Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > ANZ phisher

Reply
Thread Tools

ANZ phisher

 
 
Shane
Guest
Posts: n/a
 
      09-18-2006
Is everyone getting the latest phisher?
Im surprisingly getting it on my dyndns domains (which dont normally get
Aust/NZ targetted spam)
Anyways, if anyones interested heres the headers

Return-Path: <(E-Mail Removed)>
X-Original-To: http://www.velocityreviews.com/forums/(E-Mail Removed)-a-geek.net
Delivered-To: (E-Mail Removed)-a-geek.net
Received: from localhost (localhost.localdomain [127.0.0.1])
********by mail.shanes.dyndns.org (Postfix) with ESMTP id 0C98125EDA
********for <(E-Mail Removed)-a-geek.net>; Mon, 18 Sep 2006 19:48:36 +1200
(NZST)
Received: from mail.shanes.dyndns.org ([127.0.0.1])
********by localhost (deviant [127.0.0.1]) (amavisd-new, port 10024)
********with ESMTP id 29321-08 for <(E-Mail Removed)-a-geek.net>;
********Mon, 18 Sep 2006 19:48:20 +1200 (NZST)
Received: from 201-67-37-172.cpece700.dsl.brasiltelecom.net.br (unknown
[201.67.37.172])
********by mail.shanes.dyndns.org (Postfix) with SMTP id 30BFE25ED9
********for <(E-Mail Removed)-a-geek.net>; Mon, 18 Sep 2006 19:48:16 +1200
(NZST)
Received: from regression.rushops.com (helo olga.envisionext.com
[93.232.192.39])
* * * * by recovermyfiles.com with SMTP id JIZCP59LJW
* * * * for <(E-Mail Removed)-a-geek.net>; Mon, 18 Sep 2006 03:48:17 -0500
Received: from dartmouth.hotbox.com (oregano.hotbox.com [66.52.0.207])
* * * * by galleryplanet.com with SMTP id HW6HRKO14V
* * * * for <(E-Mail Removed)-a-geek.net>; Mon, 18 Sep 2006 06:48:17 -0200
From: "ANZ Australia & New Zealand"
<(E-Mail Removed)>
To: "Luste" <(E-Mail Removed)-a-geek.net>
Subject: ANZ Internet Banking - Urgent Security Notice [Mon, 18 Sep 2006
13:46:17 +0500]
X-Authenticated: #95996446
User-Agent: SmartMailer Version 1.56 -German Privat License-
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
* boundary="EV_LINRFN21TV2S7YT"
Message-Id: <(E-Mail Removed) g>
Date: Mon, 18 Sep 2006 19:48:16 +1200 (NZST)
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at
weasel.is-a-geek.net
X-Length: 17869
X-UID: 10324


--
Professor Farnsworth: I was inventing things when you were barely turning
senile!

blog: http://shanes.dyndns.org

 
Reply With Quote
 
 
 
 
Taranis
Guest
Posts: n/a
 
      09-18-2006
On Mon, 18 Sep 2006 20:35:27 +1200, Shane wrote:

> Is everyone getting the latest phisher?
> Im surprisingly getting it on my dyndns domains (which dont normally get
> Aust/NZ targetted spam)
> Anyways, if anyones interested heres the headers
>



I had a little looksee and surprise surprise the domain it goes to is
owned in Korea. It's not a bad one and could fool some people.
Recommendation here for Firefox users : install the netcraft toolbar.
 
Reply With Quote
 
 
 
 
XPD
Guest
Posts: n/a
 
      09-18-2006

"Shane" <(E-Mail Removed)-a-geek.net> wrote in message
news:eellmn$hhn$(E-Mail Removed)...
> Is everyone getting the latest phisher?
> Im surprisingly getting it on my dyndns domains (which dont normally get
> Aust/NZ targetted spam)
> Anyways, if anyones interested heres the headers


Yeah Ive had 2/3 come through in the past few hours.


 
Reply With Quote
 
Anony Mouse
Guest
Posts: n/a
 
      09-18-2006
Shane wrote:

15 phish email in my filtered mail.

Spamhuas is down atm so I can't analyze much but really it is pretty
obvious who it is.

One 3f4eada9.8070802@mydomain for the National Bank of Aus was sent to
an address know to be associated with Leo.

A couple to cm@mydomain and a couple to benm@mydomain and more to my
main email addy.

These first two addies have been added by spammy (Probably Leo) recently.

