Wednesday, June 08, 2011

Summarizing ZDNet's Zero Day Posts for May

The following is a brief summary of all of my posts at ZDNet's Zero Day for May. You can subscribe to my personal RSS feed, Zero Day's main feed, or follow me on Twitter:

Recommended reading:
01. Vishing attack on Skype pushing scareware 
02. Commtouch: 71 percent increase in new zombies 
03. Osama execution video scam spreading on Facebook 
04. New MAC OS X scareware delivered through blackhat SEO 
05. 'You visit illegal websites' FBI-themed emails lead to scareware 
06. Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware 
07. 'Enable Dislike Button' scam spreading on Facebook 
08. NASA's Goddard Space Flight Center FTP server hacked 
09. 'Checkout Your PROFILE Stalkers' scam spreading on Facebook 
10. 'The World Funniest Condom Commercial - LOL' scam spreading on Facebook 
11. China's Blue Army: When nations harness hacktivists for information warfare

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
- No comments:

Monday, May 30, 2011

Keeping Money Mule Recruiters on a Short Leash - Part Nine


The following brief summarizes currently active money mule recruitment web sites, actively recruiting money mules for the processing of fraudulently obtained funds.

Currently active sites residing within AS42708, PORTLANE Network www.portlane.com; AS29713, INTERPLEXINC Interplex LLC; AS38913, Enter-Net-Team-AS; AS24940, HETZNER-AS Hetzner Online:
ATLANTALTD-UK.CC - 193.105.134.233
ATLANTA-LTD-UK.NET - 78.46.105.205 - Email: admin@atlanta-ltd-uk.net
3ATLANTA-UK.COM - 193.105.134.233
BLITZNET-GROUPINC.CC - 78.46.105.205 - Email: admin@derwart-group.at
5DALI-STYLE.COM - 98.141.220.117
DALISTYLE-GROUP.CC - 98.141.220.118 - Email: tolls@mailti.com
DERWOODE-GROUP.COM - 98.141.220.117
DERWOODE-GROUP.NET - 98.141.220.117
GLACIS-GROUPLLC.COM - 193.105.134.232
1GLACISGROUP-LLC.NET - 193.105.134.233
IT-AMIRA.NET - 86.55.210.3 - Email: support@it-amira.net
ITAMIRA-DE.COM - 86.55.210.6 - Email: admin@itamira-de.com
ITSERV-DE.CO - 78.46.105.205 - Email: admin@itserv-de.co
IT-SERVICELTD.BE - 78.46.105.205
KADE-GROUP.COM - 86.55.210.4 - Email: admin@kade-group.com
MASTERART-GROUP.COM - 98.141.220.116 - Email: east@mail13.com
MENDRYLTD.COM - 98.141.220.117 - Email: admin@mendryltd.com
MENZEL-GROUP.TV - 98.141.220.118 - Email: admin@devotion-company.com
MITISSANSERVICE-GROUP-LTD.CC - 98.141.220.117 - Email: berra@cutemail.org
MITISSANSERVICEGROUP-LTD.COM - 98.141.220.117 - Email: alibi@mailae.com
oregonltd-uk.cc - 86.55.210.5 - Email: cause@ca4.ru
PARLEN-GROUPLLC.COM - 98.141.220.118 - Email: admin@parlen-groupllc.com
PARLENGROUPLLC.NET - 98.141.220.114
PARLEN-GROUP-USA.COM - 98.141.220.118
quad-groupuk.cc - 86.55.210.6 - Email: prissy@mailae.com
QUAD-GROUPUK.CC - 86.55.210.6 - Email: prissy@mailae.com
QUAD-IT-GROUP.COM  - 193.105.134.232 - Email: admin@quad-it-group.com
QUINTAGROUP.CC - 98.141.220.117 - Email: cola@mailae.com
QUINTA-GROUPUS.COM - 98.141.220.118 - Email: admin@quinta-groupus.com
QUINTA-LLC.NET - 98.141.220.118 - Email: admin@quinta-llc.net
REXTECHINNOVATION.COM - 98.141.220.118 - Email: admin@rextechinnovation.com
REXTECHLTD.CC - 98.141.220.115 - Email: blurt@fxmail.net
REXTECHLTD-US.COM - 98.141.220.118 - Email: admin@rextechltd-us.com
SPECIAL-ART-LTD.COM - 193.105.134.233 - Email: admin@special-art-ltd.com
SPECIAL-ART-UK.CC - 193.105.134.234
SUBLIME-LTD.NET - 98.141.220.118 - Email: admin@sublime-ltd.net
TARGETMARKETGROUP-LLC.CC - 98.141.220.117 - Email: admin@targetmarketgroup-llc.cc
TAZPROGLTD-US.COM - 98.141.220.117 - Email: admin@tazprogltd-us.co
VNSPROJECT-DE.CC - 78.46.105.205 - Email: admin@vnsproject-de.cc
VORTEXLLC-UK.COM - 193.105.134.232 - Email: admin@vortexllc-uk.com
VORTEX-LLC-UK.NET - 193.105.134.230 - Email: admin@vortex-llc-uk.net


Name servers of notice:
NS1.NAMESUKNS.CC - 178.162.172.48 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 69.10.56.131
NS3.NAMESUKNS.CC - 66.199.229.123

NS1.NAMEUK.AT - 178.162.172.57 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 69.10.56.132
NS3.NAMEUK.AT - 66.199.229.124

NS1.UKDNSTART.NET - 178.162.172.40 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 69.10.56.130
NS3.UKDNSTART.NET - 66.199.229.122

NS1.DNSUS.SU - 217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10

NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10

NS1.USDENNS.SU - 217.23.15.136 -  Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10

Monitoring of money mule recruitment campaigns is ongoing.

Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002

This post has been reproduced from Dancho Danchev's blog.
- No comments:

Keeping Money Mule Recruiters on a Short Leash - Part Nine


The following brief summarizes currently active money mule recruitment web sites, actively recruiting money mules for the processing of fraudulently obtained funds.

Currently active sites residing within AS42708, PORTLANE Network www.portlane.com; AS29713, INTERPLEXINC Interplex LLC; AS38913, Enter-Net-Team-AS; AS24940, HETZNER-AS Hetzner Online:
ATLANTALTD-UK.CC - 193.105.134.233
ATLANTA-LTD-UK.NET - 78.46.105.205 - Email: admin@atlanta-ltd-uk.net
3ATLANTA-UK.COM - 193.105.134.233
BLITZNET-GROUPINC.CC - 78.46.105.205 - Email: admin@derwart-group.at
5DALI-STYLE.COM - 98.141.220.117
DALISTYLE-GROUP.CC - 98.141.220.118 - Email: tolls@mailti.com
DERWOODE-GROUP.COM - 98.141.220.117
DERWOODE-GROUP.NET - 98.141.220.117
GLACIS-GROUPLLC.COM - 193.105.134.232
1GLACISGROUP-LLC.NET - 193.105.134.233
IT-AMIRA.NET - 86.55.210.3 - Email: support@it-amira.net
ITAMIRA-DE.COM - 86.55.210.6 - Email: admin@itamira-de.com
ITSERV-DE.CO - 78.46.105.205 - Email: admin@itserv-de.co
IT-SERVICELTD.BE - 78.46.105.205
KADE-GROUP.COM - 86.55.210.4 - Email: admin@kade-group.com
MASTERART-GROUP.COM - 98.141.220.116 - Email: east@mail13.com
MENDRYLTD.COM - 98.141.220.117 - Email: admin@mendryltd.com
MENZEL-GROUP.TV - 98.141.220.118 - Email: admin@devotion-company.com
MITISSANSERVICE-GROUP-LTD.CC - 98.141.220.117 - Email: berra@cutemail.org
MITISSANSERVICEGROUP-LTD.COM - 98.141.220.117 - Email: alibi@mailae.com
oregonltd-uk.cc - 86.55.210.5 - Email: cause@ca4.ru
PARLEN-GROUPLLC.COM - 98.141.220.118 - Email: admin@parlen-groupllc.com
PARLENGROUPLLC.NET - 98.141.220.114
PARLEN-GROUP-USA.COM - 98.141.220.118
quad-groupuk.cc - 86.55.210.6 - Email: prissy@mailae.com
QUAD-GROUPUK.CC - 86.55.210.6 - Email: prissy@mailae.com
QUAD-IT-GROUP.COM  - 193.105.134.232 - Email: admin@quad-it-group.com
QUINTAGROUP.CC - 98.141.220.117 - Email: cola@mailae.com
QUINTA-GROUPUS.COM - 98.141.220.118 - Email: admin@quinta-groupus.com
QUINTA-LLC.NET - 98.141.220.118 - Email: admin@quinta-llc.net
REXTECHINNOVATION.COM - 98.141.220.118 - Email: admin@rextechinnovation.com
REXTECHLTD.CC - 98.141.220.115 - Email: blurt@fxmail.net
REXTECHLTD-US.COM - 98.141.220.118 - Email: admin@rextechltd-us.com
SPECIAL-ART-LTD.COM - 193.105.134.233 - Email: admin@special-art-ltd.com
SPECIAL-ART-UK.CC - 193.105.134.234
SUBLIME-LTD.NET - 98.141.220.118 - Email: admin@sublime-ltd.net
TARGETMARKETGROUP-LLC.CC - 98.141.220.117 - Email: admin@targetmarketgroup-llc.cc
TAZPROGLTD-US.COM - 98.141.220.117 - Email: admin@tazprogltd-us.co
VNSPROJECT-DE.CC - 78.46.105.205 - Email: admin@vnsproject-de.cc
VORTEXLLC-UK.COM - 193.105.134.232 - Email: admin@vortexllc-uk.com
VORTEX-LLC-UK.NET - 193.105.134.230 - Email: admin@vortex-llc-uk.net


Name servers of notice:
NS1.NAMESUKNS.CC - 178.162.172.48 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 69.10.56.131
NS3.NAMESUKNS.CC - 66.199.229.123

NS1.NAMEUK.AT - 178.162.172.57 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 69.10.56.132
NS3.NAMEUK.AT - 66.199.229.124

NS1.UKDNSTART.NET - 178.162.172.40 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 69.10.56.130
NS3.UKDNSTART.NET - 66.199.229.122

NS1.DNSUS.SU - 217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10

NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10

NS1.USDENNS.SU - 217.23.15.136 -  Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10

Monitoring of money mule recruitment campaigns is ongoing.

Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002

This post has been reproduced from Dancho Danchev's blog.
-
Tags: , , , , , ,
Subscribe to: Posts (Atom)