Full Disclosure mailing list archives
Re: Call to Arms: Rita Scams
From: cstone <cstone () pobox com>
Date: Thu, 22 Sep 2005 15:50:09 -0400
On Thu, Sep 22, 2005 at 09:18:49PM +0200, Gadi Evron wrote: [...]
This is a notice from MWP, the malicious websites and phishing research & operational mailing list. Over the next few days some of us are going to process information about sites that will probably be used for Rita scams.
Glad to hear it; perhaps we'll even get lucky, damage from Rita will be minimal, and the need for emergency relief money will be low, thus removing the attraction for scammers. But how can we join this list? Who else is involved? In particular, are you coordinating with US-CERT, FTC, the FBI/IC3, or other agencies reportedly[1,2] working on disaster-relief-related scams? Where are the list archives? (Of course I checked likely-related web searches before responding and causing noise: there are no references to this group other than you posting about it. It is apparently[3] a subgroup of the "drone armies / botnets research and mitigation mailing list". This list, too, is also apparently secret[4]; one needs to be "vetted" and/or "trusted". But perhaps even more curiously, you are the only one posting about it. Are you sure this is germane to full-disclosure?)
Through MWP resources and ISP connections we are going to make sure these sites are taken off-line as soon as we detect them. Also, via reg-ops, an operational list for registrars, we are going to see if we can get the domains terminated at the registrar level.
Is *this* list private too?
To accomplish this we don't want to rely only on our sources, but rather issue a Call to Arms to the public. If you know of a new Rita Hurricane Scam, please notify us by emailing me directly at ge () linuxbox org with the subject line "Rita Report", where we will be processing them for the next week.
How do we know that mailing you personally is going to result in a more timely and effective response than working to track down incidents and/or notifying authorities directly?
We hope to get the cooperation of several incident response mechanisms both in the US and abroad. We will update you as we proceed and when we are done.
How? f-d posts? [1] http://www.usdoj.gov/criminal/SpecialReport-HurricaneKatrina.htm [2] http://news.yahoo.com/news?tmpl=story&u=/usatoday/20050922/tc_usatoday/fbiwarnsagainstfraudulentkatrinasites [3] http://www.merit.edu/mail.archives/nanog/2005-03/msg00703.html [4] http://www1.ietf.org/mail-archive/web/asrg/current/msg11539.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Call to Arms: Rita Scams Gadi Evron (Sep 22)
- Re: Call to Arms: Rita Scams cstone (Sep 22)