Phishing & BotNets
This is a joke... Apr 11 2006 06:30PM
Paul Laudanski (paul castlecops com)
----- Original Message -----
From: "Paul Laudanski" <paul (at) castlecops (dot) com [email concealed]>
To: "Elaine Pruis" <elaine.pruis (at) cocca (dot) cx [email concealed]>
Cc: <accounting (at) nic (dot) mu [email concealed]>; <nw (at) lexsi (dot) com [email concealed]>; <reportphishing (at) antiphishing (dot) org [email concealed]>;
<admin (at) fraudwatchinternational (dot) com [email concealed]>; <phishing (at) webwasher (dot) com [email concealed]>;
<scam (at) netcraft (dot) com [email concealed]>; <friedphish (at) firetrust (dot) com [email concealed]>; <researchdesk (at) xblock (dot) com [email concealed]>;
<erics (at) sunbelt-software (dot) com [email concealed]>; <allanm (at) sunbelt-software (dot) com [email concealed]>;
<jacomo (at) cais.rnp (dot) br [email concealed]>
Sent: Tuesday, April 11, 2006 2:27 PM
Subject: Re: [PIRT #6350] Volksbank Phish site on your network

> If you're not going to investigate this matter then you're aiding and
> abetting this criminal activity. No other agency in the world asks for a
> form to be filled out and faxed. You're the authority for the mu tld and
> should be looking at this immediately.
>
> Paul Laudanski, Microsoft MVP Windows-Security
> CastleCops.com | de.CastleCops.com | wiki.CastleCops.com
> ----- Original Message -----
> From: "Elaine Pruis" <elaine.pruis (at) cocca (dot) cx [email concealed]>
> To: "Paul Laudanski" <paul (at) castlecops (dot) com [email concealed]>
> Cc: <accounting (at) nic (dot) mu [email concealed]>
> Sent: Tuesday, April 11, 2006 1:42 PM
> Subject: Re: [PIRT #6350] Volksbank Phish site on your network
>
>
>> Dear Paul
>>
>> Completing the AUP violation form should take about 10 minutes.
>> Specifically, if you review http://www.nic.mu/docs/mu.aup.pdf section
>> 1.1. You will have the information you need to complete the form.
>>
>> CoCCA policy requires a complaint form to act.
>> http://www.cocca.cx/UDP/CoCCA.UDP.FORM.pdf
>>
>> Please fax to +61 (0)2.9212.4583 so we may act immediately.
>>
>> If you do not wish to file a complaint, perhaps the party alleging the
>> violation will be willing to file.
>>
>> Sincerely,
>>
>> Elaine Pruis
>>
>> CoCCA Policy Officer
>>
>>
>>>You've got to be kidding right? We're not filling out any forms, you
>>>must look into this criminal activity immediately and deal with it.
>>>
>>>Paul Laudanski, Microsoft MVP Windows-Security
>>>CastleCops.com | de.CastleCops.com | wiki.CastleCops.com
>>>----- Original Message ----- From: "NIC.MU Support" <support (at) nic (dot) mu [email concealed]>
>>>To: <phishsquad (at) castlecops (dot) com [email concealed]>; <security (at) bora (dot) net [email concealed]>; <admin (at) nic (dot) mu [email concealed]>
>>>Cc: <nw (at) lexsi (dot) com [email concealed]>; <paul (at) castlecops (dot) com [email concealed]>;
>>><reportphishing (at) antiphishing (dot) org [email concealed]>; <admin (at) fraudwatchinternational (dot) com [email concealed]>;
>>><phishing (at) webwasher (dot) com [email concealed]>; <scam (at) netcraft (dot) com [email concealed]>;
>>><friedphish (at) firetrust (dot) com [email concealed]>; <researchdesk (at) xblock (dot) com [email concealed]>;
>>><erics (at) sunbelt-software (dot) com [email concealed]>; <allanm (at) sunbelt-software (dot) com [email concealed]>;
>>><jacomo (at) cais.rnp (dot) br [email concealed]>
>>>Sent: Tuesday, April 11, 2006 8:02 AM
>>>Subject: RE: [PIRT #6350] Volksbank Phish site on your network
>>>
>>>>
>>>>
>>>>Dear Sir,
>>>>
>>>>Please complete an AUP complaint form, http://nic.mu/complaints.jsp.
>>>>Suspension of a domain happens upon court order or violation of our AUP.
>>>>
>>>>After completing the AUP complaint form please fax it to:
>>>>+230 240-3764
>>>>With a copy to:
>>>>+61 (0)2.9212.4583
>>>>
>>>>Your complaint will be reviewed within 24-48 hours to determine if
>>>>immediate
>>>>action is necessary to protect the public interests, prevent cyber crime
>>>>or
>>>>restrict access to prohibited internet content.
>>>>
>>>>Best Regards,
>>>>
>>>>NIC.MU
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: CastleCops PIRT Squad [mailto:phishsquad (at) castlecops (dot) com [email concealed]]
>>>>Sent: Tuesday, April 11, 2006 8:07 PM
>>>>To: admin (at) nic (dot) mu [email concealed]; security (at) bora (dot) net [email concealed]
>>>>Cc: NicolasW; Paul; reportphishing (at) antiphishing (dot) org [email concealed];
>>>>admin (at) fraudwatchinternational (dot) com [email concealed]; phishing (at) webwasher (dot) com [email concealed];
>>>>scam (at) netcraft (dot) com [email concealed];
>>>>friedphish (at) firetrust (dot) com [email concealed]; researchdesk (at) xblock (dot) com [email concealed];
>>>>erics (at) sunbelt-software (dot) com [email concealed];
>>>>allanm (at) sunbelt-software (dot) com [email concealed]; jacomo (at) cais.rnp (dot) br [email concealed]
>>>>Subject: [PIRT #6350] Volksbank Phish site on your network
>>>>Importance: High
>>>>
>>>>
>>>>CastleCops PIRT Squad Report 6350
>>>>
>>>>It has been discovered that a Volksbank phish is currently operating at
>>>>location(s):
>>>>
>>>>- http://www.volksbank.de.custsupportref1007.dllexe.mu/r1/vf/
>>>>- http://www.volksbank.de.custsupportref1007.dllexe.mu/r1/vf/
>>>>
>>>>Reference this ticket for a detailed analysis:
>>>>
>>>>http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=6350&
in=1
>>>>
>>>>Report highlights:
>>>>
>>>>
>>>>
>>>>CastleCops highly recommends your local authorities be contacted
>>>>immediately.
>>>>And if possible, send us the phish kit itself for further research.
>>>>Please
>>>>contact us if you have any questions and reference PIRT #6350.
>>>>
>>>>PIRT FAQ: http://wiki.castlecops.com/PIRT
>>>>Submit Phish: pirt (at) castlecops (dot) com [email concealed]
>>>>
>>>>Copyright CastleCops 2006, All Rights Reserved
>>
>>
>> --
>> Elaine Pruis
>>
>> CoCCA Member Liaison
>> elaine.pruis (at) cocca (dot) cx [email concealed]
>>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus