Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chargebacks and credit card frauds

From: BMF <badmotherfsckr () gmail com>
Date: Mon, 21 Sep 2009 21:58:43 -0700
On Mon, Sep 21, 2009 at 9:26 PM, Steven Anders <anderstev () gmail com> wrote:


1. how do they place the orders using all the legit IPs - since all the IPs
are from Sbcglobal  , Cox communications,  and all the other major ISPs near
the billing addresses.  Could it be that they actually took control of the
PCs and then steal the credit card, and then place the order remotely from
the controlled PC?



Yes. They proxy the orders through compromised windows boxes using the
credentials they stole right off that same box when someone ordered
something online. It's not like there is any shortage of compromised windows
boxes through which they could do this.

2. Any insights on how these fraudsters obtain the stolen credit card

numbers?



Straight off the keyboards of the compromised boxes they proxy through.

I am now tasked with improving our backend checks to make sure we don't have

any more fraudulent order, and would appreciate any pointer or insights into
this matter. Any theories, insights, or information would be very useful.



You are fucked. Thank Microsoft.

BMF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: