Translate

12/14/2013

The other Side of PRISM: Home Grown Terrorist Plotter Terry Lee Loewen, 58, arrested after making online statements
about wanting to commit “violent jihad”

A Kansas man who prosecutors say sympathized with violent terrorists was arrested Friday, December 13th, as part of an FBI sting after he drove a vehicle loaded, with what he "thought" were explosives to Wichita Mid-Continent Airport.

Wichita Mid-Continent Airport
Investigators allege that Terry Lee Loewen planned to attack Wichita's Mid-Continent Regional airport in a plot aimed at supporting Al-Qaida.

Loewen, a 58-year-old avionics technician who worked at the airport for Hawker Beechcraft, was arrested before dawn as he tried to drive onto the tarmac. The materials in the car were inert, and no one at the airport was in any immediate danger, authorities said.

Loewen, who lives in Wichita, had been under investigation for about six months after making online statements about wanting to commit "violent jihad" against the United States, U.S. Attorney Barry Grissom said. An undercover FBI agent befriended Loewen, striking up conversations about terrorism and Loewen's admiration for those who plotted against American interests.

Wannbe Jihadist Terry Lee Loewen
Authorities said Loewen spent months studying the layout of the airport, its flight patterns and other details to maximize fatalities and damage in an attack. During that time, he developed a plan with other conspirators to use his employee access card to pull off the attack. The conspirators were actually undercover FBI agents.

Loewen planned to die in the explosion, a fate that he said was inevitable in his quest to become a martyr in a "jihad against America", according to court documents.

"Since early summer, he was resolved to take an act of violent jihad against U.S.," Grissom said.

Authorities said "they believe" (But not Sure...?) Loewen acted alone. No other arrests were expected.

U.S. Attorney Barry Grissom at a statement about the alleged Plot

Loewen made an initial court appearance Friday afternoon, answering "yes" in a strong voice to procedural questions. A U.S. Court magistrate ordered that he remains jailed at least until a hearing next Friday after prosecutors said he was a flight risk and a danger to the community.

His wife and attorney declined comment after the hearing.

His brother-in-law, David Reddig, described Loewen as a "good guy". He said Loewen helped him pay off the debt on his truck and took care of his home and chickens (how cute...) after an eye injury kept him from working.

"He is a hard worker and all that stuff," Reddig said.

But he said also that Loewen kept details of his life away from his relatives and friends.

The case appears to be similar to a string of investigations conducted by the FBI since the
September 11th, 2001, attack. The FBI sting operations have prompted controversy over whether the law enforcement tactics involved entrapment of suspects and intruded on civil liberties. One involved an undercover agent who pretended to be a terrorist, provided a teenager with a phony car bomb, then watched him plant it in downtown Chicago.

But the FBI has argued that the stings are a vital law tool for averting potentially deadly terrorist attacks. And juries have returned tough sentences.

In Loewen's case, court documents allege that he talked about downloading documents about jihad, martyrdom and an al-Qaida "manual" during his online sessions.

Investigators said he also frequently expressed admiration for Anwar Al-Awlaki, the American-born al-Qaida leader who was killed in a 2011 drone strike in Yemen. Al-Awlaki emerged as an influential preacher among militants living in the West, with his English language Internet sermons calling for jihad, or holy war, or however you wanne call it, against the United States.

In August 2013, an undercover agent offered to introduce Loewen to someone who could help him engage in jihad. A few days later, he mentioned "providing a tour" of the airport for one of the undercover agents.

Anwar Al-Awlaki killed 2011 by drone strikes
In September 2013, the undercover agent told Loewen he had returned from overseas after meeting with individuals connected with al-Qaida. The agent told him the "brothers" were excited to hear about his access to the airport and asked Loewen if he would be willing to plant some type of device, according to court documents.

"Wow! That's some heavy stuff you just laid down. Am I interested? Yes, of course ! I still need time to think about it, but I can not imagine anything short of arrest stopping me," Loewen told the agent, adding that he needed to let Allah guide him.

The documents allege that he also asked for assurances that he wasn't being set up, saying his greatest fear was not completing the operation.

The criminal complaint also details a meeting in November 2013 with other undercover agents in which they discussed executing the plan before Christmas 2013 in order to cause the greatest damage and fear. He also provided components from his employer that the agents requested for wiring the fake explosive device, according to court documents.

