Translate

1/18/2014

Hoax.Win32.ArchSMS.udj
anonymousdelivers.us
(LUXEMBOURG)


MALICIOUS SITE & DOWNLOADS: SMS-MALWARE

anonymousdelivers.us
  • https://www.virustotal.com/de/url/03de0a668ec42d07702ff9a0ae92e2ab6c33ff615b21258a1123a7eed1cbd0e9/analysis/1390056718/
MALICIOUS LINK:

anonymousdelivers.us/uploads/cedf02628adb80ac4c496f46eeb8dd54.exe/Steam.exe
  • https://www.virustotal.com/de/url/f5055ce00998776507d164e26f181ac7244f2f6952be5d7f77a36bba62b70f14/analysis/1390054480/
Hoax.Win32.ArchSMS.udj
  • https://www.virustotal.com/de/file/96fe4b020bee2580a0d75fd22224bb0e29faed4a0268fa23a6a9a4561bd80a7e/analysis/1390038437/
-----------------------

IP: 


94.242.228.95
  • https://www.virustotal.com/de/url/9fd0f6ccb7fd0abc7944e7be469985fcb0d16f2e456efe93fbfa1f8715dab625/analysis/1390055364/
-----------------------

LISTED AT hpHOSTS:
  • http://hosts-file.net/?s=anonymousdelivers.us
-----------------------

SEE ALSO: 
 
  • http://app.webinspector.com/public/reports/19544566
  • http://zulu.zscaler.com/submission/show/9202a0de6ce8ca392949aa4d7f411f22-1390054501
  • http://threatlog.com/search/anonymousdelivers.us/domain/
  • http://www.browserdefender.com/site/anonymousdelivers.us/
  • http://safeweb.norton.com/report/show?url=anonymousdelivers.us
  • http://www.urlvoid.com/scan/anonymousdelivers.us/
  • https://www.virustotal.com/de/ip-address/94.242.228.95/information/



MALICIOUS U.K. SITE: gannons.mwhub.com
EXPLOIT BlackHole v2.0
Heuristic.LooksLike.HTML.Suspicious-URL.N





MALWARE & POTENTIALLY MALICIOUS DOMAIN: EXPLOIT BlackHole v2.0

gannons.mwhub.com
  • https://www.virustotal.com/de/url/2ae814e04d71ace1ed27086bb48b31bd5bd8150f464baaec47fc9d048b47588b/analysis/1390049811/
MALICIOUS LINK:

gannons.mwhub.com/1e20232b7e40f2e8f95b6aa5287167a5/basketball-identify.php
  • https://www.virustotal.com/de/url/5c01803eaadd4317c7639c56898ac68ddb8d7ceca17417f81ff002628796c696/analysis/1390051247/
EXPLOIT BlackHole v2.0
  • https://urlquery.net/report.php?id=8876931
-----------------------

OTHER SUSPICIOUS LINK: 


gannons.mwhub.com/Gannons-posts-wordpress-2013-10-30.xml
  • https://www.virustotal.com/de/url/844aacebf2ea3bdfe44ea7314a5dc06d29db249c687feb2d34fd4b676b2870a2/analysis/1390050325/
Heuristic.LooksLike.HTML.Suspicious-URL.N
  • https://www.virustotal.com/de/file/d9086b09a40360ce592889068897b672a1cb38b704a5bf1874e6a01cc58bce73/analysis/1390050328/
-----------------------

SEE ALSO:

  • https://www.virustotal.com/de/ip-address/87.117.228.143/information/

Category SUSPICIOUS DOWNLOADS: www.bpsoft.com
(POSSIBLE WORM) Worm/Win32.Kolab.gen


DOMAIN:
www.bpsoft.com
  • https://www.virustotal.com/de/url/44f2fac9cdb934660ebb0255217d5f82bf5af6f0411e966c08aa999ec654772c/analysis/1390047433/
 SPECIFIC LINK:
www.bpsoft.com/downloads/hw32v510.exe
  • https://www.virustotal.com/de/url/cc69c82b8cd243226587d6b6e41eb9df8be8f0e9a86f7023bcaef57d1e0271bf/analysis/1390047028/
POSSIBLE WORM (Worm/Win32.Kolab.gen):

  • https://www.virustotal.com/de/file/cba01d0a556adff4610d88d6b36808efdecd364bd7d163c860de0bed6bfbedd2/analysis/1389536989/
FILE(s)FOR ANALYSIS CAN BE FOUND HERE:

  • http://jsunpack.jeek.org/?report=5a8fb879b70ec058c709b10ea68fdfb44658726c
4 OUT OF 6 CERTIFICATES ARE OUT OF VALIDATION

WEPAWET SUSPICIOUS:
  • http://wepawet.iseclab.org/view.php?hash=10b0fc9f8bd406c2f9e1dfbd669a4d51&t=1390047033&type=js
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
  • http://anubis.iseclab.org/?action=result&task_id=1847fa214365660a4056391b5178d3b67&format=html




Incognito Exploit Kit: Trojan-Downloader.HTML.IFrame.adw
SITE: mangaevo.com
(United States)



