Re: Call to Arms: Rita Scams

[cstone <cstone () pobox com>]

On Thu, Sep 22, 2005 at 09:18:49PM +0200, Gadi Evron wrote:
[...]
> This is a notice from MWP, the malicious websites and phishing research 
> & operational mailing list.
>
> Over the next few days some of us are going to process information
> about sites that will probably be used for Rita scams.

Glad to hear it; perhaps we'll even get lucky, damage from Rita
will be minimal, and the need for emergency relief money will be
low, thus removing the attraction for scammers.

But how can we join this list?  Who else is involved?  
In particular, are you coordinating with US-CERT, FTC, the FBI/IC3, 
or other agencies reportedly[1,2] working on disaster-relief-related 
scams?  Where are the list archives?

(Of course I checked likely-related web searches before responding and
causing noise:  there are no references to this group other than you
posting about it.  It is apparently[3] a subgroup of the "drone
armies / botnets research and mitigation mailing list".  This list,
too, is also apparently secret[4]; one needs to be "vetted" and/or
"trusted".  But perhaps even more curiously, you are the only one
posting about it.  Are you sure this is germane to full-disclosure?)

> Through MWP resources and ISP connections we are going to make sure 
> these sites are taken off-line as soon as we detect them.
>
> Also, via reg-ops, an operational list for registrars, we are going to 
> see if we can get the domains terminated at the registrar level.

Is *this* list private too?

> To accomplish this we don't want to rely only on our sources, but rather 
> issue a Call to Arms to the public. If you know of a new Rita Hurricane 
> Scam, please notify us by emailing me directly at ge () linuxbox org with 
> the subject line "Rita Report", where we will be processing them for the 
> next week.

How do we know that mailing you personally is going to result in a more 
timely and effective response than working to track down incidents and/or 
notifying authorities directly?

> We hope to get the cooperation of several incident response mechanisms 
> both in the US and abroad. We will update you as we proceed and when we 
> are done.

How?  f-d posts?


[1] http://www.usdoj.gov/criminal/SpecialReport-HurricaneKatrina.htm
[2] http://news.yahoo.com/news?tmpl=story&u=/usatoday/20050922/tc_usatoday/fbiwarnsagainstfraudulentkatrinasites
[3] http://www.merit.edu/mail.archives/nanog/2005-03/msg00703.html
[4] http://www1.ietf.org/mail-archive/web/asrg/current/msg11539.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/