Last Wednesday, Loewen met with another undercover agent and helped assemble the false bomb, court documents allege. Loewen was charged with attempting to use a weapon of mass destruction, attempting to damage property and attempting to provide support to terrorist group al-Qaida.

WOMD
Hawker Beechcraft spokeswoman Nicole Alexander confirmed Friday "that Loewen worked at the company's aircraft maintenance facility at the airport."

Loewen's neighbors said several law enforcement agencies converged early Friday morning at the modest brick home where Loewen and his wife live, just a few houses down from a local elementary school. Some neighbors said the couple mostly kept to themselves and didn't participate in neighborhood events.

Janine Hessman, who lives nearby, said she didn't know Loewen well but liked his wife and spoke to her often. But if the allegations are true, she said, "I don't really have any sympathy for him."

SOURCE:  National Public Radio

Cybercrime Review 2013: 62 year old Hacker Michael Musacchio Sentenced to 63 Months in a 150-Million Dollars Worth of Trade Secrets Case

In March 2013 A civil trade secret theft case initiated by Dallas attorney Matthew Yarbrough has resulted in a five-year federal prison term for a former North Texas CEO following his conviction for computer hacking.

Matthew Yarbrough
A civil trade secret theft case initiated by Dallas attorney
Matthew Yarbrough has resulted in a five-year federal prison term for a former North Texas CEO following his conviction for computer hacking.

Michael Musacchio, 62, was sentenced to 63 months in federal prison on September 5th 2013 by U.S. District Court Judge
Jorge A. Solis of Dallas. Mr. Musacchio was convicted of hacking the computer system maintained by his former employer,
Exel Transportation Services, and using related trade secrets at a new company, Total Transportation Services LLC of Frisco.

Judge Jorge A. Solis
The criminal case was based on a trade secret theft lawsuit filed in 2006 by Mr. Yarbrough. That case yielded a 10 million USD settlement against Total Transportation Services.

“If we hadn’t filed the civil case, there probably wouldn’t have been a criminal case,” says Mr. Yarbrough. It took more than seven years for Mr. Musacchio to be brought to justice in criminal court. That’s why companies need to move as quickly as possible to take civil legal action against those who steal company trade secrets and intellectual property.”

Mr. Yarbrough says Mr. Musacchio’s prison sentence is part of a federal initiative to protect U.S. businesses’ trade secrets and innovations, which President Barack Obama recently declared to be “essential to our prosperity.”

“A company’s greatest asset isn’t the tangible widgets in its warehouse, but the data in its network,” says Mr. Yarbrough, a former Assistant U.S. Attorney and former head of the Department of Justice’s Cybercrimes and Criminal Intellectual Property Rights Task Force (IPR).


“I’m encouraging business leaders to be on the front end of this issue,” Yarbrough told the Dallas Business Journal. “Doing that up front helps you put together a strategic response plan, and that will help them prevent the theft of valuable trade secrets.”

According to the evidence submitted at trial, from 2002 to 2004, Musacchio was the president of Exel Transportation Services, a third party logistics or intermodal transportation company that facilitated links between shippers and common carriers in the manufacturing, retail, and consumer industries.
In 2004, Musacchio left Exel to form a competing company, Total Transportation Services, where he was the original president and CEO. Two other former Exel employees, Joseph Roy Brown and John Michael Kelly, also went to work at Musacchio’s new company.
Trial testimony and exhibits established that between 2004 and 2006, Musacchio, Brown, and Kelly engaged in a scheme to hack into Exel’s computer system for the purpose of conducting corporate espionage.
Through their repeated unauthorized accesses into Exel’s e-mail accounts, the co-conspirators were able to obtain Exel’s confidential and proprietary business information and use it to benefit themselves and their new employer. 

