Google fooled by the "Fake Anti-Virus Virus"
You probably know by now about the fake Anti-Virus that is planted everywhere to fool people into buying it, go figure maby it will self update some day and will start stealing bank accounts...
I can't believe we have come to this to point where it is so spread and has so much different domains and versions and nobody stops them!!!
The internet needs some kind of global FBI to keep control over these criminals!!!
These guys operate from Russia and they are the "180 Solutions" team (i proove it below) which shows everyone that a criminal business in the internet is profitable and grows over the last 5 years, at least if its running from a country safe for cyber criminals (Russia!!!)
These is a wide viral network and they check for existance of any of their products, I saved the list of internet explorer blocked/trusted they look here: http://theinsider.deep-ice.com/evilnetwork.txt
So they infect us through cracks and software installations (fake setups, SFX, exe binding) and p2p (torrent, emule) and of course OS and browser exploits through warez websites.
Still, something is missing... it's working too well this time! well get this!!
Please join my experiment, let's assume someone just opends google and wants to download the mp3 of the Sopranos T.V series titled "you got yourself a gun", so he should search "download mp3 sopranos got yourself a gun", you can test it yourself:
http://www.google.com/search?hl=iw&client=firefox-a&rls=org.mozilla%3Ahe%3Aofficial&hs=X1V&q=download+mp3+sopranos+got+yourself+a+gun&btnG=%D7%97%D7%99%D7%A4%D7%95%D7%A9&meta=
Last week result number three was:
Sopranos Theme Song
You woke up this morning Got yourself a gun, Complete Guide to Entertaining - Sopranos Stile! Entertaining with The Sopranos May 25, 2008 Download Sopranos ...
www.geocities.com/owhfmqhoqxu/sopranos-theme-song.html - 13k
Now result number six is :
mas woemns rights woems woemsn bottle opener woen woen am woen of ...
... up this morning got yourself a woke up this morning got yourself a gun woke ... sopranos woke up this morning mp3 woke up this morning mp3 sopranos woke ...
http://hauton.net/2/2289/ - 35k
One can clearly see that last week result is very very convincing and the new one is also similar to a way a warez/mp3 website would appear in google, this leads directly to a page with auto download offering of this fraud virus.
1) Why isn't this blocked by google who "maps all the evil pages in the world"?!
2) Google search engine is helping the bad guys to publish their virus in the top 10 results!
This issue goes way byhond searching for downloads, I even got it seaching people:
http://vivocurtindo.com.br/galeriaa/css/_images/toyota-tazz-wiring/my_searched_keyword1-my_searched_keyword2-home.html
This viral network is so large I truely believe only government power can stop it.
Some of the endless domains they use to spread this virus:
http://hauton.net/
http://www.geocities.com/owhfmqhoqxu/
http://scan.av2008check.com/100567/5/
http://dnld.av2008dl.com/load/setup_100567_4_.exe
http://antivirus-2008pro.com/scanner.php?aff=DB
http://antivir--2008.com/buy.php?aff=1001
http://antimalwareguardpro.com/2009/12/?cmpname=cspffxamg&a=cspamg&l=160&f=cs_189355130&ax=1&ed=2&h=10&ex=5&eu=http%3A%2F%2Fad2cash.net%2F%3Fcmpname%3Dcsppcpc%26a%3Dcsp_amex%26l%3D160%26f%3Dcs_189355130&al=&sub=csp&mt_info=6278_0_25073&rdr=1
http://top-pc-scanner.com/1/?xx=1&in=2&ag=2&end=1&g=1&affid=312&lid=1#
http://scan.free-antispyware-scanner.com/100567/4/?q=
http://dnld.getavxp.com/load/setup_100567_4_.exe
http://thefreescanner.com/4913144/1/1/
http://scanner.vav-x-scanner.com/36/?advid=0000004683
http://scanner.ms-scanner.com/35/?advid=0000004683
b.t.w its extremely intelligent to create a "virus not considered as a virus" and spread it as a fraud software which no law inforcment cares about and then once its planted in millions of computers just update it to do steal you want and then even change it back...combination of a breach in the law and in the way viruses are treated by the AV insdustry.
I can't believe we have come to this to point where it is so spread and has so much different domains and versions and nobody stops them!!!
The internet needs some kind of global FBI to keep control over these criminals!!!