MALWARE: Trojan-Downloader.HTML.IFrame.adw

mangaevo.com
  • https://www.virustotal.com/de/url/3766e5fef4293e64686dc72a4b088b37eaff1bebeb53118640b22d0005a58d80/analysis/1389712739/
INFECTED: Trojan-Downloader.HTML.IFrame.adw
  • https://www.virustotal.com/de/file/239f13d9c00cbc29f13e63413972e52b879d1eed6b621a6ba199d4de847897d3/analysis/
Incognito Exploit Kit
  • https://urlquery.net/report.php?id=8808564
 ---> REMOTE


webpigs.ru/in.php?a=QQkFBwQEAAADBgAGEkcJBQcEBAAADQANBw==

  • https://www.virustotal.com/en/url/835200a54e8e1ffcc04ec304c7c18933d3941a7d2f97d37e33438550a3301e0b/analysis/1389714089/
  • http://wepawet.iseclab.org/view.php?hash=6260463a07f0fdab92bc906ff044fd16&t=1386666008&type=js
  • http://www.urlvoid.com/scan/mangaevo.com/
  • http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=mangaevo.com
  • http://app.webinspector.com/public/reports/19457756
  • http://zulu.zscaler.com/submission/show/fe6129b99fe7f001dcdca30a6459f27d-1389712919
-----------------------------------------------------------------------------

IP: 98.129.229.16
  • https://www.virustotal.com/en/ip-address/98.129.229.16/information/
  • https://www.projecthoneypot.org/ip_98.129.229.16
 

1/17/2014

BREAKING DOMAINs: www.itsdc.org
Infected with:
Trojan.JS.Blacole.Gen (United States)

This must be a Professional Skill and...

The Following Links and Domains (in blue) are BREAKING BAD TO MALWARE:


DOMAIN:

www.itsdc.org
  • https://www.virustotal.com/de/url/d796f7b73d0965aa9de5875b2e257913ea2b0e303e7835432b1fcb0f57894c69/analysis/1389956959/
  • https://urlquery.net/report.php?id=8864865
  • http://zulu.zscaler.com/submission/show/3938a7a0a7ef602cfae59a8b94e2fada-1389956985
---------------------------------------------

www.itsdc.org/js/jquery.prettyPhoto.js

  • https://www.virustotal.com/de/url/d600215636481f986c6e1fc8c8a6019b223364533b8844336ec1a97d8a44fe47/analysis/1389957763/
INFECTED: Trojan.JS.Blacole.Gen
  • https://www.virustotal.com/de/file/9b9df85fd11cdb66f7dc3fb2d0f9fa0909992b46beff5e227b9d4b0fcda1a4b7/analysis/1389957587/
---------------------------------------------
 

www.itsdc.org/js/jquery-ui-1.5.2.packed.js
  • https://www.virustotal.com/de/url/07481a03983a69c4213b393196a280e7dbf4c0a810c0dfcc2784756204e22a46/analysis/1389958201/
INFECTED: JS/Exploit-Blacole.ml
  • https://www.virustotal.com/de/file/5222c0f0f6ab51af52a2733673222a80499033774e194d0f58d827ca90d7afbf/analysis/1389958031/
---------------------------------------------
 

www.itsdc.org/js/jquery.validate.js
  • https://www.virustotal.com/de/url/926fd3bbe47f7c17818f7d825c6c40183d34341ed8921f089bd44151f8b8e3a9/analysis/1389958385/
INFECTED: JS/Exploit-Blacole.ml
  • https://www.virustotal.com/de/file/f4e388638ccd349bb9a4804dc7522af53d80b052a6018018e885555bae8e952a/analysis/1389958386
---------------------------------------------
 

www.itsdc.org/js/png.js
  • https://www.virustotal.com/de/url/e14f6a474b5ee97ae17809b3d568a70fc291de0af1db831617d6208d4cb023ee/analysis/1389958540/
INFECTED: HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/2a404dcb1dae86fd3596f9820fc136554da26e05703fd4059e197822c3490082/analysis/1389958624/
---------------------------------------------

www.itsdc.org/js/jquery.easing.1.1.1.js

  • https://www.virustotal.com/de/url/d5a1643eb8bb43181a8fb78b101134402b498c47bdc0eabca41424f343e441a1/analysis/1389958774/
INFECTED: JS:Agent-CPV [Trj]
  • https://www.virustotal.com/de/file/ef9101bb998f16c720f4017f2e4058f10518c313cd0904a6b4ac9c661566a6c6/analysis/1389958776/
---------------------------------------------

www.itsdc.org/js/script.js

  • https://www.virustotal.com/de/url/7905060a766e0415c594658494650b55853982fbd8ecf6c37aec1c885ca16a9a/analysis/1389958984/
INFECTED: HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/b9f7dbfaac24018e00168704b6dc1bf9fe291aadc0d003229b1d6f7964ec97c2/analysis/1389958986/
---------------------------------------------

www.itsdc.org/js/cufon.js

  • https://www.virustotal.com/de/url/ca57d1ed1977c3697dbeb89d8f2a2e6ac26142a02d2024571b5677542c03762a/analysis/1389959036/
INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/e0d7f2bc9e768d7f1ba82b658a195c3c572ec6dac52361c5b416be9da456e05a/analysis/1389959040/
---------------------------------------------
 

www.itsdc.org/js/jquery.cycle.all.min.js
  • https://www.virustotal.com/de/url/dbacef70c0d2d51f82e9301b6a3586dd5d77f446ced88cc439228c52893ecceb/analysis/1389959128/
INFECTED: Trojan.JS.Blacole.Gen
  • https://www.virustotal.com/de/file/dcd205df4791b88a15430626db103a400c0627960fcdd2ff47a98a2dda2f1da3/analysis/1389959130/
---> DESTINATION
 
www.ferristree.com.au/viberson-back/56RZR8ck.php?id=21743511

  • https://www.virustotal.com/de/url/938d25ed6403d2f9cc1ff517aa5bbaddd841f6d292666f525af969903f447820/analysis/1389959565/
INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/3d1ea90bc4b4a4516d37152dc721608bc1256ad48cc4b3a0e3871efd74c99687/analysis/1389959400/
  • https://www.virustotal.com/de/file/13cdae6b3d3cfc1281cdb99753dab2fc584bc9120351b9ceb8ce6dc66a63be95/analysis/1389959422/
  • http://jsunpack.jeek.org/?report=06721d01e8bf3de21abf75bd5ca8c1e4a89d41f9
---------------------------------------------


... maybe someone wants to notice those 3 (without face(book), wondering why...?) that their Site is infected...

 

DOMAIN ferristree.com INFECTED:
 

www.ferristree.com.au
  • https://www.virustotal.com/de/url/cae9435a93d607c734227e6f4687b7c5315a60f1aa849af781088df3a9c6f811/analysis/1389960189/

INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/c893a3d264485f69596365a9d0006dd7cf2ea2c524851355bcda9d0139a70b62/analysis/1389960100/
  • https://urlquery.net/report.php?id=8865038
  • http://jsunpack.jeek.org/?report=e4c2e9fda049f5ba96f585233250acd794a4f985
---------------------------------------------

www.ferristree.com.au/js/jquery.js

  • https://www.virustotal.com/de/url/a94b49a8d55485b3d4eb23bec856b1aa4cc9ade8ae39db98b898426ff789902e/analysis/1389960262/
INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/e2f1d06f4551c9f4b403f64dcaef284e7999ee0f4555f469d6902f3517a58217/analysis/1389960320/
---------------------------------------------

www.ferristree.com.au/js/img_on.js

  • https://www.virustotal.com/de/url/7ae0c27906e5e5f2124b167685d8a85b30f1444b2c9f3401dd626e1d3fa01962/analysis/1389960627/
INFECTED: Trojan:HTML/Redirector.DW
  • https://www.virustotal.com/de/file/022ce5fdf7ba14c6d1e2efe480d0586e016f134c2a5f91a505adaa1c4f13a65c/analysis/
---> DESTINATION
 

ida.es/etiquetas/ZwWhK2AF.php?id=21060826
  • https://www.virustotal.com/de/url/fe914a0b3d52d37a29ec926981f359dba668ab824e8211042ba8c070c8bd98c4/analysis/1389971027/
INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/409b4c585342aa93a289b4f2d10c01da8889511b7bc0239c78ce8eae0a959571/analysis/1389970629/
---------------------------------------------

...Integration of developed Applications. WOW ! Sounds great...


DOMAIN ida.es INFECTED: EXPLOIT REDKIT
 

ida.es
  • https://www.virustotal.com/de/url/127f82997623325f90a92a86fb4dbb4fc4a4b7e0fee2f6e1fb7ef705f29ada67/analysis/1389960923/
INFECTED: HEUR:Trojan.Script.Generic

  • https://www.virustotal.com/de/file/e0b6f3ee2acc8918c950bcd88d36e94d21148aaa843cd312487b8fe37a0c4f4c/analysis/1389971978/
  • https://urlquery.net/report.php?id=8865115
---> PATTERN


...and Chilling. Isn`t it ? The better it is...


dekostube.net/images/3MWDJlIz.php?id=21457000
  • https://www.virustotal.com/de/url/e43b4a9d200694a7db7e9670447bd9bbdae3ba0d943d56beef5ee9493601876f/analysis/1389972387/
  • https://www.virustotal.com/de/file/effa29283c16682404074ae8e600fbfe512ddce86dd99f49ec7d73715e8833f3/analysis/
--->




...the worser it gets !


safelist-retire.com/mhsn.html?h=757898
  • https://www.virustotal.com/de/url/8401ec62af7ea2eaff810973cbb53843cfe2ca37214b3d847132501863a28a7a/analysis/
  • https://www.virustotal.com/de/file/92133aa8467bcddd785c66777a97785635fe0217f896297e2e09816a147c56ec/analysis/
EXPLOIT RedKit
  • https://urlquery.net/report.php?id=8866156
SUSPICIOUS PDF File

ida.es/DocumentosPdf/EtiquetasElectronicas.pdf
  • https://www.virustotal.com/de/url/79840998e517a3cd16f9a1dd6c1d8cb9bedf5fea3ce726665d0e4bdb738c8a30/analysis/1389973163/
  • https://www.virustotal.com/de/file/dc3a5b8fffcb624a5ac8446ff4f9aec8cdeb9e6e88bb0f7436529631d6cea9b1/analysis/1389973169/
---------------------------------------------

DOMAIN dekostube.net INFECTED:


dekostube.net
  • https://www.virustotal.com/de/url/2aaefbf20ee0bdfcff1891fdf2de19f229e3fc6936680160d027443ff9c2e475/analysis/1389961175/
EXPLOIT LANDING PAGE
  • https://urlquery.net/report.php?id=8865136
--->


safelist-retire.com/mhsn.html?h=757898
  • https://www.virustotal.com/de/url/8401ec62af7ea2eaff810973cbb53843cfe2ca37214b3d847132501863a28a7a/analysis/
OTHER MALICIOUS DOMAINS INVOLVED:


adscendmedia.com
  • https://www.virustotal.com/de/url/32b0db6874108d5093e977abac99128c8002145d81f5dc757257fba66db05bff/analysis/1389970800/
www.logixcoder.com
  • https://www.virustotal.com/de/url/eb156f3b4bcb961194bf65bcc11038a3fa3e2da7729776ee6e0577346b7e3dfb/analysis/1389971337/
g.owest.net
  • https://www.virustotal.com/de/url/cf77607d3b3d7b8a326d67085950159bf642743dab6bc483bbfa598a4c5c1185/analysis/1389961517/
An asset is a resource controlled by the entity as a result of past events and from which future economic benefits are expected to flow to the entity.

