A real, live, phishing site for you to play with!

[David H. Lipman]

From: "StevieO" <no@sevieo.np>

| LOL which you did.


Nope, that was me when I wrote...
"It may be a criminal fraud site such as you pay for pharma products and you never receive
any or they use the PII a customer provided for purposes not expressed by the intent of a
customer's chosen
purchase."

http://en.wikipedia.org/wiki/Persona...le_information

I had already performed a WHOIS but just didn't post the findings except indicating that
it was "Russian created pharmaceutical site".

I deliberately posting sparse information. BD likes to boast how he likes to fight the
bad guys. I have posted many times he doesn't have the skillset. I think this thread was
good a proving that he doesn't have the skillset and lacks needed understanding of the
both the underlying and overarching concepts.

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[~BD~]

David H. Lipman wrote:

> BD likes to boast how he likes to fight the
> bad guys. I have posted many times he doesn't have the skillset.
> I think this thread was good a proving that he doesn't have the
> skillset and lacks needed understanding of the both the underlying
> and overarching concepts.

That's being unfair, David H. Lipman.

I don't recall ever 'boasting' about fighting 'bad guys'. I have said
that since having money stolen from me (my fault, I accept) I've done a
great deal of research on how bad guys achieve their aims.

I've also acknowledged that in no way do I consider myself to have the
technical skillset to catch bad guys - which is why I sought help from
Dustin Cook and/or anyone else who *does* have the necessary skills.

What I *do* know is that I was 'lured' to Annexcafe newsgroups (which
encourage the use of HTML instead of plain text) and, whilst there,
*someone* was able to disable my computer - on more than one occasion.
The owner of Annexcafe, Gregory Gooden, refused to discuss matters
sensibly and chose to place a ban on me posting on his server instead.

A certain Peter Foldes (whom you say you trust) has, over the past 5
years, consistently stalked me and lied in just about every post I've
seen him make.

I tell you the truth - and you choose not to believe me. Your
prerogative, of course. IMO it would have been FAR better had you
co-opted some of your colleagues in the security world to check out
Annex/Annexcafe and then taken appropriate action accordingly. You know
full well that you could have notified me of the findings by email.

BD

[David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.org>

| David H. Lipman wrote:

>> BD likes to boast how he likes to fight the
>> bad guys. I have posted many times he doesn't have the skillset.
>> I think this thread was good a proving that he doesn't have the
>> skillset and lacks needed understanding of the both the underlying
>> and overarching concepts.

| That's being unfair, David H. Lipman.

| I don't recall ever 'boasting' about fighting 'bad guys'. I have said
| that since having money stolen from me (my fault, I accept) I've done a
| great deal of research on how bad guys achieve their aims.

| I've also acknowledged that in no way do I consider myself to have the
| technical skillset to catch bad guys - which is why I sought help from
| Dustin Cook and/or anyone else who *does* have the necessary skills.

< crap snip >

| I tell you the truth - and you choose not to believe me. Your
| prerogative, of course. IMO it would have been FAR better had you
| co-opted some of your colleagues in the security world to check out
| Annex/Annexcafe and then taken appropriate action accordingly. You know
| full well that you could have notified me of the findings by email.

It is totally fair. You have interfered in threads with your lack of knowledge and
misinformation and trolled both the news groups and individual group users. You also keep
regurgitating crap about Peter.

You reap the harvest of the seeds you sow.

EoD

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[~BD~]

David H. Lipman wrote:
> You also keep
> regurgitating crap about Peter.

Peter Foldes is a liar and a fraud. That is the truth.

> You reap the harvest of the seeds you sow.

Indeed one does. I am in total agreement.

'Karma' is an Indian religious concept in contradistinction to 'faith'
espoused by Abrahamic religions (Judaism, Christianity, and Islam),
which view all human dramas as the will of God as opposed to present—and
past—life actions. In theistic schools of Hinduism, humans have free
will to choose good or evil and suffer the consequences, which require
the will of God to implement karma's consequences, unlike Buddhism or
Jainism which do not accord any role to a supreme God or gods. In Indian
beliefs, the karmic effects of all deeds are viewed as actively shaping
past, present, and future experiences. The results or 'fruits' of
actions are called karma-phala.

Ref: http://en.wikipedia.org/wiki/Karma

Bad guys *will* reap their just rewards! Of that I have *no* doubt!

BD

[David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.org>

This is a "real, live, phishing site" !

h**p://mobtakercabin.com//includes/chaseonline/index.htm


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[~BD~]

David H. Lipman wrote:
> From: "~BD~"<~BD~@nomail.afraid.org>
>
> This is a "real, live, phishing site" !
>
> h**p://mobtakercabin.com//includes/chaseonline/index.htm
>
>

FYI - that URL produces *exactly* the same 'warnings' from Safari and
Opera as the link I originally posted. I do understand the point you are
making though - it might certainly help others reading here.

As an aside .....

I have a fake email message purportedly from FedEx Logistics Services
<FedEx.no.0268@fedex.com>

My ISP Web mail service (BT/Yahoo) will not download the attachment
because it says it contains a virus (things are getting better at last!).

Would it be of any research value to anyone if I were to forward same?

