Saturday, March 28, 2009

Do they think that I am stupid?

I received a text message on my mobile telephone yesterday...

Someone posted Your full Personal and Banking information at http://persdata7.com web site. You must to remove it now.

Sender:
+380672132546

Sent:
27-Mar-2009
01:31:26

...There are no typos above, that is exactly as it came. Well I am not stupid and I was not born yesterday. I would never give my mobile telephone number to any company whatsoever. Only trusted friends and family have my mobile telephone number. I am well aware of criminals throughout the world running scams to rob people. Well, they will not rob me as I am well aware of their tactics and I know how the UK banking system works. All UK bank customers are safeguarded by the banks against fraud. All you have to do is reconcile your bank statements and report any thefts to the bank. In the event of theft from your account, your money will be refunded as I was in March 2008 .

Any criminals running these scans would not share their information with other criminals or victims. However, because some many people have worries about identity theft on banking fraud you can understand how many naive people may visit the persdata7.com website. I urge everyone not to put that website address in your browser window, that is why I did not type a hyperlink in the title of this post.

That was my common sense decision to ignore this text message and the persdata7.com website. I wondered if other bloggers had the same experience and sure enough they have. Looking at hpHosts I read that...

Friday, 27 March 2009
Malicious SMS sending victims to persdata7.com
I've been advised by Holger at Malware Domain List, that a malicious SMS message is doing the rounds, pointing victims to persdata7.com with the following SMS message (and variations thereof);

someone posted your full personal and banking information at hxxp://persdata7.com website you must remove it now


I'm trying to find out which number is sending these so I can get in touch with their provider, and am trying to get in touch with Global Net Access, LLC, who actually host persdata7.com.

persdata7.com currently infects victims with the Ambler trojan (naughty naughty). If you receive one of these SMS messages, DELETE IT - DO NOT VISIT THE WEBSITE.

/update 16:50

I've spoken some more to Holger and the number that was sending the text messages was;

+380672132627

persdata7.com has now also been suspended.

/update 20:30

I've been doing some research, and from what I can find, +38 is an Albanian mobile phone, possibly provided by AMC (Albanian Mobile Communications). I'm trying to get in touch with them to get this verified (if it does not belong to them, they will hopefully point me in the direction of the correct provider).

/update 20:50

Holger has advised me that +380 is actually the Ukraine .... (why the sites I looked at didn't mention that is beyond me).

...and on the Malware Domain List ...

WARNING: All domains on this website should be considered dangerous. If you do
not know what you are doing here, it is recommended you leave right away. This
website is a resource for security professionals and enthusiasts.

2009/03/26_00:00 persdata7.com 75.127.118.230 business2.whbdns.com exploits/trojan Ambler privacy protected

...Looking on F-SECURE I read the Ambler trojan does...

Summary
This type of trojan secretly installs spy programs and/or keylogger programs.
Additional Details
This malware secretly captures a user's credentials for Internet banking webpages; the stolen information is then forwarded to a remote server.

...So there you have it, Ukrainian criminals have set up a website that would infect your computer with an Ambler trojan. If you used internet banking or a credit/debit card online then your secure details would be sent to the Ukraine where a criminal would rob you. Never give your details to companies over the phone, on websites and for goodness sake, never fill in those Customer Service Questionnaires that offer the chance to win a prize.
Comments: Post a Comment

Subscribe to Post Comments [Atom]





<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]