Category Archives: Spam, Phish, Viruses and Hackers

Another (The Same) Hacker Attack

The hacker was the same as last week.

Whois Reports the following:

Domain Name: CDPUVBHFZZ.COM

Registrar: BIZCN.COM, INC.

Whois Server: whois.bizcn.com

Referral URL: http://www.bizcn.com

Name Server: NS1.CHBDVRNFAG.COM

Name Server: NS2.CHBDVRNFAG.COM

Status: clientDeleteProhibited

Status: clientTransferProhibited

Updated Date: 31-mar-2008

Creation Date: 31-mar-2008

Expiration Date: 31-mar-2009

>>> Last update of whois database: Sat, 12 Apr 2008 22:34:49 UTC <<<

Domain name: cdpuvbhfzz.com

Registrant Contact:

0

Mark Arnold arnold@google.com

+13.193387549 fax: +13.193387549

201 East Benton Street

Iowa City KY 522401

us

Administrative Contact:

Mark Arnold arnold@google.com

+13.193387549 fax: +13.193387549

201 East Benton Street

Iowa City KY 522401

us

Technical Contact:

Mark Arnold arnold@google.com

+13.193387549 fax: +13.193387549

201 East Benton Street

Iowa City KY 522401

us

Billing Contact:

Mark Arnold arnold@google.com

+13.193387549 fax: +13.193387549

201 East Benton Street

Iowa City KY 522401

us

DNS:

ns1.chbdvrnfag.com

ns2.chbdvrnfag.com

Created: 2008-03-31

Expires: 2009-03-31 Continue reading Another (The Same) Hacker Attack

Cyber Security

On my morning journey through the Internet, I happened to see a press release put out by EDS on Cyber Security tips. Following is their list:

  1. Know the threat. The online world is a dangerous place. Just like any city or town, there are “good” neighborhoods and “bad” ones. Likewise, the Internet community has an overwhelming number of good, decent people mixed in with a few “bad guys.” The bad guys can be right next door or across the globe, but both can be equally harmful to you and your personal data.
  2. Use the tools. Every home or small business user should install commonly available security tools such as anti-virus software, anti-spyware software and a personal firewall. It’s also important these programs and the computer’s operating system must be maintained with the most recent patches or updates. Probably the most common — and most easily remedied — security problem in home or small business computers is out-of-date software.
  3. Be smart online. Like the physical world, cyberspace has its “con-artist side” typified by bogus e-mails advertising “get-rich-quick” schemes, “can’t-miss” stocks and come-ons from the opposite sex who “can’t wait” to chat. All too often, these are teasers drawing users to Web sites with viruses, bot programs or other cyber risks. In many cases, anything goes and relatively few rules apply. Remember, if it is too good to be true, it probably is.
  4. Never respond to unsolicited requests for personal information. Be wary of e-mails from organizations or individuals asking for your personal information. Always ask or look for contact information on unsolicited requests and be skeptical. No reputable bank, for example, will e-mail you asking you to provide personal information for “account verification.” If you believe the content may be suspect, contact the company directly to verify. Continue reading Cyber Security

Another Note About Comments

I think I have written this before, but maybe it would be worth writing again. I allow all comments to be posted unless the comment is spam. If the comment is related to the post, it will be posted. WordPress has a built in SPAM detection engine and I also use a “Bad Behavior” plug in.

These work very well and I usually don’t have any problem getting spam posted as a comment. In general I receive around 200+ spam comments a day. However, the SPAM engines are not perfect. Sometimes they identify a comment as spam when it is really a valid comment.

How can you tell if your comment has been accepted? If you post a comment the first time, it will require me to authorize it before it is displayed. This is what happenes 99.9% of the time to first time comments. Once in a while a valid comment won’t go in th the “Authorize” queue, but will go directly to the “SPAM” queue.

Before I delete the spam queue, I try to look at each comment and make sure that it is really spam. If I find a valid comment in the spam queue, I mark it to be de-spammed, and it will appear as a comment. Today I had a comment from Kathi that was in the spam bucket that I had to mark as not being spam.

If your comment has been identified as spam by the “Bad Behavior” plug in, you may receive a message that your email address has been identified as a spammer and it will tell you what to do to get off the master spam list.

In short, if you leave a comment here, you should see the first comment get authorized within a day. If it doesn’t appear in that amount of time, then I may have missed it and you have been identified as a spammer. If you post a comment that doesn’t appear, send me an email so I can research it. Once you have posted a comment and it has been authorized, all future comments should appear immediately, unless you change your email address.

Comments are important to any blogger. They are especially important to this type of blog because they add value to other readers. Keep those comments coming. I enjoy seeing them and it keeps blogging fun for me.

PanamaForum – A Different Panama Splog

If you are not familiar with the term splog, it stands for spam blog. Splogs rarely, if ever, contain anything created by the splog’s owner. In my opinion PanamaForum.com is a splog. It has a section called Panama Blog Watch where all the entries just happen to be from Chiriquí Chatter.