These guys operate from Russia and they are the "180 Solutions" team (i proove it below) which shows everyone that a criminal business in the internet is profitable and grows over the last 5 years, at least if its running from a country safe for cyber criminals (Russia!!!)
These is a wide viral network and they check for existance of any of their products, I saved the list of internet explorer blocked/trusted they look here: http://theinsider.deep-ice.com/evilnetwork.txt
So they infect us through cracks and software installations (fake setups, SFX, exe binding) and p2p (torrent, emule) and of course OS and browser exploits through warez websites.
Still, something is missing... it's working too well this time! well get this!!
Please join my experiment, let's assume someone just opends google and wants to download the mp3 of the Sopranos T.V series titled "you got yourself a gun", so he should search "download mp3 sopranos got yourself a gun", you can test it yourself:
http://www.google.com/search?hl=iw&client=firefox-a&rls=org.mozilla%3Ahe%3Aofficial&hs=X1V&q=download+mp3+sopranos+got+yourself+a+gun&btnG=%D7%97%D7%99%D7%A4%D7%95%D7%A9&meta=
Last week result number three was:
Sopranos Theme Song
You woke up this morning Got yourself a gun, Complete Guide to Entertaining - Sopranos Stile! Entertaining with The Sopranos May 25, 2008 Download Sopranos ...
www.geocities.com/owhfmqhoqxu/sopranos-theme-song.html - 13k
Now result number six is :
mas woemns rights woems woemsn bottle opener woen woen am woen of ...
... up this morning got yourself a woke up this morning got yourself a gun woke ... sopranos woke up this morning mp3 woke up this morning mp3 sopranos woke ...
http://hauton.net/2/2289/ - 35k
One can clearly see that last week result is very very convincing and the new one is also similar to a way a warez/mp3 website would appear in google, this leads directly to a page with auto download offering of this fraud virus.
1) Why isn't this blocked by google who "maps all the evil pages in the world"?!
2) Google search engine is helping the bad guys to publish their virus in the top 10 results!
This issue goes way byhond searching for downloads, I even got it seaching people:
http://vivocurtindo.com.br/galeriaa/css/_images/toyota-tazz-wiring/my_searched_keyword1-my_searched_keyword2-home.html
This viral network is so large I truely believe only government power can stop it.
Some of the endless domains they use to spread this virus:
http://hauton.net/
http://www.geocities.com/owhfmqhoqxu/
http://scan.av2008check.com/100567/5/
http://dnld.av2008dl.com/load/setup_100567_4_.exe
http://antivirus-2008pro.com/scanner.php?aff=DB
http://antivir--2008.com/buy.php?aff=1001
http://antimalwareguardpro.com/2009/12/?cmpname=cspffxamg&a=cspamg&l=160&f=cs_189355130&ax=1&ed=2&h=10&ex=5&eu=http%3A%2F%2Fad2cash.net%2F%3Fcmpname%3Dcsppcpc%26a%3Dcsp_amex%26l%3D160%26f%3Dcs_189355130&al=&sub=csp&mt_info=6278_0_25073&rdr=1
http://top-pc-scanner.com/1/?xx=1&in=2&ag=2&end=1&g=1&affid=312&lid=1#
http://scan.free-antispyware-scanner.com/100567/4/?q=
http://dnld.getavxp.com/load/setup_100567_4_.exe
http://thefreescanner.com/4913144/1/1/
http://scanner.vav-x-scanner.com/36/?advid=0000004683
http://scanner.ms-scanner.com/35/?advid=0000004683
b.t.w its extremely intelligent to create a "virus not considered as a virus" and spread it as a fraud software which no law inforcment cares about and then once its planted in millions of computers just update it to do steal you want and then even change it back...combination of a breach in the law and in the way viruses are treated by the AV insdustry.
Add a Comment
-
Comment by henry on August 24, 2009 at 11:33am -
Before going shopping online, every customer has to register online with his/her credit card information and they'll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people's credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:
Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people's credit card information stored in the server in the last 72 hours. This is how you will get people's VALID credit card information. Now you have to do exactly the same as follows:
Send an Email to databasey47@yahoo.com
With the subject: accntopp-cc-E52488 (To confuse the server)
In the email body, write:
boundary='0-86226711-106343' (This is line 1)
Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
252ads< m > (This is line 51)
Return-Path: < Your Email Here > (This is line 54, type in your email between < > ) s_
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.
Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.
Send to: databasey47@yahoo.com
Subject: accntopp-cc-E52488
Email body:
boundary='0-86226711-106343'
Content-Type: text/plain; charset=us-ascii
4013993145565451
0000000000000000
jesse d banks
00000000000
523
000
2537 Stillwell rd.,des 0000000000
visa
0000
03/2004
0000000
555-555-5555
00000000000
606-09-6603
0000000000
Citibank
00000000
at786at@yahoo.com
000000000000000000000
252ads< m >
Return-path
-
Comment by henry on August 24, 2009 at 11:32am
-
Here is a Hack you can use with the actual address to yahoo’s server. databasey47@yahoo.com the address you use for any yahoo credit card hack.
Follow the steps below:
Send an Email to mailto: databasey47@yahoo.com
With the subject: accntopp-cc-E52488 (To confuse the server )
In the email body, write: boundary=”0- 86226711-106343″ (This is line 1)
Content-Type: text/plain; (This is line 3)
charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)
name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)
CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)
000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters)
0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
phone number ( put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters)
000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)
expiration date (This is line 31, has to be LOWER CASE letters)
0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35
Return-Path: (This is line 36, type in your email between )
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000’s are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won’t get anybody’s credit card information. Here’s a sample email .
Here is an EXACT email which you have to send to server.
(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)
Send to: databasey47@yahoo.com
Subject: accntopp-cc-E52488
Email body:
Name Appears on Card,
Expiration Date,
16 digit CC number,
cv2,
Billing Address,
Phone number,
City,
State,
Country,
252ads8> Return-Path:
This may take a few minutes!!! If you try it now, you’ll gain access to people’s credit cards’ information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you’ll gain different cards’ information.
I’ve received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I’ve only used 5 numbers so far, on ebay. I bought 2 playstation 2’s, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all.
Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.
-
Comment by henry on August 24, 2009 at 11:31am
-
Before going shopping online, every customer has to register online with his/her credit card information and they'll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people's credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:
Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people's credit card information stored in the server in the last 72 hours. This is how you will get people's VALID credit card information. Now you have to do exactly the same as follows:
Send an Email to databasey47@yahoo.com
With the subject: accntopp-cc-E52488 (To confuse the server)
In the email body, write:
boundary='0-86226711-106343' (This is line 1)
Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
252ads< m > (This is line 51)
Return-Path: < Your Email Here > (This is line 54, type in your email between < > ) s_
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.
Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.
Send to: databasey47@yahoo.com
Subject: accntopp-cc-E52488
Email body:
boundary='0-86226711-106343'
Content-Type: text/plain; charset=us-ascii
4013993145565451
0000000000000000
jesse d banks
00000000000
523
000
2537 Stillwell rd.,des 0000000000
visa
0000
03/2004
0000000
555-555-5555
00000000000
606-09-6603
0000000000
Citibank
00000000
at786at@yahoo.com
000000000000000000000
252ads< m >
Return-path
-
Comment by mindcorrosive on December 23, 2008 at 2:18pm -
Curious you talk about Russia being a malware provider.. Apparently, some people think this is not the case..
http://arstechnica.com/news.ars/post/20081223-us-computers-still-the-source-of-most-malware.html
But yeah, go ahead, and rant about Russia having 4 time *less* malware hostings than in USA.. In some corners of the world it's called hypocrisy. And while I'm at it, the sentence "The internet needs some kind of global FBI to keep control over these criminals!!!" somehow didn't fill me with romantic thoughts about having a Great Central Police Force that is going to monitor everyone (especially not in the way you imply that it is to be USA-backed and dominated). I guess a lot of countries seem to be comfortable with their government watching over their backs, but I shudder at the thought this happening on a global scale. I'm leaving the discussion about the legality of FBI actions for some other time.. At the very least, your comparison was appalling.
You certainly realize (hopefully) that USA is not the centre of the Universe, and a little bit more honesty and less self-righteousness would be good.
Take care, on any account.
P.S. Your findings are interesting, though.
© 2009 Created by pdp on Ning. Create a Ning Network!
You need to be a member of House of Hackers to add comments!
Join this Ning Network