Trojan.JS.Iframe.CIP & Hidden Iframe: onlygtamods.blogspot.co.at - (Austria)

GTA BLOG infected with Malware
MALICIOUS URL

onlygtamods.blogspot.co.at

  • https://www.virustotal.com/de/url/ad44797d2f7a3175fe0b9b8d6e6634a2d15b3338f4234b7c1fd06a4482d0cfbf/analysis/1387039150/
Infected With:

  • https://www.virustotal.com/de/file/7f1ff2384716f01014e269e7ba3dc3a7dc7cd0f280bea351e44b9cc7ca6c68d1/analysis/1387039360/
 --->  HIDDEN IFRAME TO:
 
DOMAIN: 

  • goo.gl
  • https://www.virustotal.com/de/url/21f8b60c2acbeb555e302df332fcccf6047eec8882ed892e0dacab9fe70c996a/analysis/
SPECIFIC LINK: 
  • goo.gl/xL64q
  • https://www.virustotal.com/de/url/e67569fade200ea3d83af40ce5051b2c27bf3e6d64b6c969fb93ebd1a64712ba/analysis/1387039842/ 
  • https://www.virustotal.com/de/file/518034ed78da007491b2854bfdc5385cfd197a6f81ef91a3ef1ac72ed85a1659/analysis/1387039364/
REF.:
http://jsunpack.jeek.org/?report=8527e7d771cc7a8dc7386a7b952b3e9b12c84dab

Security Breach: Former French First Lady Carla Bruni Nude Pictures
allow hackers into G20 delegates' computers

Nude pictures of former French first lady Carla Bruni were used to break into the computer systems of dozens of diplomats. The shocking security breach was first discovered at the G20 summit in Paris in February 2011 and may be ongoing.


                                          Carla Bruni & Sarkozy     Photo: AP
“To see naked pictures of Carla Bruni click here” said a message sent to those attending, zhat included finance ministers and central bank representatives.

Bruni, a former supermodel who became President Nicolas Sarkozy’s third wife in 2008, was well known for taking her clothes off in her early career. This prompted many to open an attachment which turned out to be a ‘Trojan’ with an embedded virus, although all recipients could see were the X-rated photographs.

                                                                     Reuters
Once accessed, the Malware infected the computers of senior officials as well as forwarding the offensive email on to other numbers stored on device.

“Almost everybody who received the email took the bait,” said a government source in Paris, saying that this included representatives from the Czech Republic, Portugal, Bulgaria, Hungary and Latvia.

Sarkozy was first embarrassed by nude pictures of Bruni surfacing shortly after their marriage, while they were staying with the Queen at Windsor Castle during a state visit to Britain. (e.g. ROFL)

Bruni, who still uses her maiden name in her career as a pop singer, later changed her image from a Paris sex kitten into a unassuming politician’s wife. The so-called phishing attacks are thought to have originated in China and were aimed at extracting information.

The attacks are still being investigated, and nobody is yet sure what information was distilled.

The United States is thought to have been the main target of the scam.

The cyber attack on the Paris G20 summit took place before the 6th G20 summit in Cannes, in the south of France, which involved big heads of governments. There have been a number of similar attacks in France, leading the country to be proactive in cyber defence.

                         Getty Images
A recent White Paper on Defence and National Security proclaimed cyber attacks as “one of the main threats to the national territory” and “made prevention and reaction to cyber attacks a major priority in the organisation of national security”.

This led to the creation of the French Agency for National Security of Information Systems in 2009. Nicolas Sarkozy, a conservative, lost the presidential election to the Socialist Francois Hollande in 2012 and is now dealing with a range of corruption charges.

Malicious Site: www.karlavagnencatering.se - Rogue Medications
SCAM, SPAM, PHISHING

BLACKHAT SEO SPAM (Viagra, Cialis & co.) (TDS URL PATTERN)


Much to laugh about...?


DOMAIN
www.karlavagnencatering.se
https://www.virustotal.com/de/url/e3e2b39d694b0cd06f9ac6c829fc0e6bf0c1665e3cd38e2155aefc008b0806ea/analysis/1386971594

SPECIFIC URL:
www.karlavagnencatering.se/index.php?q=tablet-viagra-women
https://www.virustotal.com/de/url/d8e9c623a21b171b1a8ac58104517b98335ed9d93159a0fb8fcfa1707f9b40a6/analysis/1386969306/

TDS URL PATTERN
https://urlquery.net/report.php?id=8383382

---> REMOTE DOMAIN
keycollector.pw
https://www.virustotal.com/de/url/9a068164c93a7846ee42bde821b8945b72dde17688857863abcf750dcff2fe37/analysis/1386973287/

SPECIFIC URL:
keycollector.pw/go.php?sid=1
https://www.virustotal.com/de/url/e16207dfb15b888a78ad46df3e92878d177c415c2667e9e438c34a6c0cc9bd63/analysis/1386972436/

