[Phish] email from CDC "personal vaccination profile" - Scam and Phishbusters

Author	All Replies
ender7074 join:2006-11-21 Saint Louis, MO	reply to Dennis Re: [Phish] email from CDC "personal vaccination profile" Yah got this one at work today as well. Someone's putting a lot of time and effort into this.... may they rot in hell. -- Does Microsoft mean small and squishy?
	to forum · permalink · 2009-12-01 18:08:11 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to Dennis This is another example of the need for real time Global BGP blocking and blackholing. quote: The data identified by the following URLs was then requested from the remote web server(s): >http://193.104.41.75/cbd/75.bro >http://193.104.41.75/kissme/rec.php >http://promed-net.com/css/absderce2.exe >http://193.104.41.75/ip.php =============================== AS49934 home to IP 193.104.41.75 is on various blacklists, and is now been added to the SBL: ======================================= Cybercrime & botnet spamming hub inetnum: 193.104.41.0 - 193.104.41.255 netname: VVPN-NET descr: PE Voronov Evgen Sergiyovich country: UA org: ORG-PESV2-RIPE admin-c: ESV1-RIPE tech-c: ESV1-RIPE status: ASSIGNED PI mnt-by: VVPN-MNT mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-routes: VVPN-MNT mnt-domains: VVPN-MNT source: RIPE # Filtered organisation: ORG-PESV2-RIPE org-name: PE Voronov Evgen Sergiyovich org-type: OTHER descr: PE Evgen Sergeevich Voronov address: 22 Plyazhna str., address: Sebastopol, Ukraine phone: +380 67 2307487 e-mail: voronoves@i.ua admin-c: ESV1-RIPE tech-c: ESV1-RIPE mnt-ref: VVPN-MNT mnt-by: VVPN-MNT source: RIPE # Filtered person: Evgen Sergeevich Voronov address: 22 Plyazhna str., address: Sebastopol, Ukraine phone: +380 67 2307487 e-mail: voronoves@i.ua nic-hdl: ESV1-RIPE mnt-by: VVPN-MNT source: RIPE # Filtered % Information related to '193.104.41.0/24AS49934' route: 193.104.41.0/24 descr: PE Voronov Evgen Sergiyovich origin: AS49934 mnt-by: VVPN-MNT source: RIPE # Filtered ________________________________________________ aut-num: AS49934 as-name: VVPN-AS descr: PE Voronov Evgen Sergiyovich import: from AS31366 accept ANY export: to AS31366 announce AS31366 import: from AS15497 accept ANY export: to AS15497 announce AS49934 import: from AS8359 accept ANY export: to AS8359 announce AS49934 org: ORG-PESV2-RIPE admin-c: ESV1-RIPE tech-c: ESV1-RIPE mnt-by: RIPE-NCC-END-MNT mnt-routes: VVPN-MNT mnt-by: VVPN-MNT source: RIPE # Filtered organisation: ORG-PESV2-RIPE org-name: PE Voronov Evgen Sergiyovich org-type: OTHER descr: PE Evgen Sergeevich Voronov address: 22 Plyazhna str., address: Sebastopol, Ukraine phone: +380 67 2307487 admin-c: ESV1-RIPE tech-c: ESV1-RIPE mnt-ref: VVPN-MNT mnt-by: VVPN-MNT source: RIPE # Filtered person: Evgen Sergeevich Voronov address: 22 Plyazhna str., address: Sebastopol, Ukraine phone: +380 67 2307487 nic-hdl: ESV1-RIPE mnt-by: VVPN-MNT source: RIPE # Filtered ________________________________________________ »cidr-report.org/cgi-bin/as-report?as=AS31366 »cidr-report.org/cgi-bin/as-report?as=AS49934 ======================================= »www.spamhaus.org/sbl/sbl.lasso?q···SBL82374 »support.clean-mx.de/clean-mx/vir···104.41.% Appears to be a dedicated home for the Zeus / Zbot operation on several IPs within the bloc: »www.malwareurl.com/listing.php?as=AS49934 MGD
	to forum · permalink · 2009-12-01 22:05:42 ·