My reply to "them":  IDIOTS !

Czech Republic: danika84.sololocalsaresexxy.com
Malicious Site
JS:ScriptIP-inf [Trj]

MALICIOUS DOMAIN:

danika84.sololocalsaresexxy.com
  • https://www.virustotal.com/de/url/7f0b85f39adbfe3f92daf236dc37be72dedb609890a3d0d1d7ec0088a1487d66/analysis/1389911621/
JS:ScriptIP-inf [Trj]
  • https://www.virustotal.com/de/file/8d2eb1bd576bd55c50cd0d6f5d2dec328fffb5ec9fd6e4bf990ff381e3631896/analysis/1389951479/
THE DOMAIN IS LISTED AT SPAMHAUS (DBL):
  • http://www.spamhaus.org/dbl/removal/record/sololocalsaresexxy.com
SEE ALSO:
  • http://zulu.zscaler.com/submission/show/484ac89dce0dd04b3e7626fb8a3a821a-1389911691

1/16/2014

VIDEO - Faulty Lines ? Controlling the Web: A Documentary looks at the fight for the Absolute Control of the World Wide Web (2012 - Before Snowden)

"In January 2012, two controversial pieces of legislation were making their way through the US Congress. SOPA, the Stop Online Piracy Act, and PIPA, the Protect Intellectual Property Act, were meant to crack down on the illegal sharing of digital media. The bills were drafted on request of the content industry, Hollywood studios and major record labels.


The online community rose up against the US government to speak out against SOPA, and the anti-online piracy bill was effectively killed off after the largest online protest in US history. But it was only one win in a long battle between US authorities and online users over internet regulation. SOPA and PIPA were just the latest in a long line of anti-piracy legislation US politicians have passed since the 1990s.

"One of the things we are seeing which is a by-product of the digital age is, frankly, it's much easier to steal and to profit from the hard work of others," says Michael O'Leary, the executive vice-president for global policy at the Motion Picture Association of America (MPAA).

The US government says it must be able to fight against piracy and cyber attacks. And that means imposing more restrictions online. But proposed legislation could seriously curb freedom of speech and privacy, threatening the internet as we know it.

Can and should the internet be controlled? Who gets that power? How far will the US government go to gain power over the web? And will this mean the end of a free and global internet?

Fault Lines looks at the fight for control of the web, life in the digital age and the threat to cyber freedom, asking if US authorities are increasingly trying to regulate user freedoms in the name of national and economic security."

 Take a look (on) yourself:

Just another Spam from: www.ratgeberplatz.com:
„Entfliehen Sie der Schuldenfalle - gute Vorsätze 2014“
(„Avoid outstanding debts - in 2014 with Ratgeberplatz“)
Germany (Düsseldorf)

English:

www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

SPAM SCREENSHOT from ratgeberplatz.com



Für Deutsche Leser:

www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel: 


INTERNATIONAL Online Child Predators: The Lost Boy Bulletin Board
(Part 4)

Saint Louis Downtown

As the assigned FBI Agent from St. Louis watched a live video stream in a nearby room, Connell sat down in a face-to-face encounter with the fourth grader they were able to identify. As soon as the young boy told her that Jeffrey Greenwell had groped his genitals and photographed the act, the FBI agent called Subke. The agent recalls saying: "I said, 'I got it, Chuck, let's go,'"

Eventually, Subke was prepared for this probability. After providing a search warrant, Subke embarked with his team into the woods of Missouri. The FBI agent as well alerted Brian Mize, asking for the decryption specialist, to come down from Clayton to provide his expertise in collecting evidence.


Jeffrey Greenwell
Less than a day after the school principal pointed out the fourth grader, the Federal Agents and Franklin County Detectives arrived together at Miramiguoa Park. They waited until Greenwell exited his house and drove off. At that particular moment the search team went in.

Purely a preview of what they would discover inside the house, was the Scooby-Doo sticker on the Front door.

Mize descibed it as follows: "The whole place was littered with Scooby-Doo,"  and goes on: "A Scooby-Doo bedspread, a life-size Scooby-Doo blowup doll and numerous Scooby-Doo figurines.".  

 "There was also a small dog in a crate in the living room, happily wagging its tail. The dog's name was 'Scrappy'" Subke recalls.


Scooby-Doo Blowup Doll
Brian Mize's appearance practically screams "Cop" all over the place, face, partly because of his square-edged chin and the short close-cropped haircut. The computer forensics whiz-kid is a Detective on the Chesterfield police force in the second-ring western suburb of St. Louis. When Brian talks about crime-scene analysis, he sounds more like a doctor, which is what he aims laying back in time when he majored in biology. Then his passion fell into Law Enforcement. "We are crime-scene technicians, and our magnifying glass is software, which lets us look for clues,"  Mize sums up.

Mize belongs to the Regional Computer Crimes Education and Enforcement Group (RCCEEG), a task force, launched in 2002 in order to team up the FBI's area cybercrime squad with its counterparts from the U.S. Secret Service and other local law-enforcement agencies. Working as a unit, the group provides technical forensic support to fight computer crimes throughout Missouri and the nation, including those related to child abuse, which is definitely more than just a simple crime !

The FBI seized two PCs from Greenwell's residence, along with numerous external storage devices, two digital cameras and a Sony Handycam video camera, as well as a nest full of DVDs and CDs (these were found by agents in a locked safe). Greenwell's Property Owner later found a third digital camera, wrapped in clothing, while getting rid of his former pedophile occupant's belongings.