TDS URL PATTERN
https://urlquery.net/report.php?id=8383945

12/13/2013

Icicle Insanity (Ft. Kevin Brueck and Katers17) - Annoying Orange



THE Newest Famous Annoying Orange Video:


                                                   His tongue looks like a.....TONGUE

Newly Detected Malicious Site: www.mamecab.it - HEUR:Trojan.Script.Generic (Italy)

NEWLY DETECTED MALWARE DOMAIN:



DOMAIN:
www.mamecab.it
https://www.virustotal.com/de/url/0ca0c11cecf88f62f124606a7c136269ed4d4ce9bf19239e2f6f7eb82357bc27/analysis/1386936138/

INFECTED:
HEUR:Trojan.Script.Generic
https://www.virustotal.com/de/file/c88c2179eecc7193f25b6d8ef8da2ce0ad7ec3fb57320441f4e9fb458a1c8d16/analysis/1386936823/
https://urlquery.net/report.php?id=8366216

---> PATTERN
69.10.33.245 (USED TO BE INFECTED AS WELL)
https://www.virustotal.com/de/url/c2854a2be9e8961fc9ccab6a4fd14e1a5b557dceee0b8916a85e1ccc7b81fb8f/analysis/1386937052/
https://urlquery.net/report.php?id=6408160
https://urlquery.net/report.php?id=8366318


http://69.10.33.245/FormTools1_5_1/clik.php
https://www.virustotal.com/de/url/bf4e857608efbee59e60c732daf7cceb5b7b1beebb1f5fd9a6c75046700e42d1/analysis/1386936333/

IP for www.mamecab.it: 93.93.200.150
https://www.virustotal.com/de/url/9f018e961c5080d70dedf16fcadcad91c8df4be4f454d4bad3a4541d12777aa5/analysis/1386937273/
https://www.virustotal.com/de/ip-address/93.93.200.150/information/ 

SCAM from Jeremiah Mari Carag - jcarag@mail.ubc.ca (Reply For Details Information)


Jeremiah wrote:

Hello,I am sorry to intrude your privacy in this way.There is a certain deceased customer of my bank who left behind US$18 Million.I seek your partnership in receiving this fund. If interested, reply immediately for detailed information.Thanks,C.I

Probable originating IP address: 188.30.21.213 (U.K.)

Listed at Spamhaus (PBL)
http://www.spamhaus.org/query/bl?ip=188.30.21.213
http://www.reputationauthority.org/lookup.php?ip=188.30.21.213
E-mail reputation: POOR
http://www.senderbase.org/lookup/?search_string=188.30.21.213
Originating hostname: 188.30.21.213.threembb.co.uk

MAIL SCREENSHOT:



Header Analysis Quick Report
Originating IP: 188.30.21.213
Originating ISP: Three
City: n/a
Country of Origin: United Kingdom
* For a complete report on this email header goto ipTRACKERonline

12/12/2013

VIDEO: Panopticon - The Rise of the Surveillance State


This Video (Netherlands) takes an insight into the growing Surveillance Strategies in the 21st Century.
9/11 started this Process, but can we limit the Size overpowering us. How is this exactly happening and in which way will it effect all our lives ? See the Video from 2012:


NEW LEAK: Are Google Cookies used by the NSA To Pinpoint individual Targets ?



The National Security Agency (NSA) is stealthily using tools that permit Internet advertisers to track Onlineconsuming Users, getting hold of those "cookies" and location data, to ID targets for government hacking (e.g.) and to reinforce surveillance.

A slide from an internal NSA presentation indicating that the agency uses at least one Google cookie as a way to identify targets for exploitation. (Washington Post)

The NSA internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Web to better serve them advertising, the same Know-How opens the door for a similar bird-dogging by the government. The slides also suggest that the agency is using these same procedures to help identifing Hackers (and Terrorists....?).

Tracking-Microchips in Chocolatebars ? Will that someday be reality ?
For years, privacy defenders have raised concerns about this sort of commercial tracking, to ID and object consumers with advertisement publications. The online Advertising Businesses have said, its method are insipid and gains consumers by serving them ads, that are more likely custom-built.

This new Leak about the NSA using these same commercial technologies, could fuel this developing dispute, handing privacy advocates a new argument for repressing in commercial vigilance. According to the documents, the NSA and its British Doppelganger, GCHQ, are using these (same) "cookies", that advertising platforms place on CPUs to ID consumers browsing the WorlWideWeb.

