UK Daily Mail Online Reports 19 Cyber criminals Arrested

Arrest of Hackers that Netted up to £20m from British Accounts

A multi-million pound internet banking fraud which drained thousands of pounds from the UK accounts of innocent victims was cracked by police yesterday.

A gang of Eastern Europeans made £2 million a month from online accounts by stealing victims log-in details using sophisticated software which can be bought for just £300 over the internet.
They made £6 million in just three months and detectives believe they could have reaped as much as £20 million in the highly organised scam.

The mastermind, who detectives believe is an adept IT expert, was among 19 arrested yesterday in a series of dawn raids across London.
He and his team targeted hundreds of victims who had weak security on their computers and accessed their user names and passwords despite tight security systems put in place by the banks on their internet sites.

Police were alerted by high street banks who were alarmed a sudden surge in fraud.

Investigators from Scotland Yard’s e-Crime Unit discovered that the gang were hitting vulnerable computers using software which is described in the industry as a ‘Trojan horse’ because it infiltrates the computer without the user realising.
The system called ‘Zeus’ or ‘Zbot’ infects victims’ personal computers, waits for them to log onto a list of specifically targeted banks and financial institutions and then steals their personal credentials, forwarding the data to a server controlled by criminals.

It can also manipulate web browsing sessions including creating an additional page requesting the victim to reveal more personal information, such as payment card number, PIN, and passwords.
Users have no idea they are being defrauded because they think they are still on their secure internet banking site.
Unbeknown to the owner, computers infected with Zeus become part of a network where they fall under the remote control of computer criminals.
It is being used increasingly by cyber criminals across the globe.

After the gang had taken over victims’ online bank accounts, they would take out several thousands pounds and place it in a ‘drop’ account before withdrawing the cash.
They recruited dozens of ‘mules’ who would allow them to use their accounts to pay the money into in return for payment.
By using scores of different bank accounts to deposit the money, they hoped to evade being caught.
Detectives have so far pinpointed over 600 British bank accounts which were defrauded but believe hundreds have been targeted.

The ringleader, in his 20s, and his wife, an accomplice in the scam, were arrested in an unremarkable third-floor flat in Chingford, Essex, yesterday morning.
Another couple, also part of the gang, were also arrested at the property.
The ‘nerve centre’ where the ringleader ran his empire from was simply a laptop on a desk in his front room. In front of it lay a notebook where figures of money had been carefully written in pencil.
In all, officers arrested 15 men and four women aged between 23 and 47 on suspicion of the Computer Misuse Act, Proceeds of Crime Act and Fraud Act offences . Inquiries are ongoing to ascertain whether they are in the country illegally.
Among them, two were also arrested on suspicion of possession of a firearm found at one of the properties. They are all in custody for questioning.
Detective Chief Inspector Terry Wilson, who led the investigation said: ‘We’ve worked closely with UK banks through our Virtual Taskforce approach to gather information and evidence which has resulted in today’s arrests.
We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm – which of course banks have had to repay at considerable cost to the economy.

‘Online banking customers must make sure their security systems are up to date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience. Greater public awareness and education will make it harder for personal details to be compromised and for this type of fraud to be carried out.’
Martin Muirhead, chairman of the Virtual Task Force, said: ‘This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public / private organisations in the UK. This is pioneering work led by the Metropolitan Police Service.”