A SONY Handycam found with Greenwells belongings

Mize quickly found out that Greenwell had encrypted the hard drive on his main Computer. After working his way past the suspect's safety shields, Mize found around 15.000 still images of child pornography and molestation. Some of the photos included Greenwell and/or other men engaged in sex with those young boys, children.


Greenwell Photoshopped
Many of the pictures were photoshopped in a manner not to reveal the faces of those pedophiles involved in these atrocious acts. In order to identify the victims, Mize had to search for reappearing details, like f.ex. a specific pair of pajamas, birthmarks or scars. The painstaking process of sorting and grouping these images has just begun. If Brian noticed a discarded article of children's clothing in the background of one photo and then spotted it being worn by a boy in another, he'd group the photos together, each in a single category.

With this technique, Mize was able to create a file for each suspected victim. He named these "Series 1" "Series 2" and so forth.

For each series then, he created a "sterilized" non-pornographic image that showed the victims face and any peculiar physical feature that might aid on the road of identification. This workprocess took weeks. After the accomplished Forensic ID-Mission, Mize believed he had identified at least five victims who were raped by Greenwell, and possibly as many as 10.

Investigators finally were able to determine that Greenwell had been molesting and photographing his victims since at least 2003. Most of the pictures were taken in whatever home Greenwell was renting at the time. Other were taken during trips to other towns or tourist attractions.


Meanwhile Investigators in California found out, that some specific area in the Lost Boy forum was assumed, as a work in progress, an on and ongrowing guidebook of suggesting tips, on how to repress boys into a trusting liaison, a process often referred to as "educating" or "grooming".

From every Lost Boy forum member, it was expected to share tips to the handbook, which contained suggestions like, "targeting children from broken homes" or "poverty-stricken conditions" and "going after sons of drug addicts". A member reported that "introverted boys from Latin America's poor broken homes (street kids) are the easiest to handle and for cost per boy ratio they are the cheapest."

The "guidebook" advised "manipulating boys with drugs, alcohol and sleeping pills"

Elsewhere the "guidebook" advised "manipulating boys with drugs, alcohol and sleeping pills"  in order "to lower their self-consciousness" and suggested "molesting them while they're unconscious". Another section on the Bulletin Board offered advice "on ways to move on from victims who have outgrew their charm".

Part 1:   
Part 2:   
Part 3:   
Part 5:   

Facebook User of the Day: Fred Kristin from the United States

Fred (left (of) her)
Say Hello to Fred @:




Category MALICIOUS DOMAIN: ustyutskoe.pestovskiy.okpmo.nov.ru
Casino, Gambling
(PHISHING, SCAM, SPAM)




Hallo!

Kannst du Dich erinnern, dass wir uns fur den 200% Willkommens-Bonus im Ruby Palace anmelden wollten?

Worauf warten wir noch? Lass uns noch heute registrieren, denn bis zu 300 Euro erhalt man nicht jeden furs Anmelden!

Das Warten hat ein Ende, jetzt registrieren und gleich spielen.


  • Please notice that most of all those Mails that include "Ruby" (Example), are connected to Gambling Sites who want to "steal" your hard earned money in many different ways. You will ALWAYS lose. Consider going to a "real" Casino, instead of gambling online, although the chance losing more money than gaining it is potentially low as well. "Ruby"-Mails are not only SPAM but as well Scam, Phishing, and downloads of Malware (Riskware). These domains rarely last more than a month and they change the name again. Ignore & delete those Mails and the included links. Otherwise you will be set onto a potential Risk, damaging your PC.

Mail from ustyutskoe.pestovskiy.okpmo.nov.ru

  • Bitte beachten sie dass sogut wie alle E-Mails die im URL den Namen "Ruby" (Beispiel) enthalten und die im SPAM-Ordner liegen (oder auch nicht), in Verbindung stehen mit (zum Teil illegalem) Glücksspiel (Online-Casinos), die nur darauf bedacht sind ihr hart erworbenes Geld aus der Tasche zu ziehen. Wenn Sie aber unbedingt "zocken" möchten, wäre es ratsamer ein echtes Casino zu besuchen. Obwohl man dort im Normalfall auch, eher ärmer als reicher dieses verlässt. "Ruby-Mails" stehen nicht nur mit SPAM im Zusammenhang, sondern auch mit SCAM, Phishing und schädliche Downloads von schädlicher Software (ganz oft werden diese schädlichen Downloads ohne Wissen des Besuchers) auf den PC heruntergeladen. Am besten ist man meidet diese Sites, ansonsten könnte ihr PC beschädigt werden.


MALICIOUS DOMAIN:

ustyutskoe.pestovskiy.okpmo.nov.ru
  • https://www.virustotal.com/de/url/30ad4549e0264c9a27703b171e40715566d8112ad7aee36d170c0879d951dc37/analysis/
SPECIFIC LINK:

ustyutskoe.pestovskiy.okpmo.nov.ru/selected.htm
  • https://www.virustotal.com/de/url/da65c08e56f0564170939172bc0edea1e516ed89f86435b2fb57e698bd9f2341/analysis/1389875029/

INFECTED WITH:
RedirME-inf [Trj]
  • https://www.virustotal.com/de/file/19a15d7ad510575e5e83d9bfce898da071c7ca6a31a5e904f8d16275248b14ab/analysis/1389875518/
---> REDIRECTS TO:
rubyultragame.com
  • https://www.virustotal.com/de/url/02036856b00ada689a2ea3905d1b5be3bb2801b42c39e1eb88ff4e1a5ec671ce/analysis/1389876401/
  • https://www.mywot.com/en/scorecard/rubyultragame.com
LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis
LISTED AT hpHOSTS:
  • http://hosts-file.net/?s=rubyultragame.com
-----------------------------------
IP for ustyutskoe.pestovskiy.okpmo.nov.ru