copperpenny @rr.com	reply to Dennis I sent an email to the CDC yesterday morning informing them of the scam and got back the following: From: CDC-INFO [CDCINFO@cdc.gov] Subject: RE: Email from CDC spreading viruses (computer) Thank you for your inquiry to CDC-INFO. In response to your request for information on an e-mail you received claiming to be from CDC asking you to complete an online profile, please see the following information. Do not fill out or provide any information as requested in the e-mail you received. There are certain things that a true CDC representative will NEVER ask you for. CDC will NEVER ask for a Social Security Number, bank account information or credit card information. CDC also does not share personal information about another person at any time. If someone has asked you for any of this information, or shared information about another person with you, that person was not a representative of CDC. If you feel that the information you provided may be used for identity theft, please contact the following agencies: - the "identity theft" sections of the police department and the state attorney general's office; - if you have given your social security number, contact the credit reporting bureaus (Equifax, TransUnion, Experian) identity theft sections; - there is an identity theft link on the FirstGov website that will tell you what steps to take. Identity Theft Resources FirstGov »www.consumer.gov/idtheft/index.html Thank you for bringing this to our attention. Thank you for contacting CDC-INFO Contact Center. Please do not hesitate to call 1-800-CDC-INFO, e-mail cdcinfo@cdc.gov or visit »www.cdc.gov if you have any additional questions. CDC-INFO is a service of the Centers for Disease Control and Prevention (CDC) and the Agency for Toxic Substances and Disease Registry (ATSDR). This service is provided by Vangent, Inc. under contract to CDC and ATSDR.
	to forum · permalink · 2009-12-02 13:10:01 ·
Bink63 Tweet THIS Premium join:2002-10-06 Everywhere Reviews: ·AT&T U-Verse	The CDC is noting this on their site now... »www.flu.gov/myths/index.html quote: Flu Myths and Realities "The U.S. Centers for Disease Control and Prevention (CDC) is sending e-mails about a governmental registration program on the H1N1 vaccination" These e-mails are not from the CDC – they are fraudulent emails referencing a CDC-sponsored Vaccination Program. they are spam e-mails designed by computer hackers to spread a computer virus. The messages request that users must create a personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The message then states that anyone that has reached the age of 18 has to have his/her personal Vaccination Profile on the cdc.gov site. The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system. CDC reminds users to take the following steps to reduce the risk of being a victim of a phishing attack: Do not follow unsolicited links and do not open or respond to unsolicited email messages. Use caution when visiting un-trusted websites. Use caution when entering personal information online. -- Hopefully the Ministry Of Truth and Thought Police can sort this whole thing out. »twitter.com/bink63 »otadigital.tv/forum/index Frank Shoemaker would call this noise GO Cubs GO!!!
	to forum · permalink · 2009-12-02 18:43:32 ·

Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX	reply to Dennis Also on Computerworld: Botnet continues massive H1N1 malware campaign »www.computerworld.com/s/article/···campaign At its peak, the fake CDC messages were hitting mailservers at the rate of 18,000 messages per minute, according to Florida based email security firm AppRiver. -- "The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
	to forum · permalink · 2009-12-03 19:35:53 ·
Whip join:2009-01-23 Califon, NJ	said by Doctor Four: Also on Computerworld: Botnet continues massive H1N1 malware campaign »www.computerworld.com/s/article/···campaign At its peak, the fake CDC messages were hitting mailservers at the rate of 18,000 messages per minute, according to Florida based email security firm AppRiver. So does that mean it is..............viral? lol
	to forum · permalink · 2009-12-03 19:49:54 ·
Dude111 An Awesome Dude Premium join:2003-08-04 USA kudos:10	reply to Dennis Saw something in the paper this morning about this....
	to forum · permalink · 2009-12-04 16:37:50 ·

Broadband Tech > Security > Scam and Phishbusters > [Phish] email from CDC "personal vaccination profile"

Re: [Phish] email from CDC "personal vaccination profile"