Re: Identity theft scam against eBay users

[Nick FitzGerald <nick () virus-l demon co uk>]

Patrick Bryant <pi () pbryant com> wrote:

> I've been trying to advise eBay all day, since it's their name
> that's being exploited, but all of my calls and emails have fallen
> into a blackhole.

Whilst it might be "nice" of you to inform eBay (I'm sure they see 
dozens of these a month and really don't care that much) you should 
really be informing the upstream hosting company of the fraudsters, 
possibly _their_ upstream as well (lots of "small-fry" hosting 
companies don't give a ^*%$ what their clients are doing so long as 
they pay their bills, whereas the bulk hosting companies they buy 
from tend to be a tad more concerned and will kill boxes/IPs much 
more quickly), _AND_ the DNS hosts (in such scams it is common to 
find the DNS is hosted other than by the hosting company).  Also, as 
the complainant was apparently in the US, the local police and/or FBI 
"high tech crimes" folk should be involved too.

> It now appears that the attackers are playing a shell game with
> the redirector site. Even though the site that receives the
> victim's post (bayers.netfirms.com) has been shut down, now the
> attackers are redirecting to at least one different site for
> receiving the posts.

Get their DNS provider(s) to realize that by hosting and changing 
this scum's DNS entries they are aiding and abetting a fraud that the 
FBI is investigating (OK -- so don't tell the DNS host that you 
simply left a message on the after-hours message service) and see how 
quickly the DNS providers act...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com