62.118.131.170 (Russia)
  • https://www.virustotal.com/de/url/47e087a76843c97d526f1e48e20069bbd7291805610030cd31f3ca6079af2c9a/analysis/1389876928/
LISTED AT SPAMHAUS (PBL):
  • http://www.spamhaus.org/pbl/query/PBL014097
  • https://www.virustotal.com/de/ip-address/62.118.131.170/information/
  • http://safeweb.norton.com/report/show?url=ustyutskoe.pestovskiy.okpmo.nov.ru
  • http://www.browserdefender.com/site/ustyutskoe.pestovskiy.okpmo.nov.ru

1/15/2014

Category MALICIOUS DOMAIN: rheumatoidarthritisgout49419.soup.io
Rogue Medications & Phishing Risk (AUSTRIA)
(GOOGLE PHISHING)

Potentially Malicious Site: Drugs & Medications (PHISHING RISK)








DOMAIN:
rheumatoidarthritisgout49419.soup.io
  • https://www.virustotal.com/de/url/52b67f6d4e0d46e81f5e560297c575c638a9ba33b43e1229718fc6929a9a1c91/analysis/
MALICIOUS LINK FOUND TO: (DOMAIN)
is.gd (U.K.)
  • https://www.virustotal.com/de/url/47a68b786b0e7abcc8263d257b7fe90a26be583647d9371b38ceb24c09332a3b/analysis/1389627324/
SPECIFIC LINK:
is.gd/fpnxbB
  • https://www.virustotal.com/de/url/61b5b6b25706c0ab0bde93ea941fbea8d7334f699957f88072ea49eb2a19e8e1/analysis/1389804055/



ADDITIONAL MALICIOUS LINK FOUND TO: (DOMAIN)
stomsk.ru (Lithuania)
  • https://www.virustotal.com/de/url/c2cb23d08ab0e0430674bda1ede032890408106f0c480b81423f85a38ba09716/analysis/1389626637/
SPECIFIC LINK:
stomsk.ru/pics/doc.jpg
  • https://www.virustotal.com/de/url/7dd47a1cf793aa3da415720b51e6d6452bfad57f42bc9c494322ea79a4363601/analysis/1389626639/



Category MALICIOUS DOMAIN: bleacherreport.com
Phishing Risk
(GOOGLE PHISHING, ROGUE MEDICATIONS)





MALWARE SITE: (PHISHING, SCAM, SPAM, FRAUD)


DOMAIN:


bleacherreport.com
  • https://www.virustotal.com/de/url/73e7cf76bf1c58ce62ab54cf4a28f320766b249d72cf66c7d210f87a1b7544b2/analysis/

IP bleacherreport.com: 54.225.139.135
  • https://www.virustotal.com/de/url/14f09c097abffce28cca7fd184550619551ff1f8d6b6451d417986f53e69e57b/analysis/1389788841/

POTENTIALLY SUSPICIOUS FILES: 24
  • http://quttera.com/detailed_report/54.225.139.135

SPECIFIC LINK:
bleacherreport.com/users/3821374-suhagra-100-reviews-alprostadil-injection
  • https://www.virustotal.com/de/url/55c49329a6f064acbf9464d02d2e796ebf9a7f6556299ec7d20145eb50168c8f/analysis/1389788405/

SPECIFIC LINK HAS A DIFFERENT IP: 23.23.134.171
  • https://www.virustotal.com/de/url/cf6b75943c44872f1e6da28708b1d7f3fcf39a05efdfc11eab3012c5f3e81815/analysis/1389788766/

POTENTIALLY SUSPICIOUS FILES: 40
  • http://quttera.com/detailed_report/23.23.134.171

http_inspect: UNKNOWN METHOD
  • https://urlquery.net/report.php?id=8823259 

DESTINATION IP: 195.159.219.10 (NORWAY, MALICIOUS)
  • https://www.virustotal.com/de/url/2124f63fafe3b2ad6f32d647633508a27ad79a2aee4cbc424baec79be1c3b327/analysis/1389789045/

Web Reputation: POOR
  • http://www.senderbase.org/lookup/?search_string=195.159.219.10

LISTED AT hPHosts:
  • http://hosts-file.net/?s=bleacherreport.com

LISTED AT TreatLog: Spam/Scam/Fraud
  • http://threatlog.com/search/bleacherreport.com/domain/
  • http://www.urlvoid.com/scan/bleacherreport.com/

POTENTIALLY SUSPICIOUS FILES: 139
  • http://quttera.com/detailed_report/bleacherreport.com

CLICKING GOES TO: (RBN 398)
is.gd/YixLnc
  • https://www.virustotal.com/de/url/686b3e88a398c31a7ffbaaafc874064f92e51133dc3f257b3dcf49a1183cf28c/analysis/1389794625/
----> URL after Redirection: GOOGLE.COM (PHISHING)

  •  https://urlquery.net/report.php?id=8824810

1/14/2014

Todays Useless Website:
The Mango Republic



To visit the Republic of Mango, click HERE ! (Just Useless)

Cybercrime Review 2013:
The largest Hacking Scam in US history is prosecuted
The NASDAQ Hack (Aleksandr Kalinin)

Four Russians and a Ukrainian have been charged in what prosecutors call "the largest hacking and data breach scheme in US history".

The five plotted in a "worldwide scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses," said Paul Fishman, the U.S. Attorney for the District of New Jersey.


US Attorney Paul Fishman
Companies that have been focused included Citibank, 7-Eleven, PNC Financial Services Group, France's largest retailer Carrefour and computers used by the Nasdaq Stock Market.