The intelligence agencies have found distinct use for a part of the Google tracking mechanism known as the “PREF”-Cookie. These cookies typically don't contain personal information (or should not...), such as someone's name or e-mail address, but they do contain a numeric code that enables Web sites to individually identify & track a Users browsing-behaviour. Besides of tracking Internet visits, this cookie allows NSA to follow the User's communications among the endless Ocean of Internet information in order to send out software that can hack that person's computer, for the final act, gathering the data on any given PC. The cookie is the connecting part between you and the Web. The slides show, that the cookies are used to "enable remote exploitation," although the specific attack used by the NSA against individual targets are not addressed in these leaked documents.

Christmas & Cookies are coming soon...
The NSA's use of these cookies (see left Pic) is not a technique for filtering through endless amounts of data to find suspicious behavior. Comparatively, it lets the NSA concentrate on someone already under suspicion.

Separately, the NSA is also using commercially collected data to help locate mobile devices around the world, the documents point out. Many smartphone apps, running on Android & iPhones accessories, and the Apple and Google operating systems themselves, track the location of each device, mostly without a Warning to the mobile devices owner. This information is more specific than the large location-identification data the government is collecting from Cellphone networks (Towers), as reported by the Washington Post lately.

These slides do not demonstrate how the NSA obtains Google "PREF"-Cookies or whether the company cooperates in these programs, but other documents reviewed by the Washington Post indicate that the cookie data IS among the information the NSA can obtain with or through a so called Foreign Intelligence Surveillance Act Order. If the NSA gets the data that way, the involved companies seem to know and are legally enforced to assist.

(Of course) the NSA declined to comment on those specific tactics, but an NSA spokesman sent the Wahington Post a statement that says: "As we have said before, the NSA, within its lawful mission to collect foreign intelligence to protect the United States, uses intelligence tools to understand the intent of foreign attacker and prevent them from bringing harm to innocent Americans."

Google declined as well to comment on the subject, but chief executive Larry Page joined the leaders of other technology companies earlier this week, in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests.

"The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information," ...

...Page said in a statement on the coalition's Web site.

"This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many foreign governments around the globe."

Larry Page 2009

The way how consumers are tracked online 

Internet companies store small filed cookies on a users CPU to uniquely identify them. Few consumers are aware of the full mesure to which advertisers, services and any given Web sites (including Intelligence Agencies) track their activities through the Web and/or mobile devices. This data collection mechanism is most unseeable to all, except the most refined users. Including, the available tools to withdraw or block them, have a limited effectiveness.

The NSA program, named Program Happyfoot (not to be mixed up with Operation Happyfeet), helps the NSA to map Internet addresses to physical locations more precisely, than it is possible with traditional Internet geolocation services. Many mobile applications and operating systems (OS) use location-based services to help users find for instance, Gasstations or Restaurants and Hotels nearby. Fact is, even when the GPS is disabled, most mobile devices still silently determine a users location in the background, using Wi-Fi networks or cellular towers signals.

Cellphone Towers are a
must in tracking down mobile devices
Apps, that do not need geolocation-data may still collect it anyway to share with 3rd party advertisers. Last week, the Federal Trade Commission announced a settlement for a seemingly innocuous flashlight app that allegedly leaked user location information to advertisers without consumers' knowledge.

Applications transmit their locations (to Google e.g.) and/or other Internet businesses, because Advertisements, tied to a explicit physical location can be more fruitful than generic ads, depending on the circumstances, where you are at a given Moment. But in the process, they appear to tip off the NSA to a mobile device's precise physical location. That makes it easier for the involved spy agency to engage in the sophisticated tracking techniques the Washington Post described in a story.

Those Leaks about the NSA practices unmask the difficulty facing online businesses, which have faced a repercussion against tracking for commercial purposes and their obfuscated role in the governments surveillance Operations.

"If data is used and it stops the next 9/11 our fellow citizens wouldn't have any problem with it no matter what it is," says Stuart P. Ingis, General Counsel at the Digital Advertising Association. But he says that it is a sensitive act to pursue the bad guys "while at the same time preserving civil liberties." Other defenders of online advertising companies have argued that its unfair to unify private companies with ad-tracking activities, with the NSA activities revealed through the Snowden leaks. Marvin Ammori, a lawyer who advises technology companies including Google itself on surveillance issues, wrote in a USA Today article, that "limiting bulk data collection by private companies - whether they advertise or not - would do little or nothing to limit the NSA."

