This is archived news from 2005, for current news click here."Federal Credit Union" ScamDecember 12, 2005You may have received an email like this, in fact you may have received several. While the message text only refer to a generic credit union, the headers are forged with ncua.gov or cuna.org. NCUA was the target of similar phishing attack in July.
The messages are virtually the same text except for the fake case ID, we have recorded
4: The first string of messages linked to 210.72.224.26, a subnet in China. Later, the link changed to: http://www.tamin.org/.CREDIT-UNION/update.php. There is no content at this location but the site is still up. Tamin.org is registered to a company in Iran.
cuna.org recommends that you delete these messages, but KnujOn thinks that this is the wrong
approach. You may send any of these messages to yourjunk@knujon.com.
Dissecting a Virus AttackDecember 8, 2005How do the ISPs rate in response to viruses attacks from their networks?Surviving a Virus AttackNovember 21, 2005About Sober.UpdatesNovember 20, 2005Beta participation in this project is already having an effect. 922 Shutdowns and suspensions are pending because emails forwarded by testers.
Two sites have recently been shutdown through efforts of the KnujOn project:
KnujOn has added space for more beta testersNovember 10, 2005Beta info.KnujOn Presented at Northeast HTCIA TrainingNovember 3 & 4, 2005KnujOn was presented at the NE-HTCIA training.Family postcard scamOctober 26, 2005Emails with the title: You have just received a virtual greeting from a family member! actaully link to a spyware/virus download run from a subnet at the Kent Institute of Art and Design in Kent, England.Stock SpamOctober 25, 2005You may have noticed an increase in stock-related spam recently. A great site: spamstocktracker.com follows the value of the stocks pumped through junk mail. Big surprise, all of these stocks a losers. So far he has lost a hypothetical eight thousand dollars on spam stocks.KnujOn To Be Presented at Northeast HTCIA MeetingOctober 13, 2005Computer Security Professionals and Law Enforcement are invited to an HTCIA meeting November 3 - 4, 2005 at Pace University in Manhattan. KnujOn will be one of the presentations.Beta Test ApplicationsSeptember 26, 2005KnujOn is looking for beta testers. More information here.KnujOn Presented at HTCIA MeetingSeptember 22, 2005More information here.Six Month KnujOn Alpha Testing CompleteSeptember 1, 2005Active testing began on March 1, 2005 and the results have meet and exceeded our expectations. With over 1000 shutdowns, 147 voluntary removals, 2963 administrators tracked, and 3507 domains tracked we are calling the alpha test an amazing success. However, this is only the beginning. Soon we will begin soliciting beta testers and expanding our network and the project scope.KnujOn Shutdown Count Passes 1000August 26, 20051000 Shutdowns and climbing. With more networks soon to join the effort the number can only grow faster.Range of junk sites shutdownAugust 9, 2005bailieldnab.com, bbovercowia.com, cnyoungunba.com, dnbfbsqs.com, eeladd.com, narrjl.com, gemuleycn.com, ghtnsecn.com, rumbumbale.com, tnashbsv.com, turuntale.com as well as others were all junk mail sites run by "Alexandr Zhamelgo" of Moscow. They have all been shutdown or suspended by KnujOn.Shutdown Count Exceeds 600August 5, 2005As the database grows, the program becomes more efficient resulting in more and more shutdowns.oneclicksearches.com and psguard.com use Trojans to Hijack BrowsersAugust 4, 2005oneclicksearches.com and psguard.com are using viruses to take over PC browsers. For more information and to find out what you can do, click here.Site Uses Scripting to Mask Browser Address BarJuly 27, 2005PhishingShutdown Count Exceeds 500 - July 25, 2005Attempt to Obtain Bank of America Customer Information Blocked and ReportedJuly 18, 2005PhishingUnauthorized Use of TRUSTe Seals Reported by KnujOnJuly 13, 2005A "mortgage approval" email processed by KnujOn lead to a site with an unauthorized use of TRUSTe seals. tpbaj.com, a purported "American Financial Specialist" is actually located in Canada and has an TRUSTe seal on his site but is not a register TRUSTe member. Ronald Hentington of Toronto also runs these sites with similar offers: discount-financing.net liberyteloan.com lowest-rate-loans.net perfered-loans.net None of these sites are TRUSTe members. If you have an email or site with a questionable TRUSTe seal you may verify it here. Emails with Hijacked Amazon.com Content Stopped and ReportedJuly 12, 2005PhishingKnujOn Stops and Reports More "PayPal" ForgeriesJuly 11, 2005PhishingAttempt to Obtain Bank of the West Customer Data Blocked by KnujOnJuly 7, 2005PhishingShutdown Count Exceeds 400July 6, 2005The shutdown/suspension count has passed 400 and will continue to grow at a faster rate.Related Article: Hackers make way for criminals, experts say(Reuters) Two More "PayPal" Scams Stopped TodayJuly 2, 2005PayPal is under siege. Two different PayPal impersonators were revealed by KnujOn. One, in Arizona and another in Mexico. It is important to identify these scams quickly and report them before anyone falls victim.Attempt to Obtain NCUA Customer Information Traced to Korean