Read more

More Scam/Spam Servers – www.onlinepharmacyy.com

SmartFilter Category: Not Categorized
Make Category Suggestions
Namerservers on IP: admin2.nomex.net
dns2.exodns.com
dns3.hddns.com
ms1.msquaretech.com
ns.100won.com
ns.kyuni.com
ns1.1rg.net
ns1.7per.com
ns1.beijinghotelreview.com
ns1.bestmoneybelts.com
ns1.bodydrugs.com
ns1.buyglassart.com
ns1.cheaphostuk.com
ns1.cheappricerx.com
ns1.chronicasthma.info
ns1.cyberwaveradio.com
ns1.deftmedia.com
ns1.drugs-rx.net
ns1.freehosting100.com
ns1.globaldirectdrugs.com
ns1.haderach.com
ns1.inblaze.net
ns1.incorporationcompanies.com
ns1.muybueno.info
ns1.petpharmacycanada.com
ns1.reliancewebhosting.com
ns1.richei.com
ns1.searchengineoptimizationfirms.info
ns1.tenkmeds.com
ns1.topratedproviders.com
ns1.visualtrends.com
ns1.vmnu.com
ns1.wirechat.com
ns1.wsstudio.com
ns1.zoonta.com
ns2.bancroftcruisers.com
ns2.bodydrugs.com
ns2.cack.info
ns2.canadasgenericdrug.com
ns2.canadianmedsline.com
ns2.cheaphostuk.com
ns2.cheappricerx.com
ns2.chronicasthma.info
ns2.creditrepairmanual.org
ns2.crupmeds.com
ns2.deftmedia.com
ns2.discountbusinesscards.info
ns2.dnsengine.com
ns2.dnstiger.com
ns2.domainspotters.com
ns2.exodns.com
ns2.extendeddns.com
ns2.garthbrooksticket.net
ns2.getquotes.us
ns2.hddns.com
ns2.inblaze.net
ns2.incorporationcompanies.com
ns2.jixz.com
ns2.lacajita.com
ns2.lesbianscreen.com
ns2.margindns.com
ns2.mnforums.com
ns2.muybueno.info
ns2.pcworks.ca
ns2.qualitycanadiandrugs.com
ns2.refimortgageloanrate.com
ns2.tenkmeds.com
ns2.vmnu.com
ns2.wsstudio.com
ns2.zoonta.com
ns3.bancroftcruisers.com
ns3.dnsengine.com
ns4.hddns.com
ns4.http-servers.com
ns5.dnstiger.com
ns5.hddns.com
ns5.http-servers.com
ns6.dnstiger.com
ns6.hddns.com
ns6.http-servers.com
ns7.hddns.com
ns8.hddns.com
park1.margindns.com
park2.margindns.com
pleasedropthishost12895.7per.biz

Details on domainname www.onlinepharmacyy.com
Whois Server Version 2.0

Domain Name: ONLINEPHARMACYY.COM
Registrar: NEW DREAM NETWORK, LLC
Whois Server: whois.dreamhost.com
Referral URL: http://www.dreamhost.com
Name Server: NS1.DREAMHOST.COM
Name Server: NS2.DREAMHOST.COM
Name Server: NS3.DREAMHOST.COM
Status: clientHold
Status: clientTransferProhibited
Updated Date: 15-dec-2009
Creation Date: 06-sep-2009
Expiration Date: 06-sep-2010

Last update of whois database: Sun, 31 Jan 2010 17:44:57 UTC

Domain Name: onlinepharmacyy.com

Registrant Contact:
onlinepharmacyy.com Private Registrant onlinepharmacyy.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.2139471032

Administrative Contact:
onlinepharmacyy.com Private Registrant onlinepharmacyy.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.2139471032

Technical Contact:
onlinepharmacyy.com Private Registrant onlinepharmacyy.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.2139471032

Billing Contact:
onlinepharmacyy.com Private Registrant onlinepharmacyy.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.2139471032

Record created on 2009-09-06 08:24:03.
Record expires on 2010-09-06 08:24:03.

Domain servers in listed order:

ns1.dreamhost.com
ns2.dreamhost.com
ns3.dreamhost.com
DreamHost whois server terms of service: http://whois.dreamhost.com/terms.html

Get a 14-day free trial of unlimited everything from DreamHost Web Hosting.
Includes A FREE domain registration! http://www.dreamhost.com/
Use promotional code “WHOIS” for an additional $50 off any plan!