US prosecutors in New York separately indicted one of the five men and another Russian in another hacking scheme that targeted 800.000 bank accounts. Two of the men are in custody.


On June 25th, 2013, Preet Bharara, the United States Attorney for the Southern District of New York, announced the unsealing of an indictment against Aleksandr Kalinin, aka “Grig,” aka “g,” aka “tempo,” for hacking certain computer servers used by the NASDAQ Stock Market. In a separate indictment also unsealed, Kalinin and another Russian hacker, Nikolay Nasenkov were charged in the same matter.
Both, Kalinin and Nasenkov remain at large.

Fishman said: "This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic wellbeing, our privacy and our national security."

US Attorney Preet Bharara
Preet Bharara said: “As today’s allegations make clear, cyber criminals are determined to prey not only on individual bank accounts, but on the financial system itself. But would-be cyber thieves should take note: Because of the close and growing collaboration between the U.S. government and the private sector on issues of cyber security, our ability to unmask and prosecute the anonymous perpetrators of cyber crimes - wherever they may be located - has never been stronger.”

FBI Assistant Director in Charge George Venizelos said: “As alleged, Kalinin infiltrated NASDAQ’s servers, allowing for the manipulation and theft of sensitive data. In a series of separate schemes, Kalinin and Nasenkov stole hundreds of thousands of bank account numbers, PINs, and other code to withdraw millions of dollars from victim accounts. Today, their password has expired.”
FBI (AD) George Venizelos

                                   The NASDAQ Hack
From November 2008 through October 2010, Kalinin hacked various computer servers used by the NASDAQ to conduct its business operations. During the courses of these hacka, Kalinin installed on certain NASDAQ servers malicious software (Malware) which permitted him and his companions to secretly access the compromised NASDAQ servers to execute commands on those servers, including commands to delete, change or steal data. (The infected servers did not include the trading platform that allows NASDAQ customers to buy and sell securities.)

                      The Citibank and PNC Bank Hacks
From December 2005 through November 2008, Kalinin and Nasenkov allegedly stole bank account information from financial institutions through computer hacking. Kalinin, Nasenkov, and their co-conspirators then used that account data to access the bank accounts of thousands of individual victims without authorization and without those victims’ knowledge, resulting in the theft of millions of dollars from those accounts.
The Cybercriminals then fraudulently obtained bank account numbers, customer identification numbers (a unique number embossed or printed on the front of an ATM card. See picture), card security codes (a security feature which helps authenticate an ATM card. See picture), and personal identification numbers (PINs) for victims’ accounts at financial institutions, including Citibank and PNC Bank, through computer intrusion and other hacking techniques. As part of the scheme, the defendants and their co-conspirators then encoded the stolen account data onto the magnetic strips of blank plastic ATM cards so that those ATM cards could be used to access individual victims’ bank accounts through ATMs. The ATM cards were then used, along with the stolen account PINs, to access individual victims’ accounts through ATMs located around the world, including the United States, Estonia, Canada, Great Britain, Russia, and Turkey, and to withdraw from those accounts millions of dollars.
CSC

In January 2006, the PINs for hundreds of customer accounts were compromised as a result of a cyber attack launched against PNC Bank’s online banking website. Nasenkov allegedly supplied stolen account information, including PINs, from the compromised bank accounts to co-conspirators who, in return, used the stolen account information to encode blank ATM cards and withdraw approximately 1.3 million USD from victims’ accounts.

In 2007, Kalinin, placed malware on a computer network that processed ATM transactions for Citibank and other financial institutions. This malware recorded data passing over the network and exported it to an outside computer. Using this malicious computer code, Kalinin stole bank account information for approximately 500.000 bank accounts, including approximately 100.000 Citibank accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 2.9 million USD from Citibank customers’ accounts.

In 2008, Nasenkov used a computer program to mount an attack against Citibank’s online banking website that resulted in the theft of account information for more than 300.000 accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 3.6 million USD from the compromised accounts.

Kalinin, 26, of St. Petersburg, Russia, is charged with one count of computer hacking in connection with the NASDAQ hack, which carries a maximum sentence of 10 years in prison. In connection with the scheme to steal bank account information, Kalinin is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of 5 years in prison. All in all Kalinin could be sentenced to 174 years and a half in prison.

NASENKOV, 31, of St. Petersburg, Russia, is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of computer intrusion to obtain information, which carries a maximum sentence of five years in prison; one count of computer intrusion to further fraud, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of five years in prison. All in all Nasenkov could be sentenced to 219 years and a half in prison.

Albert Gonzalez
The men conspired with Albert Gonzalez, a Miami hacker serving 20 years in prison for stealing 130 million credit- and debit-card records from Heartland Payment Systems.

Other defendants from the Hacker-Ring (also known as the "Moscow-Five") charged are:
  • Roman Kotov, 32, of Moscow
  • Vladimir Drinkman, 32, of Moscow
  • Dmitriy Smilianets, 29, of Moscow
  • Mikhail Rytikov, 26, of Odessa, Ukraine
Offical Link to the indictment : HERE (Pdf-File)

Category MALICIOUS DOMAIN: www.krubywinland.com
Casino, Gambling
(PHISHING, SCAM, SPAM)



Sie sind herzlich eingeladen, den Palast zu besuchen - Ruby Palace, um genau zu sein.

Steuern Sie jetzt den Ruby Palace zum Spielen an und wir werden Sie mit einem Willkommensangebot ehren, das eines Königs würdig ist: einem ziemlich mächtigen 200% Bonus auf Ihre Einzahlung.

