[153781] in North American Network Operators' Group
Re: EBAY and AMAZON
daemon@ATHENA.MIT.EDU (Robert Hajime Lanning)
Tue Jun 12 16:17:13 2012
Date: Tue, 12 Jun 2012 13:16:22 -0700
From: Robert Hajime Lanning <lanning@lanning.cc>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C848618F8E1@SHSBS.shenrons-house.local>
Reply-To: lanning@lanning.cc
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Not too long ago I received 3 phone calls, with a strong Indian
accent and broken english, claiming to be a computer support
firm that has noticed virus activities on my Windows computer.
First time I told them I don't have any Windows machines. They
then hung up.
The second time, I asked them what IP they saw this from. They
didn't know. Then they hung up.
The third time, I told them I had 15 machines, and asked which
one. They hung up again.
The calls came from different Los Angeles area codes, but had
to be VoIP.
On 06/11/12 13:51, Blake Pfankuch wrote:
> I have a spam pit email address which I monitor for trends to have
> a little bit of jump on the possible things users might touch at
> work. I started seeing the amazon, ebay and paypal ones a few
> weeks back. The other one I have started to see a lot of is the
> "Free or cheaper home phone service through magic jack" ones.
> Again as expected they link to some .ru domain and look just like
> the normal sign up page. Also my handy dandy virtual machine was
> instantly owned with malware just by loading the page. The VM
> runs Windows 7 as a non administrative user, UAC cranked up and
> IE9. Something like 10 installed apps showed up including
> "Adobe Flash Player Latest."
>
> The other cool one I have been seeing is along the lines of
> "How to better utilize your office phone system" or
> "New Business Phone systems" with supposed links to
> "popular new phone system trends". This one is rather crafty
> as it has an embedded image which is a nice weblink to an
> infected jpg. So you click show picture in outlook, or in your
> browser and you get another installed piece of nastyware.
>
--
Mr. Flibble
King of the Potato People