One noting that the latest documents show that the unique identifiers that are being placed on users' computers are not only being used by analytic and advertising companies, but also being used by the NSA for targeting. He also says that there are things those companies could do to protect their users from the type of attacks described in the slides, like "not sending tracking IDs, or at least not sending them in the clear without some layer of encryption."

Similarly, he says, "Browser companies can help by giving users better control over the use of third-party tracking cookies and by making sure that their browsers are not sending unique Cookie-IDs as a side effect of their safe-browsing behavior."

Stanford's Mayer says the revelations suggest the need for limits on the data that companies collect about consumers. "There's increasingly a sense that giving consumers control over the information they share with companies is all the more important, because you're also giving them control over the information they share with government."

Lets just wait the next upcoming: Leak...

Hacker Andrew James Miller from Pennsylvania
sentenced to 1 and a half year Prison

He went by the online nickname “Green,” and associated with a small group of hackers that called itself the “Underground Intelligence Agency.”




Andrew James Miller was a proficient computer hacker who accessed networks belonging to law enforcement offices and corporations, academic institutions, and government agencies, including the Department of Energy, and he shared that access with other people, sometimes even selling it.

“He was the network intruder, he was the guy with his fingers at the keyboard,” said Assistant US Attorney Mona Sedky.

But on Wednesday, Miller, 24, who lives with his parents in Pennsylvania and says he cares for his disabled mother, told a federal judge in US District Court in Boston that he was sorry. He had already pleaded guilty in August to conspiracy, obtaining information without authorization from a computer, and damaging a computer, and had asked to be sentenced to probation.

“I’m truly sorry for my damage, and wish to do anything I can to correct the situation,” he pleaded.

Judge Mark L. Wolf
US District Court Judge Mark L. Wolf, saying he was concerned with the scope of Miller’s crimes and his breach of security systems, including government systems, instead sentenced Miller to 18 months in prison, the most he faced under sentencing guidelines that took into account his lack of a criminal history.

Wolf also imposed a $25,000 fine.

“It is not my concern that the sentence is too high, it’s that it’s too low,” the judge said, noting Miller’s breach of security systems could have exposed intellectual property at universities, sensitive law enforcement information, commercial information, even national security.

“There’s no question he knew what he was doing was wrong,” Wolf said.

Federal prosecutors had also asked that Miller be sentenced to 18 months, saying computer hackers often believe their crimes will go undetected, and that they will not be punished.

Miller was first investigated by the Secret Service for hacking when he was 14 years old, but the charges were referred to the state juvenile system in Pennsylvania because of his age, according to prosecutors and court documents. Still, he went on to commit more crimes, the prosecutors said.

“He knew that he was doing something illegal, and he could get arrested and go to jail for it,” said Assistant US Attorney Adam J. Bookbinder, “but because he was making money, he was willing to do it.”

Miller was indicted in June 2012 after allegedly accessing more than 50 networks over several years. In 2011, he had illegally accessed two supercomputers that were used for research projects for the Department of Energy, and tried to sell the access to an undercover FBI agent for $50,000.

Miller’s lawyer, Nino V. Tinari, had argued that he was only a low-level player in the scheme. He also described Miller as a young family man who did not realize the seriousness of his crimes, and said he is undergoing mental health treatment for depression, anxiety, and other illnesses.

But Wolf told Miller other defendants have come before him with similar mental health ailments, but were still held responsible for their crimes.

“You’re a person who apparently has extraordinary computer abilities,” the judge told Miller. “But for some reason, by the time you were 14 years old, you determined you should use your considerable talent for illegal activities.”