Nutzen Sie dieses Angebot, um Ihre Einzahlung zu verdreifachen und Sie könnten in kürzester Zeit über einen riesigen Kontostand herrschen.

Mit freundlichen Grüßen


  • Please notice that most of all those Mails that include "Ruby" (Example), are connected to Gambling Sites who want to "steal" your hard earned money in many different ways. You will ALWAYS lose. Consider going to a "real" Casino, instead of gambling online, although the chance losing more money than gaining it is potentially low as well. "Ruby"-Mails are not only SPAM but as well Scam, Phishing, and downloads of Malware (Riskware). These domains rarely last more than a month and they change the name again. Ignore & delete those Mails and the included links. Otherwise you will be set onto a potential Risk, damaging your PC.

Mail from krubywinland
  • Bitte beachten sie dass sogut wie alle E-Mails die im URL den Namen "Ruby" (Beispiel) enthalten und die im SPAM-Ordner liegen (oder auch nicht), in Verbindung stehen mit (zum Teil illegalem) Glücksspiel (Online-Casinos), die nur darauf bedacht sind ihr hart erworbenes Geld aus der Tasche zu ziehen. Wenn Sie aber unbedingt "zocken" möchten, wäre es ratsamer ein echtes Casino zu besuchen. Obwohl man dort im Normalfall auch, eher ärmer als reicher dieses verlässt. "Ruby-Mails" stehen nicht nur mit SPAM im Zusammenhang, sondern auch mit SCAM, Phishing und schädliche Downloads von schädlicher Software (ganz oft werden diese schädlichen Downloads ohne Wissen des Besuchers) auf den PC heruntergeladen. Am besten ist man meidet diese Sites, ansonsten könnte ihr PC beschädigt werden.

MALICIOUS DOMAIN:


www.krubywinland.com
  • https://www.virustotal.com/de/url/b4cbd68d3bb154c6d2e01e8e89a1de49409947611ef00ca5dc34dff905299690/analysis/1389692714/
  • https://www.mywot.com/en/scorecard/krubywinland.com
  • http://www.urlvoid.com/scan/krubywinland.com/
  • http://zulu.zscaler.com/submission/show/8cb6aa378573adb305dbcd735aa654f0-1389694153
 unsubscribe.krubywinclub.com
  • https://www.virustotal.com/de/url/e34f8184c20cd9bc64cc63f6b81e5d81b3df286dd122489e0f57bb595ba187c5/analysis/1389692831/
  • http://zulu.zscaler.com/submission/show/e41c88933120511fe7dbd1d6b283f2bc-1389694260
Related Post:

thecutekid.com
Potentially Suspicious Domain
(SPAM / SCAM)

Damaging Children

Potentially Suspious Domain
thecutekid.com
  • https://www.virustotal.com/de/url/6b1f6ada03f1f47740f47c4ea37ed35f3236d409323c4cac3d163ca10280678f/analysis/1389651026/
HTML (W32.HfsIframe.30a4 ?)
  • https://www.virustotal.com/de/file/82c0d8c44d0005315a8018e35cb8471ff8a530e4cfc3a1390c4fdc05f805818c/analysis/1389687845/
  • http://jsunpack.jeek.org/?report=75070cd01e0962fd47bf0e38d199e43e6acb2198
  • https://urlquery.net/report.php?id=8801837
LISTED AT hpHosts:
  • http://hosts-file.net/?s=thecutekid.com
  • https://www.mywot.com/en/scorecard/thecutekid.com
  • http://quttera.com/detailed_report/thecutekid.com
-------------------------------------------------
thecutekid.com/submit-a-photo1.php
  • https://www.virustotal.com/de/url/eba120adfb41c986d3733a97b61933417dc0aacc8ce773d1e983b5234bc83294/analysis/1389689158/
HTML (W32.HfsIframe.B090 ?)
  • https://www.virustotal.com/de/file/b4f47b55ea1c6cbaa65285d094be59210a8dd32fef657cd58a8d4a9276763b26/analysis/1389688921/
-------------------------------------------------
thecutekid.com/ckgallery/registration/upload/valentines-2014
  • https://www.virustotal.com/de/url/6cbdae817f595da871ff09ed54cd4e7caf1e0860ab50371181b4b6900b447613/analysis/1389689431/
HTML (W32.HfsIframe.95ab ?)
  • https://www.virustotal.com/de/file/d05503ceea41ba7dc954689e523afb932347611d1a8862c6b23faede9e0005c4/analysis/1389689350/
-------------------------------------------------
exclusives.thecutekid.com/submit-a-photo1.php
  • https://www.virustotal.com/de/url/1bf25802687d7f92e9d82d3e2c9d750f7f86804efc4dec6d8a5f38692359120a/analysis/1389689745/
HTML (W32.HfsIframe.B090 ?)
  • https://www.virustotal.com/de/file/b4f47b55ea1c6cbaa65285d094be59210a8dd32fef657cd58a8d4a9276763b26/analysis/1389688921/
-------------------------------------------------
HIDDEN IFRAME TO:
pixel.fetchback.com/serve/fb/pdj?cat=&name=landing&sid=4603
  • https://www.virustotal.com/de/url/c0299f678cfbe071efdce06de8716f9af719e4b9cc81cc6aa8beb1691ffb2d64/analysis/1389690132/
HTML (W32.HfsIframe.196a ?)
  • https://www.virustotal.com/de/file/f142e133db63f657e74e44fff8cf9636ad6a9c05312a76624ad60c66617b25d4/analysis/1389689927/
  • http://www.UnmaskParasites.com/security-report/?page=thecutekid.com
  • http://jsunpack.jeek.org/?report=44a2a6faf18a68ad446179943feaa3021c27a5fa