Granted, this is a variation on a real splog. A real splog has no connection to the originating blog. This one does link to Chiriquí Chatter, if you want to read the entire article. Splogs typically use the “Ads by Google” mechanism in hopes of receiving revenue. To get you to come to their site and they need content. I don’t think this site has any originally created content. It is made up of stuff that appears to have been taken from other sites on the Internet.

This site even had the nerve to plagiarize the name of one of the Yahoo Panama groups. http://groups.yahoo.com/group/panamaforum/ I think this was well thought out also to get hits by people who do a Google search for “PanamaForum”.

I thought I would let you know that this site has received no authority from me to use my material to draw people to its site. This is a cheap site and contains nothing of value that it has created. It is strictly there to make money off other’s efforts. I have yet to see any “Ads by Google” sites there were worth visiting.

Chiriquí Chatter Was Hacked

Chiriquí Chatter was hacked about 10:00 PM last night by a Russian hacker. If you accessed the site after that time it is possible that the hacked program downloaded a virus to your PC.

You should run a complete virus scan on your PC, if you accessed this site between 10:00 PM last night and 1:00 PM March 31.

Here is the Information on the hacker.

Whois Record
domain: STELAARTOIS.RU
type: CORPORATE
nserver: ns0.stelaartois.ru. 81.95.145.26
nserver: ns1.stelaartois.ru. 81.95.146.26
state: REGISTERED, DELEGATED
person: Ludmila M Samoletova
phone: +7 8442 787972
fax-no: +7 8442 787972
e-mail:
registrar: R01-REG-RIPN
created: 2006.05.04
paid-till: 2007.05.04
source: TC-RIPN

I found this information by googling on the URL I was seeing in the bottom of the browser where it displays the sites it is traversing to handle your request. Any time I see an address with a .ru suffix, I worry because it tells me I am accessing a site in Russia.

My first indication was that the site didn’t come up correctly. Some information was right, but the screen wasn’t formatted. I watched as the screen was coming up and saw the .ru address.

The hacker got into the Photo Album, Guestbook, and the Help Desk function. It also affected some management scripts (cPanel and Fantastico) as well.

The hacker put a line of code in all of the above programs directing them to go to the following location.

http://stelaartois.ru/index2.php

Obviously you do not want to go there because it gives the hacker access to your PC and a possible virus.

Have I told you how much I hate hackers

Smarter Phishes

Over the last month or so I have been testing both FireFox and Internet Explorer 7 on phishing emails I receive each day. I know they are bad emails when I receive them because they are sent to an email address I never use for communications with companies.

Up until yesterday, both FireFox and IE7 have both detected the fraud site and presented me with a warning. Yesterday I received an eBay phish email. FireFox failed to recognize the phish email and IE7 caught it. So I’m thinking maybe IE7’s method is better.

Today I received and email purported to be from Bank of America wanting me to update my account. Firefox failed to detect it and so did IE7. Both set small flags in the corners of the browser indicating that the web page had errors, but neither presented a warning.The error has obviously been planted in the code on purpose so the fraud detection will fail.

Just because you are using browsers that look for fake websites, don’t assume they are fool proof.

I forwarded the email to abuse@bankofamerica.com.

Stock Spammers – Don’t Buy These Stocks

I have recently started receiving an enormous number of spam emails that are promoting stock. I have decided to identify the stock name and stock symbol. If they have to resort to spam to generate sales, they have to be a sorry company. “Pump and Dump” individuals that want to make a quick profit typically put out these emails. Apparently it works based on the Google Search for “Stock Spammers” that I did.

While my software puts this spam in a special file, I still have to review it to insure a valid email wasn’t caught with the chaff. Now at least they will start showing up on Google searches as spammers.

I am bored updating this post, so this will be the last update. For more information do a search on Google on Pump and Dump Spam.

Current list of companies and # of spam emails received – As of 12/06/2006:

Do not buy these stocks!

Advanced Powerline
Symbol: APWL
Spam emails – 92

China Health Management Corp
Symbol: CNHC.PK
Spam emails – 15

West Exceliior ENT
Symbol WEXE
Spam Emails – 9

Vox Box World Intercom
Symbol VXBX
Spam Emails – 14

INTL OIL & GAS
Symbol IOGH
Spam Emails – 1

MAKEUP LIMITED
Symbol: MAKU
Spam Emails 10

Equipment & Systems Engineering, Inc
Symbol: EQSE
Spam Emails 35

Company: Premium Petroleum, Inc.
Symbol: PPTL
Spam Emails 42

Cana Petroleum
Symbol: CNPM
Spam Emails 37

Amerossi EC Inc.
Symbol: ARSS
Spam Emails 19

Bralorne Mining Company
Symbol: BLMN
Spam Emails 2