

Keeping Money Mule Recruiters on a Short Leash

The money mule recruitment syndicate exposed in a previous post (Standardizing the Money Mule Recruitment Process), continues introducing new domains and re-branding the de-facto recruitment templates for a huge percentage of the currently active money mule recruitment scams.

Ironically, both the syndicate and its competition in the face of boutique money mule recruitment operations aiming to self-service the cybercriminal -- he doesn't want to share stolen revenue with a third-party service provider -- behind them, are using the copywriting and online brand management services courtesy of a single vendor.

It's time to expose the complete domains portfolio of one of their biggest customers, including both domains introduced since the middle of the summer, 2009, as well as the most recent ones, with all of them using/having used the services of AS:38356.

Parked at;;;; as of Monday, November 18 are the following money mule recruitment domains:
affina-groupsvc .cc - Email:
altgroupco .cn - Email:
alt-groupco .net - Email:
annuity-groupnet .cc - Email:
archway-groupinc .cn - Email:
armor-groupco .cc - Email:
ava-group .cc - Email:
ava-group .cn - Email:
ava-groupsvc .cc - Email:
avagroupsvc .cn - Email:
bfs-groupinc .cc - Email:
braingroupmain .cn - Email:
brain-groupsvc .cn - Email:
ccn-groupco .cn - Email:
cdi-groupmain .cn - Email:
cosco-groupmain .cn - Email:
criscom-group .cc - Email:
criscomgroupco .cn - Email:
criscom-groupinc .cc - Email:
cronos-group .net - Email:
cronos-groupinc .cn - Email:
cronos-groupinc .com - Email:
cronosgroupsvc .cn - Email:
dove-groupli .cn - Email:
entrustgroup .cn - Email:
extreme-groupinc .cn - Email:
fairline-group .cn - Email:
flatgroupfly .cc - Email:
full-controll .cc - Email:

geniouspartner .cn - Email:
holding-group .cn - Email:
igt-groupco .cn - Email:
igtgroupinc .cn - Email:
igt-groupinc .com - Email:
index-groupinc .cn - Email:
index-groupinc .com - Email:
indexgroupinc .net - Email:
index-groupmain .cn - Email:
ing-groupsvc .cn - Email:
integrity-groupinc .cc - Email:
invalda-groupli .cn - Email:
invalda-groupmain .cn - Email:
invalda-groupmain .com - Email:
landgroupinc .cn - Email:
landgroupinc .net - Email:
land-groupsvc .cn - Email:
land-groupsvc .com - Email:
libertygroup .cc - Email:
lime-groupnet .cn - Email:
lime-groupsvc .cn - Email:
margin-groupco .cn - Email:
margingroupinc .cn - Email:
massivegroupsvc .cn - Email:
mastergroupinc .cn - Email:
master-groupinc .com - Email:
master-groupsvc .cn - Email:
mellis-group .cn - Email:
mellis-groupmain .cn - Email:

mena-groupsvc .cn - Email:
nvidia-groupnet .cn - Email:
nvidia-groupsvc .cn - Email:
opm-groupli .com - Email:
phoenix-groupco .net - Email:
phoenix-groupmain .cn - Email:
premier-groupinc .cn - Email:
premier-groupinc .com - Email:
premier-groupnet .cc - Email:
prime-groupco .cn - Email:
prime-groupinc .cn - Email:
puritan-groupco .cc - Email:
puritan-groupco .cn - Email:
puritan-groupinc .cn - Email:
puritan-groupinc .com - Email:
realtek-groupnet .cn - Email:
realtekgroupsvc .cn - Email:
reddbutton .cn - Email:
redeye-groupco .cn - Email:
redeye-groupinc .cn - Email:
regency-groupco .com - Email:
regency-groupnet .cc - Email:

regency-groupnet .cn - Email:
safegroupsvc .cn - Email:
saturn-groupsvc .cn - Email:
scope-group .cn - Email:
scope-groupmain .cc - Email:
scope-groupmain .cn - Email:
stargroupinc .cn - Email:
star-groupinc .net - Email:
star-groupsvc .cn - Email:
star-groupsvc .com - Email:
summit-groupinc .cn - Email:
theblackend .cn - Email:
totallysmiled .cn - Email:
vector-groupfine .cn - Email:
vision-groupinc .cc - Email:
vision-groupsvc .com - Email:
windcontrol .cc - Email:

Nothing's isolated, everything's connected, and sadly orchestrated by a very distinct set of cybercrime enterprises, the market share leaders.

Related posts:
Standardizing the Money Mule Recruitment Process
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
Inside a Money Laundering Group's Spamming Operations

This post has been reproduced from Dancho Danchev's blog.