Full Disclosure mailing list archives
Re: Chargebacks and credit card frauds
From: BMF <badmotherfsckr () gmail com>
Date: Mon, 21 Sep 2009 21:58:43 -0700
On Mon, Sep 21, 2009 at 9:26 PM, Steven Anders <anderstev () gmail com> wrote:
1. how do they place the orders using all the legit IPs - since all the IPs are from Sbcglobal , Cox communications, and all the other major ISPs near the billing addresses. Could it be that they actually took control of the PCs and then steal the credit card, and then place the order remotely from the controlled PC?
Yes. They proxy the orders through compromised windows boxes using the credentials they stole right off that same box when someone ordered something online. It's not like there is any shortage of compromised windows boxes through which they could do this. 2. Any insights on how these fraudsters obtain the stolen credit card
numbers?
Straight off the keyboards of the compromised boxes they proxy through. I am now tasked with improving our backend checks to make sure we don't have
any more fraudulent order, and would appreciate any pointer or insights into this matter. Any theories, insights, or information would be very useful.
You are fucked. Thank Microsoft. BMF
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Chargebacks and credit card frauds Steven Anders (Sep 21)
- Re: Chargebacks and credit card frauds BMF (Sep 21)
- Re: Chargebacks and credit card frauds Andrew Haninger (Sep 21)
- Re: Chargebacks and credit card frauds Steven Anders (Sep 22)
- Re: Chargebacks and credit card frauds T Biehn (Sep 22)
- Re: Chargebacks and credit card frauds Steven Anders (Sep 22)
- Re: Chargebacks and credit card frauds Iadnah (Sep 22)
- Re: Chargebacks and credit card frauds mrx (Sep 22)
- Re: Chargebacks and credit card frauds Anıl Kurmuş (Sep 23)
- Re: Chargebacks and credit card frauds T Biehn (Sep 23)