Spammers Launch Denial of Service Attacks Against Antispam Sites

Antispam sites that fight back against phishing scams have been attacked with denial of service attacks launched by spam botnets. Antispam vigilantes believe that the Storm worm is behind the onslaught.
By Ryan Paul | Last updated 2 years ago


Antispam community sites that help combat phishing scams and spam are being targeted with denial of service attacks by malware botnets presumably operated by spammers. The trend was reported last week by antispam site SpamNation.

SpamNation believes that the denial of service attacks are being launched by the Zhelatin gang, the same group that is thought to be behind the rapidly growing Storm worm botnet. According to SpamNation, the botnet operators are selling denial of service attacks. “When the firehose of the Zhelatin botnet gets turned on your site, it doesn’t mean that it’s the gang themselves who have singled you out for attack,” says SpamNation. “It’s more likely that the attack has been commissioned by one of their customers. In the same way that a customer can order a stock spam run, they can request a DDoS attack.”

Sites that have been targeted include 419Eater, ScamWarners, CastleCops, scam.com, scamfraudalert.com, and Artists against 419.

CastleCops, which is currently back up, has established a denial of service forum to provide information about the ongoing attacks and facilitate discussion. System administrators are also sharing blacklists of IP addresses and netblocks that represent botnet zombie systems.

The distributed computational power of the Storm botnet is thought to have surpassed that of virtually all major supercomputers. The rate at which the botnet is evolving is extremely unsettling, and one can only wonder what kind of sites will be targeted with denial of service attacks as it continues to grow in size. Let’s hope it doesn’t evolve too quickly; the last thing we need is a self-aware spam botnet. “I’m afraid I can’t let you block that spam message, Dave.”

Source: arstechnica.com

WhoIs Active activehackers.com

Address lookup

canonical name activehackers.com.
aliases
addresses 74.200.220.215

Domain Whois record

Queried whois.internic.net with “dom activehackers.com“…

   Domain Name: ACTIVEHACKERS.COM
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.OnlineNIC.com
   Name Server: NS1.DNS-DIY.NET
   Name Server: NS2.DNS-DIY.NET
   Status: clientTransferProhibited
   Updated Date: 01-jun-2009
   Creation Date: 28-jul-2007
   Expiration Date: 28-jul-2011

>>> Last update of whois database: Fri, 11 Sep 2009 10:57:46 UTC <<<

Queried whois.onlinenic.com with “activehackers.com“…

Domain Name:activehackers.com 
Record created:2007/7/28
Record expired:2011/7/28

Domain servers in listed order:
	 ns1.dns-diy.net 	 ns2.dns-diy.net 

Administrat:
   name-- DNS MANAGER 
   org-- ABSOLUTEE CORP. LTD. 
   country-- CN 
   province-- Hongkong 
   city-- Hongkong 
   address-- FLAT/RM B 8/F CHONG MING BUILDING 72 CHEUNG SHA WAN RD KL 
   postalcode-- 999077 
   telephone-- +00.85223192933 
   fax-- +00.85223195168 
   E-mail-- ac3737978315801@absolutee.com 
Technical Contact:
   name-- DNS MANAGER 
   org-- ABSOLUTEE CORP. LTD. 
   country-- CN 
   province-- Hongkong 
   city-- Hongkong 
   address-- FLAT/RM B 8/F CHONG MING BUILDING 72 CHEUNG SHA WAN RD KL 
   postalcode-- 999077 
   telephone-- +00.85223192933 
   fax-- +00.85223195168 
   E-mail-- ac3737978640502@absolutee.com 
Billing Contact:
   name-- DNS MANAGER 
   org-- ABSOLUTEE CORP. LTD. 
   country-- CN 
   province-- Hongkong 
   city-- Hongkong 
   address-- FLAT/RM B 8/F CHONG MING BUILDING 72 CHEUNG SHA WAN RD KL 
   postalcode-- 999077 
   telephone-- +00.85223192933 
   fax-- +00.85223195168 
   E-mail-- ac3737978640503@absolutee.com 
Registrant Contact:
   name-- DNS MANAGER 
   org-- ABSOLUTEE CORP. LTD. 
   country-- CN 
   province-- Hongkong 
   city-- Hongkong 
   address-- FLAT/RM B 8/F CHONG MING BUILDING 72 CHEUNG SHA WAN RD KL 
   postalcode-- 999077 
   telephone-- +00.85223192933 
   fax-- +00.85223195168 
   E-mail-- ac3737978513504@absolutee.com

Network Whois record

Queried whois.arin.net with “74.200.220.215“…

OrgName:    Layered Technologies, Inc. 
OrgID:      LAYER-3
Address:    5085 W Park Blvd
Address:    Suite 700
City:       Plano
StateProv:  TX
PostalCode: 75093
Country:    US

ReferralServer: rwhois://rwhois.layeredtech.com:4321

NetRange:   74.200.192.0 - 74.200.255.255 
CIDR:       74.200.192.0/18 
OriginAS:   AS16805,  AS22576
NetName:    LAYERED-TECH-CHI
NetHandle:  NET-74-200-192-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.FASTSERVERS.NET
NameServer: NS2.FASTSERVERS.NET
Comment:    
RegDate:    2006-11-14
Updated:    2009-09-01

OrgAbuseHandle: LAT-ARIN
OrgAbuseName:   LT Abuse Team 
OrgAbusePhone:  +1-972-398-7998
OrgAbuseEmail:  abuse@layeredtech.com

OrgNOCHandle: LIT-ARIN
OrgNOCName:   LT IP-Network Team 
OrgNOCPhone:  +1-972-398-7998
OrgNOCEmail:  ipnet@layeredtech.com

OrgTechHandle: LNT3-ARIN
OrgTechName:   LT NOC Team 
OrgTechPhone:  +1-972-398-7998
OrgTechEmail:  ipnet@layeredtech.com

# ARIN WHOIS database, last updated 2009-09-10 20:00

DNS records

name class type data time to live
activehackers.com IN SOA
server:
email: hostmaster.nameserver
serial: 16
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 5
3600s (01:00:00)
activehackers.com IN A 74.200.220.215 7200s (02:00:00)
activehackers.com IN MX
preference: 10
exchange: mx1.dns-diy.net
28800s (08:00:00)
215.220.200.74.in-addr.arpa IN PTR ns5.dns-diy.net 86400s (1.00:00:00)

— end —

Rogue Fake Antivirus Softwares – windows-systemguard.com


Consumer Alert fraudalert
These Sites Are Fraudulent
Phishing or Identity Theft
Do Not Conduct
or Transact Business With This Site

Rogue Fake Antivirus Softwares

  • antivirus-p2010.com
  • antivirus-p-2010.com
  • avirus-2010.com
  • a-virus-2010.com
  • a-virus2010.com
  • antiviruspro-2010.com
  • antiviruspro2010.com
  • antivirus-pro2010.com
  • antivirus-pro-2010.com
  • antivirusp-2010.com
  • antivirusp2010.com
  • avirus2010.com
  • av-pro2010.com
  • avpro2010.com
  • shontecltd.com
  • verticalt.com
  • traiden.org
  • remove-all-adware06.com
  • antivirus-fast-scan02.com
  • antivirus-fast-scan04.com
  • antivirus-fast-scan01.com
  • antivirus-fast-scan05.com
  • antivirusquickscan2.com
  • new-systemshield.com
  • windows-systemguard.com
  • windows-virusscan.com
  • windows-protectonline.com
  • windows-systemguard.net
  • windows-virusscan.net
  • remove-all-adware06.com
  • antivirus-fast-scan02.com
  • antivirus-fast-scan04.com
  • antivirus-fast-scan01.com
  • antivirus-fast-scan05.com
  • antivirusquickscan2.com