MGDPremium,MVM
join:2002-07-31
kudos:9
4 edits | reply to MGD
Infobite, ..... take two !! First it was the fraud clones of effectivesoft.com »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto that were uncovered as the method used to recruit the cyber-mule for BestTech Solutions, Technologies and Design LLC AKA BST-DESIGN.COM, 660-616-4931
That was followed by mae_aa419  and the investigation at aa419.org which uncovered the syndicate's massive UK Infobite recruiting operation for the strawberry domains: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Even though the publicity and active targeting led to the quick demise of Infobite, it was obvious that the UK division was not going to fade away. After all, it is the unfettered access to millions of card data accounts that drives this engine. Knowing that fact the aa419.org group kept their ears to the ground. Recently music man lifted the lid off the early stages of the UK Infobite replacement operation. mae_aa419 then uncovered an entire group of 21 derivative fraud sites under the "ALFACOR" monilker: »forum.aa419.org/viewtopic.php?t=26443 database entires: »db.aa419.org/fakebankslist.php?p···rchtype=
Once again, and for the third time, the ALFACOR group are a frauduelnt clone of another Eastern European Software developer called ScienceSoft Inc »scnsoft.com
ScienceSoft Inc scnsoft.com list an address in Belarus:
quote:
Contact Us
Headquarter
Mailing Address:
ScienceSoft Inc.
3rd Floor, 2 Bedy Str.,
Minsk, 220040, Belarus
Phone: +375 (17) 293 3736
+1 (619) 822 2935
Fax: +1 (617) 249 0477
The 16 fraudulent Alfacor clones:
»alfacorsoftware.com
All list an address in Estonia:
quote:
Contact Us
Headquarter
Mailing Address:
AlfaCor Inc.
3rd Floor, 23 Toompuiestee Str.,
Tallin, 10137, Estonia
Phone: +372 712 3373
+372 616 6732
Fax: +372 616 6732
The criminals forgot to remove the reference to "Infobite" from the reformulated "Alfacor" FAQ document in the careers section.
The 16 identical cloned sites cover a range of domain names:
alfacoronline.com
alfacoronline.org
alfacoronline.info
alfacoronline.biz
alfacoronline.net
alfacor-software.biz
alfacor-software.com
alfacor-software.net
alfacor-software.org
alfacorsoftware.info
alfacorsoftware.net
alfacorsoftware.org
alfacorsoftware.biz
alfacorsoftware.com
alfacorsoft.net
alfacorsoft.com
.
.
alfacoronline.com
alfacoronline.org
alfacoronline.info
alfacoronline.biz
alfacoronline.net
alfacor-software.biz
alfacor-software.com
alfacor-software.net
alfacor-software.org
alfacorsoftware.info
alfacorsoftware.net
alfacorsoftware.org
alfacorsoftware.biz
alfacorsoftware.com
alfacorsoft.net
alfacorsoft.com
Though some UK cyber-mules have already been detected setting up LTD companies, this new group appears to have been uncovered at an early stage of operation. They have already altered their tactics to avoid detection, and do not appear to be spamming EU jobsites. They also are recruiting by quietly trolling multiple EU job sites and targeting posted CVs.
Some of the card billing sites currently in production for this Alfacor fraud operation are:
degpic.net Degrace Global Services Ltd AKA Design Creative Bureau
EDIT= The flash design does not show up in the Siteshot image, added:
24graph.net AKA Euro Universal Ltd
unopic.net AKA O-bis Consulting Ltd
Note the "Richard Nixon" and "Sharon Stone" c/o the Queen, domain registrations, courtesy of the ever helpful EST Domains:
quote:
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Domain Name: UNOPIC.NET
Registrant:
Concrete Industries Ltd
Richard Nixon (pg@hightechmail.biz)
12 avenue, 22-41
Washington
District of Columbia,109882
US
Tel. +001.9843323329
Creation Date: 30-Jul-2008
Expiration Date: 30-Jul-2009
------------------------------
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: »www.estdomains.com
Domain Name: 24GRAPH.NET
Registrant:
Direct Access Inc
Sharon Stone (steve.parcell@ibm-london.com)
London, Bukingham Palace, 92-12
London
London,37238
GB
Tel. +004.4339293384
Creation Date: 30-Jul-2008
Expiration Date: 30-Jul-2009
Domain servers in listed order:
ns2.24graph.net
ns1.24graph.net
There are also great write ups on the "Alfacor" operation at: bobbear.co.uk »www.bobbear.co.uk/alfacoresoftware.html
and also on scamfraudalert.com »www.scamfraudalert.com/f19/alfac···m-14052/
As noted in both the aa419.org database and on bobbear, the alfacor group are all registered via EST DOMAINS, and hosted with the Moscow, Russia, provider Wahome Networks / wahome.ru / WAHOME-DEDIC. I believe there is a stragler website hosted on the Russian provider McColo.
Apparently this time around, the crime syndicate took preemptive action by seeding Google in advance with "alfacor" forum posts, in order to bury any future fraud alerts. »www.google.com/search?hl=en&q=al···e+Search
MGD
EDIT = corrected alfacor total fraud domains from 16 to 21, added link to aa419 write up Corrected and removed duplicate entries, the Total Alfacor fraud domains is 16. |
