how-to block ads
|
|
Share Topic
 |
 |
|
|
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to MGD
Re: Ebay Phisher, Meet and Greet !!A few more snippets of logs from Mr "come and get me" Alba's hacking work on the phish hosting machine in Iran. It appears that he first made a home there over two weeks ago.:
89.136.119.91 - - [16/Aug/2006:23:03:02 +0330] "GET / HTTP/1.1" 406 2690
89.136.119.91 - - [16/Aug/2006:23:03:12 +0330] "GET /index.html.cz HTTP/1.1" 200 1634
89.136.119.91 - - [16/Aug/2006:23:03:13 +0330] "GET /apache_pb.gif HTTP/1.1" 200 2326
89.136.119.91 - - [16/Aug/2006:23:03:15 +0330] "GET / HTTP/1.1" 406 2690
89.136.119.91 - - [16/Aug/2006:23:15:25 +0330] "GET /index.php HTTP/1.1" 200 22
89.136.119.91 - - [16/Aug/2006:23:42:09 +0330] "GET /index.php HTTP/1.1" 200 22
89.136.119.91 - - [16/Aug/2006:23:45:56 +0330] "GET / HTTP/1.1" 200 16
89.136.119.91 - - [16/Aug/2006:23:46:01 +0330] "GET / HTTP/1.1" 200 16
89.136.119.91 - - [16/Aug/2006:23:54:40 +0330] "GET / HTTP/1.1" 200 536
89.136.119.91 - - [16/Aug/2006:23:54:43 +0330] "GET /sysdll.php HTTP/1.1" 200 7539
89.136.119.91 - - [16/Aug/2006:23:54:44 +0330] "GET /sline.gif HTTP/1.1" 404 281
89.136.119.91 - - [16/Aug/2006:23:54:45 +0330] "GET /pdown.gif HTTP/1.1" 404 281
89.136.119.91 - - [16/Aug/2006:23:54:45 +0330] "GET /login.php HTTP/1.1" 200 13382
89.136.119.91 - - [16/Aug/2006:23:54:45 +0330] "GET /go1.gif HTTP/1.1" 404 279
89.136.119.91 - - [16/Aug/2006:23:54:46 +0330] "GET /hide.htm HTTP/1.1" 404 280
89.136.119.91 - - [16/Aug/2006:23:54:46 +0330] "GET /addr.gif HTTP/1.1" 404 280
89.136.119.91 - - [16/Aug/2006:23:54:46 +0330] "GET /ress.gif HTTP/1.1" 404 280
89.136.119.91 - - [16/Aug/2006:23:54:46 +0330] "GET /ie2.gif HTTP/1.1" 404 279
89.136.119.91 - - [16/Aug/2006:23:54:47 +0330] "GET /logoEbay_150x40.gif HTTP/1.1" 200 954
89.136.119.91 - - [16/Aug/2006:23:54:47 +0330] "GET /or_60x23.gif HTTP/1.1" 200 261
89.136.119.91 - - [16/Aug/2006:23:54:48 +0330] "GET /logoVeriSign_100x65.gif HTTP/1.1" 200 1835
89.136.119.91 - - [16/Aug/2006:23:54:49 +0330] "GET /pdownclick.gif HTTP/1.1" 404 286
89.136.119.91 - - [16/Aug/2006:23:54:55 +0330] "POST /contact.php HTTP/1.1" 302 14753
89.136.119.91 - - [16/Aug/2006:23:56:47 +0330] "GET / HTTP/1.1" 304 -
Aslo a sample from the error logs:
[Wed Aug 16 23:00:15 2006] [crit] (2)No such file or directory: make_sock: could not bind to port 80
[Wed Aug 16 23:03:02 2006] [error] [client 89.136.119.91] no acceptable variant: d:/mssql/binn/lol/apache/htdocs/index.html
[Wed Aug 16 23:03:15 2006] [error] [client 89.136.119.91] no acceptable variant: d:/mssql/binn/lol/apache/htdocs/index.html
[Wed Aug 16 23:54:44 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/sline.gif
[Wed Aug 16 23:54:45 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/pdown.gif
[Wed Aug 16 23:54:45 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/go1.gif
[Wed Aug 16 23:54:46 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/hide.htm
[Wed Aug 16 23:54:46 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/addr.gif
[Wed Aug 16 23:54:46 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/ress.gif
[Wed Aug 16 23:54:46 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/ie2.gif
[Wed Aug 16 23:54:49 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/pdownclick.gif
[Wed Aug 16 23:56:52 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/hide.htm
[Wed Aug 16 23:56:53 2006] [error] [client 89.136.119.91] File does not exist: d:/mssql/binn/lol/apache/htdocs/pdownclick.gif