SiteJuly 1, 2005KnujOn processed an email which used web content from the National Credit Union Administration(ncua.gov) requesting that customers login and update their accounts, but the "Click Here to Update You Account" link actually went to a site hosted in South Korea. The "log-in" page at the Korean site was also used hijacked web content from ncua.gov and requested personal credit card information. This incident has been reported. If you are an NCUA customer or you have received a suspicious email from verify@ncua.gov, do not reply to it or click the links. Go to ncua.gov/Phishing/phishing.htm to read about Phishing and report fraud.Another PayPal Scam Traced to EgyptJune 29, 2005PayPal seems to be a frequent target of phishing. One processed by KnujOn today was traced to the Egyptian Universities Network. The email was forwarded to PayPal administrators.U.S. Refinance Specialist Actually in BrazilJune 28, 2005KnujOn has processed several emails from greatrefi.com, savecashtoday.net, fastrefi.biz, and savenowtoday.com. All these sites claim to be operated by "Fast Refi Co." and offer rates as low as "2.9%"(typical rates are around 5%). We have been unable to locate any registered company or bank by the name "Fast Refi Co.", however all of the sites associated with this "institution" are run out of Brazil. It is unlikely that this is a real refinance offer, but actually an attempt to harvest personal information for unknown purposes. KnujOn has filed various reports about these sites.Shutdown/Suspension Count Passes 300June 27, 2005As of June 27th the total number of unique sites shut down or suspended by KnujOn is 301.Elaborate "PayPal" Scam Found by KnujOnJune 24, 2005An email claiming to be from PayPal actually linked to "paypal-chk.com" a site not associated with PayPal but registered to a Werner Strijewski in Toronto, Canada (PayPal is based in San Jose, CA). This was reported to PayPal.Fake Emails Sent to LaSalle Bank Customers Stopped by KnujOnJune 23, 2005PhishingAnother Attempt to Obtain Paypal Customer Information Found by KnujOnJune 22, 2005PhishingRelated article: ID data breaches: as rampant as it seems (money.cnn.com) Possible Misuse of FDIC and BBB Seals Revealed by KnujOnJune 21, 2005A "bank" has been sending emails promising $300,000 loans at 3.6%(typical interest these days is around 5%). A review of the site rsraoyh.com showed they claimed FDIC and BBBOnLine accreditation. KunjOn was unable to find certificates at either organization for rsraoyh.com. The owner of rsraoyh.com is actually located in Moscow, Russia.  All FDIC insured banks must have a certificate number. This site was reported to the FDIC and BBB by KnujOn. For more information on verifying FDIC seals and protecting your privacy, click here. To verify a BBB member, click here. To report BBB-related scams, click here. Attempt to Obtain Ebay Customer Information Traced to Subnet at Tsinghua University in ChinaJune 16, 2005PhishingKnujOn Shutdown Count Passes 200June 14, 2005Today the number of sites shut down or suspended is over 200. These are unique sites associated with junk mail and various Internet scams. The number is quite significant since it represents the results of a single network running KnujOn. Within a year the impact of KnujOn on this network on the Internet in general will be amazing. Beyond the shutdowns, KnujOn has also identified various attempts to obtain personal information for use in possibly illegal activity. Our goal in the coming months is to make KnujOn available for general use. For more information, please contact us.KnujOn Builds Profile of Professed "Mortgage Refinance Specialist"June 9, 2005We have collected dozens of email samples like this one: The linked websites are constantly changing, but they are all cleverly crafted, clean-looking sites. There are no phone numbers, names, addresses or even names of legitimate lending agencies, merely on-line forms asking for personal information.  The following sites are all connected to these questionable emails: slmply.net, easi3r.com, ast0unds.com, f1nds.net, l3arn.net, bllls.net pr1m3time.com, pay-m3.net, m0n3y.net, fre3d0m.com, br3aks.com, easi3r.com These sites are all owned by "David Learner" of London England who is identified by spamcop.net and toastedspam.com as a notorious junk mailer. It is doubtful that "David Learner" is associated with any banks or lending agencies in the United States even though his emails all claim to offer refinancing in all 50 states. Russian Spammer Shutdown by One KnujOn RequestJune 8, 2005A spammer in Russia who claimed to sell licensed versions of Microsoft and Adobe software had his site (rrtop.com) terminated 1 hour after the hosting company was contacted by KnujOn. Shutdowns can often take days to complete, but this hosting company was instantly satisfied by KnujOn's reporting and presentation of the case.Attempted Bank Fraud Exposed by KnujOnJune 7, 2005PhishingKnujOn Assists PayPal With Fighting ScamsJune 6, 2005PhishingKunjOn Presented to HTCIAMay 26, 2005KnujOn was presented to the High Technology Crime Investigation Association and produced considerable interest and debate. KnujOn and Cold Rain hope to continue to work with the HTCIA in the future. |