As you may know Leo has been harassing me for quite a while.
These new addies are just a continuation of his harassment and are not
email addresses that have been advertised or on any website.
Leo has **** for brains and whatever his reason for adding new emails he
most certainly has been told that I run a multi drop box at my domain.
Adding more addies just helps me to prove it is him and his gang. I am
picking it will help with his downfall. Also the gang watches
me and every move I make, most likely the person in NZ that I know is
part of the gang. I have hammered his domains in the past through my
contacts and also I have been known to tuant him and others in the gang.
Telling him to F off makes little difference as he is an outright criminal.

I will post the evidence when Spamhaus is up, probaly in a new thread.

These URL's are from spam sent to cm@mydomain

http://164.hotelarrankgementzz.com/

P&D PETROSUN DRILLING (PSUD)
Current Price: 1.12

Link text (http://myecar.net) URL http://lxdifect.net/

Casino: http://awaweri.com/e/32

More P&D Company: SHALLBETTER INDUSTRIES INC
Symbol: SBNS.PK

Casino: (Note $888 in spam text. This is common. If I search on these
numbers in my archive I get many hits) http://cruserdane.com/v/v32

Viagra: http://coovph.meditsor.info/?76102138

Thats enough for now but as you can see the same gang is involved in
many areas.

New Zealanders should be asking Helen and the pieces of **** that run
this country why this is allowed to continue?

Anony Mouse
 
Reply With Quote
 
BrianM
Guest
Posts: n/a
 
      09-18-2006
On Mon, 18 Sep 2006 19:02:36 +1000, Taranis wrote:

> On Mon, 18 Sep 2006 20:35:27 +1200, Shane wrote:
>
>> Is everyone getting the latest phisher? Im surprisingly getting it on
>> my dyndns domains (which dont normally get Aust/NZ targetted spam)
>> Anyways, if anyones interested heres the headers
>>
>>
>>

> I had a little looksee and surprise surprise the domain it goes to is
> owned in Korea. It's not a bad one and could fool some people.
> Recommendation here for Firefox users : install the netcraft toolbar.


Done. Thanks for that info

--
BrianM
 
Reply With Quote
 
Anony Mouse
Guest
Posts: n/a
 
      09-19-2006
Anony Mouse wrote:
> Shane wrote:


>
> I will post the evidence when Spamhaus is up, probaly in a new thread.
>
> These URL's are from spam sent to cm@mydomain
>
> http://164.hotelarrankgementzz.com/


http://www.spamhaus.org/sbl/sbl.lasso?query=SBL45912

>
> P&D PETROSUN DRILLING (PSUD)
> Current Price: 1.12
>
> Link text (http://myecar.net) URL http://lxdifect.net/


http://www.spamhaus.org/sbl/listings...isp=tucows.com

>
> Casino: http://awaweri.com/e/32
>
> More P&D Company: SHALLBETTER INDUSTRIES INC
> Symbol: SBNS.PK
>
> Casino: (Note $888 in spam text. This is common. If I search on these
> numbers in my archive I get many hits) http://cruserdane.com/v/v32
>
> Viagra: http://coovph.meditsor.info/?76102138


http://www.spamhaus.org/sbl/sbl.lasso?query=SBL46073
>
> Thats enough for now but as you can see the same gang is involved in
> many areas.
>
> New Zealanders should be asking Helen and the pieces of **** that run
> this country why this is allowed to continue?
>
> Anony Mouse


Sent to benm@mydomain

http://www.manhardin.com/d/
http://www.bersika.net/
http://www.gervul.com/

http://www.spamhaus.org/sbl/listings...sp=cncgroup-hn

Thats enough to show who is sending the ANZ phishes...

Alex Polyakov
Leo Kuvayev
Yambo Financials (Leo and Alex partnership)

All part of the same criminal spam gang that attacks NZ IP space on a
daily basis.

Bend over NZ it is time for your dose from your comrades Leo and Alex.

Anony Mouse
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
comodo is cool ... stopped a phisher richard Computer Support 12 11-16-2009 06:39 AM
jobseekertool.exe/ntos.exe virus/phisher Muse Gruppes Computer Support 7 01-13-2007 07:51 AM
Funniest phisher Shane NZ Computing 4 05-21-2006 06:41 PM
Advice on dealing with a phisher T. K. Storsved Computer Support 1 09-19-2004 05:53 AM
ANZ Banking, Firebird, and Printing Chris Mayhew NZ Computing 4 07-31-2003 05:27 AM



Advertisments