SOURCE: The Boston Globe

12/11/2013

YOU CAN CALL ME AL - Newly Detected Malicious Site: www.cpubs.co.uk
Trojan-Downloader.JS.Iframe.as (Video Included)

THIS DOMAIN HAS BEEN RECENTLY DETECTED WITH MALWARE:


MALWARE: (Malicious iFrame)
Trojan-Downloader.JS.Iframe.as


DOMAIN: www.cpubs.co.uk
https://www.virustotal.com/de/url/e984b05cce3eae0369654e049e2ce54f954038cce0a29cb14b13953199d56224/analysis/1386789211/
Trojan-Downloader.JS.Iframe.as
https://www.virustotal.com/de/file/b8eedbce9f5ff054917c3e4b31424c2337bd64fea13a4a59e6190e8cfa57f5ea/analysis/1386789611/
Trojan.IframeRef
https://www.virustotal.com/de/file/fd4f1ba055e271eea9a901b744662b1d37e29ee08fe8aeb5f9ae82ee1b4606dd/analysis/1386789593/

IP: 83.223.104.120
https://www.virustotal.com/de/url/fcdc7c6193227ec7074f8e0b443a2ba1645b2bd40ea9902a6ec771f3a36f4610/analysis/1386706066/
https://www.virustotal.com/de/ip-address/83.223.104.120/information/

Pattern --->
http://124.217.249.45/   (mAL(ware)asia) https://www.virustotal.com/de/url/05df9f4655601684423f632c420bf3bea37c5b9101b0253c2a40b8869f41443e/analysis/1386705829/




Web Reputation: POOR
http://www.senderbase.org/lookup/?search_string=124.217.249.45
https://www.virustotal.com/de/ip-address/124.217.249.45/information/

URLs and sub domains distributing the malware or acting as a redirector:
http://labs.sucuri.net/?details=124.217.249.45
http://124.217.249.45/~user/html/TDS/go.php?sid=1
https://urlquery.net/report.php?id=8310905
https://www.virustotal.com/de/url/594724cae8d42909d3a3aaec05f53212d8aa6bba79a7de205b1bd3b00795e108/analysis/1386705825/

Newly Detected Malicious Site: www.alpha-accounting.co.uk - Trojan-Clicker.HTML.IFrame.gt

THIS DOMAIN HAS BEEN RECENTLY DETECTED WITH MALWARE:
Trojan Clicker

DOMAIN: www.alpha-accounting.co.uk
https://www.virustotal.com/de/url/5b7b21c0bb80afba00e2f3a1c58f6a60653046acab467cbce0b90f2a7a4652d0/analysis/1386702079/
Trojan-Clicker.HTML.IFrame.gt
https://www.virustotal.com/de/file/a3ff6a187831652dafaa7ac0767f8c2e4ba07278e58b1dd9ef5551b5e943336b/analysis/1386702405/
Heuristic.LooksLike.HTML.Infected.B
https://www.virustotal.com/de/file/7646a8ffcc874d6f569cdec21589355c2a828352856d84b9aad629868db62f87/analysis/1386702428/
https://urlquery.net/report.php?id=8310048

IP: 83.223.104.120
https://www.virustotal.com/de/url/fcdc7c6193227ec7074f8e0b443a2ba1645b2bd40ea9902a6ec771f3a36f4610/analysis/1386706066/
https://www.virustotal.com/de/ip-address/83.223.104.120/information/

Pattern --->
http://124.217.249.45/   (MALAySIA)
https://www.virustotal.com/de/url/05df9f4655601684423f632c420bf3bea37c5b9101b0253c2a40b8869f41443e/analysis/1386705829/

Web Reputation: POOR
http://www.senderbase.org/lookup/?search_string=124.217.249.45
https://www.virustotal.com/de/ip-address/124.217.249.45/information/

URLs and sub domains distributing the malware or acting as a redirector:
http://labs.sucuri.net/?details=124.217.249.45
http://124.217.249.45/~user/html/TDS/go.php?sid=1
https://urlquery.net/report.php?id=8310905
https://www.virustotal.com/de/url/594724cae8d42909d3a3aaec05f53212d8aa6bba79a7de205b1bd3b00795e108/analysis/1386705825/

New Malware: escrituras.com - Trojan-Spy.HTML.Fraud.iz

NEW MALWARE:

Trojan-Spy.HTML.Fraud.iz

DOMAIN: escrituras.com

https://www.virustotal.com/de/url/023bdad1bf212b69fc38f942d94a10605e3586e9c13bae9fab12eef580d48f62/analysis/1386595660/

Trojan-Spy.HTML.Fraud.iz

https://www.virustotal.com/de/file/e5a2cf61957340d4e0f991a6df9819636110d687856eae56c54d88ec6b21b86d/analysis/


