Posts
In "'Money Mule' Recruitment Network Exposed" (http://voices.washingtonpost.com/securityfix/2009/09/money_mule_recruitment_101.html?wprss=securityfix),
Brian Krebs discusses fraudelent money mule recruiters the Scope Group Inc.
scope-group.cn and its associated web sites operate on the following IP addresses:
222.35.137.234
222.35.137.235
222.35.137.236
222.35.137.237
Those who have implemented the emerging-rbn.rules had protected the users of their networks from these ruthless criminals, who stole more than $117,000.00 from the small Sanford School District last month.
James McQuaid
Thursday, September 24, 2009
Wednesday, September 23, 2009
Protected By Emerging
Those who have implemented the emerging-rbn.rules had protected their
networks from the September 11th and 12th attacks on the visitors to The New York Times web site.
The attacks utilized the following IP addresses:
212.117.166.69
64.86.16.170
88.198.107.25
88.198.120.177
91.212.107.5
91.212.127.200
94.102.48.29
94.102.51.26
Dancho Danchev and Gary Warner's blogs provide good explanations of
these attacks:
http://ddanchev.blogspot.com/2009/09/ukrainian-fan-club-features.html
http://garwarner.blogspot.com/2009/09/in-brief-new-york-times-fake-anti-virus.html
Visit Emerging Threats at emergingthreats.net
James McQuaid
networks from the September 11th and 12th attacks on the visitors to The New York Times web site.
The attacks utilized the following IP addresses:
212.117.166.69
64.86.16.170
88.198.107.25
88.198.120.177
91.212.107.5
91.212.127.200
94.102.48.29
94.102.51.26
Dancho Danchev and Gary Warner's blogs provide good explanations of
these attacks:
http://ddanchev.blogspot.com/2009/09/ukrainian-fan-club-features.html
http://garwarner.blogspot.com/2009/09/in-brief-new-york-times-fake-anti-virus.html
Visit Emerging Threats at emergingthreats.net
James McQuaid
Friday, September 11, 2009
RBN Attacking White House Anti-Drug Web Sites
In another example of the RBN revealing the true measure of their malice, White House Anti-Drug Sites have been attacked over the past week.
Malware Domain List reported on September 5th that whitehousedrugpolicy.gov, the website of Office of National Drug Control Policy had been compromised. In that instance, the site was directing visitors to a trojan:
adgallery.whitehousedrugpolicy.gov/members/Miley-Cyrus-Nude/default.aspx 198.77.71.192 adgallery.whitehousedrugpolicy.gov directs to trojan abuse@noc.privatedns.com 2009/09/05.
whitehousedrugpolicy.gov features White House Drug Policy initiatives, programs, and resources as well as, testimony and press releases. The site outlines National Drug Control Strategy goals and objectives.
Today, I found that drugs4sale.loderunner.in, which is a data receptor for the notorious Clampi banking Trojan (Trojan.Clampi) had an A record pointing to 130.94.30.137. This is the same IP address reserved for use by theantidrug.com, the "Parents: The Anti-Drug" site created by Fleishman-Hillard (a leader in international marketing and communications).
AS2914 NTTC-GIN-AS NTT Communications Global IP Network
DNS Records
base record name ip reverse route as
drugs4sale.loderunner.in a 130.94.30.137
United States
mail.theantidrug.com a 130.94.30.137
United States
the-anti-drug.com a 130.94.30.137
United States
theantidrug.com a 130.94.30.137
United States
Alexei Vasiliev, a familiar RBN criminal involved in the propagation of the Clampi banking Trojan, used his email address (alexvasiliev1987@cocainmail.com) to register one of the known Clampi domains.
Malware Domain List reported on September 5th that whitehousedrugpolicy.gov, the website of Office of National Drug Control Policy had been compromised. In that instance, the site was directing visitors to a trojan:
adgallery.whitehousedrugpolicy.gov/members/Miley-Cyrus-Nude/default.aspx 198.77.71.192 adgallery.whitehousedrugpolicy.gov directs to trojan abuse@noc.privatedns.com 2009/09/05.
whitehousedrugpolicy.gov features White House Drug Policy initiatives, programs, and resources as well as, testimony and press releases. The site outlines National Drug Control Strategy goals and objectives.
Today, I found that drugs4sale.loderunner.in, which is a data receptor for the notorious Clampi banking Trojan (Trojan.Clampi) had an A record pointing to 130.94.30.137. This is the same IP address reserved for use by theantidrug.com, the "Parents: The Anti-Drug" site created by Fleishman-Hillard (a leader in international marketing and communications).
AS2914 NTTC-GIN-AS NTT Communications Global IP Network
DNS Records
base record name ip reverse route as
drugs4sale.loderunner.in a 130.94.30.137
United States
mail.theantidrug.com a 130.94.30.137
United States
the-anti-drug.com a 130.94.30.137
United States
theantidrug.com a 130.94.30.137
United States
Alexei Vasiliev, a familiar RBN criminal involved in the propagation of the Clampi banking Trojan, used his email address (alexvasiliev1987@cocainmail.com) to register one of the known Clampi domains.
Subscribe to:
Posts (Atom)
