ANZ phisher

Discussion in 'NZ Computing' started by Shane, Sep 18, 2006.

  1. Shane

    Shane Guest

    Is everyone getting the latest phisher?
    Im surprisingly getting it on my dyndns domains (which dont normally get
    Aust/NZ targetted spam)
    Anyways, if anyones interested heres the headers

    Return-Path: <>
    X-Original-To: -a-geek.net
    Delivered-To: -a-geek.net
    Received: from localhost (localhost.localdomain [127.0.0.1])
            by mail.shanes.dyndns.org (Postfix) with ESMTP id 0C98125EDA
            for <-a-geek.net>; Mon, 18 Sep 2006 19:48:36 +1200
    (NZST)
    Received: from mail.shanes.dyndns.org ([127.0.0.1])
            by localhost (deviant [127.0.0.1]) (amavisd-new, port 10024)
            with ESMTP id 29321-08 for <-a-geek.net>;
            Mon, 18 Sep 2006 19:48:20 +1200 (NZST)
    Received: from 201-67-37-172.cpece700.dsl.brasiltelecom.net.br (unknown
    [201.67.37.172])
            by mail.shanes.dyndns.org (Postfix) with SMTP id 30BFE25ED9
            for <-a-geek.net>; Mon, 18 Sep 2006 19:48:16 +1200
    (NZST)
    Received: from regression.rushops.com (helo olga.envisionext.com
    [93.232.192.39])
            by recovermyfiles.com with SMTP id JIZCP59LJW
            for <-a-geek.net>; Mon, 18 Sep 2006 03:48:17 -0500
    Received: from dartmouth.hotbox.com (oregano.hotbox.com [66.52.0.207])
            by galleryplanet.com with SMTP id HW6HRKO14V
            for <-a-geek.net>; Mon, 18 Sep 2006 06:48:17 -0200
    From: "ANZ Australia & New Zealand"
    <>
    To: "Luste" <-a-geek.net>
    Subject: ANZ Internet Banking - Urgent Security Notice [Mon, 18 Sep 2006
    13:46:17 +0500]
    X-Authenticated: #95996446
    User-Agent: SmartMailer Version 1.56 -German Privat License-
    X-Priority: 3 (Normal)
    MIME-Version: 1.0
    Content-Type: multipart/related;
      boundary="EV_LINRFN21TV2S7YT"
    Message-Id: <>
    Date: Mon, 18 Sep 2006 19:48:16 +1200 (NZST)
    X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at
    weasel.is-a-geek.net
    X-Length: 17869
    X-UID: 10324
     
    Shane, Sep 18, 2006
    #1
    1. Advertisements

  2. Shane

    Taranis Guest


    I had a little looksee and surprise surprise the domain it goes to is
    owned in Korea. It's not a bad one and could fool some people.
    Recommendation here for Firefox users : install the netcraft toolbar.
     
    Taranis, Sep 18, 2006
    #2
    1. Advertisements

  3. Shane

    XPD Guest

    Yeah Ive had 2/3 come through in the past few hours.
     
    XPD, Sep 18, 2006
    #3
  4. Shane

    Anony Mouse Guest

    Shane wrote:

    15 phish email in my filtered mail.

    Spamhuas is down atm so I can't analyze much but really it is pretty
    obvious who it is.

    One [email protected] for the National Bank of Aus was sent to
    an address know to be associated with Leo.

    A couple to [email protected] and a couple to [email protected] and more to my
    main email addy.

    These first two addies have been added by spammy (Probably Leo) recently.

    As you may know Leo has been harassing me for quite a while.
    These new addies are just a continuation of his harassment and are not
    email addresses that have been advertised or on any website.
    Leo has shit for brains and whatever his reason for adding new emails he
    most certainly has been told that I run a multi drop box at my domain.
    Adding more addies just helps me to prove it is him and his gang. I am
    picking it will help with his downfall. Also the gang watches
    me and every move I make, most likely the person in NZ that I know is
    part of the gang. I have hammered his domains in the past through my
    contacts and also I have been known to tuant him and others in the gang.
    Telling him to F off makes little difference as he is an outright criminal.

    I will post the evidence when Spamhaus is up, probaly in a new thread.

    These URL's are from spam sent to [email protected]

    http://164.hotelarrankgementzz.com/

    P&D PETROSUN DRILLING (PSUD)
    Current Price: 1.12

    Link text (http://myecar.net) URL http://lxdifect.net/

    Casino: http://awaweri.com/e/32

    More P&D Company: SHALLBETTER INDUSTRIES INC
    Symbol: SBNS.PK

    Casino: (Note $888 in spam text. This is common. If I search on these
    numbers in my archive I get many hits) http://cruserdane.com/v/v32

    Viagra: http://coovph.meditsor.info/?76102138

    Thats enough for now but as you can see the same gang is involved in
    many areas.

    New Zealanders should be asking Helen and the pieces of shit that run
    this country why this is allowed to continue?

    Anony Mouse
     
    Anony Mouse, Sep 18, 2006
    #4
  5. Shane

    BrianM Guest

    Done. Thanks for that info
     
    BrianM, Sep 19, 2006
    #5
  6. Shane

    Anony Mouse Guest

    Sent to [email protected]

    http://www.manhardin.com/d/
    http://www.bersika.net/
    http://www.gervul.com/

    http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-hn

    Thats enough to show who is sending the ANZ phishes...

    Alex Polyakov
    Leo Kuvayev
    Yambo Financials (Leo and Alex partnership)

    All part of the same criminal spam gang that attacks NZ IP space on a
    daily basis.

    Bend over NZ it is time for your dose from your comrades Leo and Alex.

    Anony Mouse
     
    Anony Mouse, Sep 19, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.