IP: 200.98.247.12

https://www.virustotal.com/de/url/08f6a35041572c517d0f37b678212f07fd393105cb12a6cb0193b7897e23b2cb/analysis/1386596265/
https://www.virustotal.com/de/ip-address/200.98.247.12/information/
--->
mensagens.host.uol.com.br
https://www.virustotal.com/de/url/023f4a8bdd186e4454df21696a38c99557b7ea48c2f88af4cd87965a6723b1d1/analysis/1386596045/
mensagens.host.uol.com.br/aviso/aviso_compartilhado.html
https://www.virustotal.com/de/url/c2509e06f5edb12d74aa3f1f50eb0774fc2d113246a96e824eaf4d6e08e58cef/analysis/1386596036/
IP: 200.98.199.177:
https://www.virustotal.com/de/url/f5d0fadaea1a2477c78d88e32a3c47f3ee1088ad986960bbefd88f6af44336bc/analysis/1386596399/
https://www.virustotal.com/de/ip-address/200.98.199.177/information/

12/08/2013

SPAM: www.ratgeberplatz.com & www.fundorado.com (Delete/Löschen)

English:

www.ratgeberplatz.com & www.fundorado.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Articles:

Für Deutsche Leser:

www.ratgeberplatz.com & www.fundorado.com sind eindeutige Spamdomains. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben ! Siehe Screenshot.

Verwandte Artikel: 

SCREENSHOT

Skimming Video: Romanian Fraudster Takedown



A Fraudster taken Down by Romanian Police for Skimming an ATM. In Europe its been common that large organized Groups of "Skimmers" are traveling through european cities using these schemes. In this Video you can observe how "quick" this is happening during daylight.

Category MALICIOUS DOMAIN: cashcrate.com (IP 75.101.155.68) - SCAMMING, SPAMMING, PHISHING, MALWARE (Trojan-Downloader.Win32.Delf.uvk)

The following Domain is classified as Malicious and is classified as a pay-to-surf Website. Pay to surf (PTS) is a business model that became popular in the late 1990s, prior to the dot-com crash (As well known as: The Internet Bubble). Stay away from such promising businesses as they go hand in hand with Phishing, Scam, Spam, potentially using your data without knowledge of yours. You are as well set to get infected with malware will note in the analysis. Once again: Stay away from such dubious promises, do not forget: its just a BUBBLE.



Analysis of cashcrate.com @:

  • https://www.virustotal.com/de/url/fed5ebc40ecc8cae6c010c3eced8646bf9988b09a835393fda21cf3275a36272/analysis/1386487046/
  • https://www.virustotal.com/de/url/fd037ee05e7153b48f29f278ea7152ac59f1da90c223b055497aaabf9aaec125/analysis/1386487054/


The Domain as well as the IP is listed @ hpHosts:


The Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address 75.101.155.68 when executed in a sandboxed environment:


See as well on this malicious Domain @:

Category SUSPICIOUS IP: 17.158.8.111 - HELOs as 17.158.8.111 for 185.5.99.21 - RFC 2821, section 4.1.1.1

In the Latest CBL Statement (in Relation to this MALICIOUS IP-Posting) the following has been analysed:

It was last detected at 2013-12-08 03:00 GMT (+/- 30 minutes), approximately 3 hours, 30 minutes ago. 
The listing of this IP is because it HELLOs as (IP) 17.158.8.111Not only is this a violation of RFC2821/5321 section 4.1.1.1, it's even more frequently a sign of infection. (RFC 2821, section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO))
These listings are often a sign of a compromised SSH account. If you are running a SSH service (especially on Linux), please check your ssh server logs (often /var/log/auth.log) for logins from this IP. If you find any, secure the associated account. This usually means changing the password or disabling the account. 
If it's a mail server, see naming problems for details on how to diagnose and fix the problem. 
If IP address 17.158.8.111 is or is NATing for a Symantec Protection Center instance, this appears to be a known issue. See this Knowlege Base item. We are attempting to work through this issue with them. Their KB item was updated October 18, 2010 to indicate that they now understand the issue. 
The KB item indicates that the problem will be resolved in a "future build", but no ETA is provided. If you have SPC's email notification feature turned on, we recommend turning it off before delisting your IP address as a temporary workaround. 
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

CBL-LINK:  http://cbl.abuseat.org/lookup.cgi?ip=185.5.99.21

Network Owner on this IP: Apple