Of course no criminal fraudster even one at Mr "come and get me" Alba's two digit IQ level, would not test their phish to make sure that the victim's user id, password and card data was being collected:
quote:
-----------------------------------
Thu Aug 31, 2006 4:30 pm
Login: uasuags@yahoo.com
Password: peleu
CC Number: 4111111111111111
MONTH: 03
YEAR: 2009
CVV2: 123
PIN: 1234
89.136.119.91
-----------------------------------
Fri Sep 01, 2006 10:14 am
Login: ddfdf@ajdfhdhksj.com
Password: asdfsdfsd
CC Number: 4111111111111111
MONTH: 01
YEAR: 2006
CVV2: 123
PIN: 0650
89.136.119.91
-----------------------------------
Sat Sep 02, 2006 3:56 pm
Login: asugasguag@Yahoo.co
Password: mnihiashaihs
CC Number: 4111111111111111
MONTH: 02
YEAR: 2008
CVV2: 111
PIN: 0000
172.158.63.45
-----------------------------------
Sat Sep 02, 2006 10:30 pm
Login: test@test.com
Password: test
CC Number: 4111111111111111
MONTH: 01
YEAR: 2006
CVV2: 000
PIN: 4321
89.136.119.91
-----------------------------------
Except for the one test from an AOL IP, "Alba" performed the complete operation from IP 89.136.119.91. He hacked into the server, set up both an Ebay and PayPal phish, made several attempts to complete a 100,000 phish spam mailing all from the comfort of his Romanian IP.
He posts his criminal resume online, posts pictures of himself, posts his Date of Birth, full address, telephone number, his email address, AIM, Yahoo IM, and ICQ info. When "outed", with the jaevos of a bull and the brain of a flea he says "Come and get me". However, after taking stock of his current situation he promptly changes his gender and begins his disguise.
Having any second thoughts there... Mr Miss "come and get me" Borcila Alba ???
MGD | | |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | It's a shame there is not an International Computer Crimes Agency with Worldwide jurisdiction. She would wet her panties if the Police picked her up at her apartment and took her in shackles to be extradited that same hour to the US for trial, conviction, sentencing and immediate Prison time. Then in 10 or 20 years, send her back to Romania on a slow China boat. 
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
 kamm
join:2001-02-14
Brooklyn, NY | said by Doctor Olds:It's a shame there is not an International Computer Crimes Agency with Worldwide jurisdiction. I agree although it would be just as impossible to have the US to be a signee as on the The Hague - we would claim with our usual pathetic hypocrisy that 'everybody is subject except Americans, sorry.' | |
kamm
join:2001-02-14
Brooklyn, NY | reply to MGD
This guys is obviously a career criminal - no job, no interest of having a job and it's most likely also a satisfying "work" for him.
I've immigrated from Mid-EU, I have seen guys like this all over the place around early 90s, even I was offered huge money by gangs to help them in computer crimes (I'm engineer too) which I always immediately refused. (As, of course, online shopping haven't existed yet back then, offers usually meant something bigger - and more crazier - 'gig'...)
Now that region - now part of EU - is well ahead of Romania, so no wonder this kind of "profession" moved into 'more secure' areas (= less police influence expected) eastward, mostly to the Balkan and Romania, Ukraine etc. | |
 peter_mPremium
join:2005-07-13
Canada, QC | reply to kamm
That doesn't stop everyone else from signing up and making it harder for these criminals. What are all the other nations doing about it? | |
|
