VIDEO - After 3 Days: Man found alive in sunken ship

On May 28th 2013, a South African scuba diving team were conducting a dead-body recovery effort. They were recovering bodies from a Nigerian ship that had sunk 3 days prior. What they found is astonishing. A sailer had actually survived by finding an air pocket for himself as the ship sunk to the bottom of the ocean. For 3 days Harrison Okene was living in the ship. He had no food, no water, and was in pitch black. Video footage of his rescue has recently been released. Check this 7 and a half minute long Video:

Scams from GHANA (VIDEO)

Cybercriminals in Ghana show us how they use internet scams to STEAL thousands of dollars from unsuspecting victims all over the globe.

While Nigeria's 401 (419) Scammers looks like thaey have written the book on West African internet fraud, their "Nigerias Show" looks like Compuserve compared to what's going on in Ghana.

Unsatisfied with the meager winnings from emailing thousands of random (wealthy) Westerners in hopes of convincing one poor sap they're the treasurer of the Ivory Coast, Ghana's scammers decided to stack the odds in their favor the old-fashioned way, with witchcraft (VooDoo).

Taking a page from cyberpunk, traditional West African Ubuntu priests adapted their services to the needs of the information age and started leading down-on-their-luck internet scammers through strange and costly rituals, designed to increase their powers of persuasion and make their emails irresistible to greedy Americans. And so "Sakawa" was born (a practice in Ghana which combines modern internet-based fraud practice with traditional Akan religious rituals).

Now not only is Sakawa Ghana's most popular youth activity and one of its biggest underground economies, it's a full-blown national phenomenon. Sakawa has its own tunes, clothing brands, Sakawasploitation flicks, and even a metastatic backlash from Christian preachers and the press. When we were in Accra over the summer it was impossible to walk more than 10 feet without seeing the word Sakawa in blood-red Misfits letters on a poster or tabloid, often accompanied by bone-chilling horrors of the photoshopped variety.

The government is freaked out because Sakawa is threatening Ghana's business reputation, the Christians are freaked out because they're losing money to the Juju priests, the press is freaked out because being freaked out is what sells papers, and the public is freaked out because their government, preacher, and media are all telling them they should be. All the while the Sakawa boys are living the high life and racking up debts to the spirit world, just waiting for the axe to fall.

SCAMMED UP: Nigerian Lottery SCAM from Mr Peter Chec in Connection with Compromised Website in Slovakia

As i tend to analyse my SPAM-Mails after a certain period of time, i started with a Nigerian SCAMMER, Mister Peter Chec (of course not his real name).

At beginning i thought the Sender as well as the sending Domain were randomly generated:

<izabeth@spsnmnv.sk>

It is clear that izabeth is cut out of the female prename ELizabeth.

Also the first look at the Domainname:

<spsnmnv.sk>

gives you an impression reading spam, like:

<spamnv.sk> or even maybe like sms (Short Message Service)   

<smsnpnv.sk>

And do not forget: .sk stands for Slovakia.

This may also be the reason why Mr. Chec calls himself Chec. For Czechoslovakia (Maybe to lazy to call himself like THAT). And all this coming in german Language from NIGERIA (IP Analysis, see at the bottom of this post). Isn't he a smart guy ? He surley thinks he is, i bet !

I prefer to call him Check Mister Chec.



However, my curiosity took me into digging deeper. So i launched that Domain in and with several Analysing Engines & Tools. No Alert. Even JSUNPACK gave up with a Connection Timeout. Except for one: quttera.com. This website for Anti-Malware is still young, but many times the service surprised me with finding serious threats where all wellknown Multiscanners and/or AVVs did not succeed. I took some Screenshots of that detection, as its possible that the next scan wont bring any results, due to the Cybercriminals wiping their malplaced act & code away, as soon as they get detected.



So, the Malware Source lays in this link:

spsnmnv.sk/mmk/cd/mmk-cd.iso

At this point of time you might think its a small ISO-file. But wrong. Its a TFF-file (extention-file). Now before Quttera's Analyse, i threw it through urlquery:

Here & Here. Nothing ! It is very unusual that, that urlquery does not spit any result out, especially in case of an Exploit. I decided then to change the User Agent as well as the referer. The Outcome is a (17 times-try) MALWARE Download:

• Report 1
• Report 2
• Report 3

Here is what he (Check Mister Chec) wrote (In German ! Smartguy !)

"Lieber Gewinner, 

Wir freuen uns, Ihnen mitzuteilen, dass Ihre E-Mail-Adressen mit Ihrem
Online-Winning Ticket-Nummer (11 14 18 20 37 41 46) mit BONUS (8) Sie haben in
der 2. Kategorie des Spiels gewonnen. Ihr Preis wurde am 10th. November 2013
veröffentlicht. 

Der Lotto Max Lotterie ist vollständig auf einem elektronischen Auswahl der
Gewinner mit ihrer E-Mail-Adressen oder Kauf von Rubbellos. 

Sie sind daher für eine Gesamtsumme von £ 4,000.000.00 britische Pfund
gutgeschrieben Ticketnummer 1EC-16529CE3-8887. Für die sofortige
Freilassung der Ihre Gewinne genehmigt wurde, füllen Sie bitte das Formular
aus und senden Sie es an uns über diese E-Mail:

freelotto3333@gmail.com

 (1) Ihr vollständiger Name: ....
 (2) Kontakt-Adresse: ...
 (3) TELEFON: ....
 (4) Beruf (e) ....
 (5) SEX: ...
 Geburt
 Mr Peter Chec."

Remarkable is here the e-mail adress. If you Google it up, it comes to 4 findings (at this moment of Post). It tells you that this SCAM-Email (Scheme) is still pretty fresh & young. And if you see (at VT) that the Domain spsnmnv.sk is classified as an Educational Institution, the doubts start growing when you check (CHEC) this Screenshot. But its not impossible being one...although.

The IP address (Poor Reputation) to that e-mail: 41.203.69.6

• @Spamhaus
• @Senderbase
• @Project Honey Pot
• @Reputationauthority

For further info on the IP:

Header Analysis Quick Report
Originating IP: 41.203.69.6
Originating ISP: Globacom Ltd
City: n/a
Country of Origin: Nigeria
* For a complete report on this email header goto ipTRACKERonline 41.203.69.6

Man in the Middle Attack made a 1.65 Million US Dollar Profit for Victimizing Three Businesses 2013

Three Seattle-Area Businesses Targeted in 2013

The FBI Seattle Field Office is aware of a fraud victimizing Washington state-based businesses, nicknamed “Man-in-the-e-mail”-Scheme for being an e-mail variation of a known “man-in-the-middle” attack. The FBI wants the public to learn about this scam in order to avoid being victimized.

In 2013, at least three area companies (in Bellevue, Tukwila, and Seattle) were led to believe they were sending money to an established supply partner in China. Fact is, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.

Total loss experienced by the three area companies is roughly 1.65 million USD. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria and/or South Africa.

Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).