[Mike Easter]

~BD~ wrote:

> I have a fake email message purportedly from FedEx Logistics Services
> <FedEx.no.0268@fedex.com>
>
> My ISP Web mail service (BT/Yahoo) will not download the attachment
> because it says it contains a virus (things are getting better at last!).

It is common practice for some providers to strip virus attachments and
discard them -- in which case it is impossible for you to access the
attachment, or rather the mail+attachment.

Other providers leave the mail intact but identify it and quarantine it
into a virus folder and they tell you about it and give you access. That
is the way EL earthlink does it. Then EL discards it after 3 d.

> Would it be of any research value to anyone if I were to forward same?

If you don't have it and can't get it, you have no options. If you had
it or had it quarantined somewhere on disk, you could upload it to
VirusTotal, as one example.

In this interface, you upload it http://www.virustotal.com/

It is also possible to email it, but that requires establishing an email
account/address at VT http://www.virustotal.com/advanced.html#email

If you have an AV agent operating, it is sometimes hard to 'handle' a
virus because your agent wants to go crazy or neutralize it or otherwise
prevent your doing anything with/ handling/ it, so you have to go into
some kind of AV disabled state depending on the AV's options.

One advantage of sending it to VT is that you get a picture or snapshot
of how and whether a particular engine IDs something.

Here's an example result from their site showing what 42 engines found
on a recent sample http://peek.snipr.com/1ghlox [www_virustotal_com]


--
Mike Easter

[Mike Easter]

Mike Easter wrote:

> It is also possible to email it, but that requires establishing an email
> account/address at VT http://www.virustotal.com/advanced.html#email

That 'establish' is not correct; you don't have to have any kind of
account at VT, just follow the instructions and VT will email you the
results back.


--
Mike Easter

[~BD~]

Mike Easter wrote:
> Mike Easter wrote:
>
>> It is also possible to email it, but that requires establishing an
>> email account/address at VT http://www.virustotal.com/advanced.html#email
>
> That 'establish' is not correct; you don't have to have any kind of
> account at VT, just follow the instructions and VT will email you the
> results back.
>
>

Thanks Mike - I was already familiar with Virus Total but had forgotten
that I could send an email. I did so - here is the result:

**

Complete scanning result of "FedEx_mailing_label_ID.S1936.zip",
processed in VirusTotal at 11/15/2010 13:10:56 (CET).

[ file data ]
* name..: FedEx_mailing_label_ID.S1936.zip
* size..: 25582
* md5...: e2a1c1bf2440e649bd8627ffead263b7
* sha1..: 85b6ade6530ed4dc0e45e95803924a1e1e47b10d
* peid..: -

[ scan result ]
AhnLab-V3 2010.11.15.05/20101115 found [Win-Trojan/Oficla.74752]
AntiVir 7.10.13.240/20101115 found [TR/Spy.ZBot.MY]
Antiy-AVL 2.0.3.7/20101115 found nothing
Authentium 5.2.0.5/20101115 found [W32/Oficla.R.gen!Eldorado]
Avast 4.8.1351.0/20101115 found [Win32:Oficla-AX]
Avast5 5.0.594.0/20101115 found [Win32:Oficla-AX]
AVG 9.0.0.851/20101115 found [Dropper.Generic2.BTTI]
BitDefender 7.2/20101115 found [Trojan.Generic.5074337]
CAT-QuickHeal 11.00/20101109 found nothing
ClamAV 0.96.4.0/20101115 found [Trojan.Bredolab-1027]
Comodo 6727/20101115 found [TrojWare.Win32.Trojan.Oficla.~D]
DrWeb 5.0.2.03300/20101115 found [Trojan.Oficla.80]
Emsisoft 5.0.0.50/20101115 found [Trojan.Win32.Oficla!IK]
eSafe 7.0.17.0/20101114 found nothing
eTrust-Vet 36.1.7976/20101115 found [Win32/Bamital.BD]
F-Prot 4.6.2.117/20101115 found [W32/Oficla.R.gen!Eldorado]
F-Secure 9.0.16160.0/20101115 found [Trojan:W32/Bamital.D]
Fortinet 4.2.249.0/20101115 found [W32/Agent.PHW!tr]
GData 21/20101115 found [Trojan.Generic.5074337]
Ikarus T3.1.1.90.0/20101115 found [Trojan.Win32.Oficla]
Jiangmin 13.0.900/20101115 found [Trojan/Oficla.ach]
K7AntiVirus 9.67.2973/20101112 found nothing
Kaspersky 7.0.0.125/20101115 found [Trojan.Win32.Oficla.azk]
McAfee 5.400.0.1158/20101115 found [W32/Pinkslipbot.gen.t]
McAfee-GW-Edition 2010.1C/20101115 found [Generic.dx!uqm]
Microsoft 1.6301/20101115 found [Trojan:Win32/Oficla.AD]
NOD32 5620/20101115 found [Win32/Oficla.JF]
Norman 6.06.10/20101115 found [W32/Oficla.ME]
nProtect 2010-11-15.01/20101115 found [Trojan.Generic.5074337]
Panda 10.0.2.7/20101114 found [Bck/Qbot.AO]
PCTools 7.0.3.5/20101115 found [Trojan.Bamital]
Prevx 3.0/20101115 found [High Risk Cloaked Malware]
Rising 22.73.06.04/20101115 found nothing
Sophos 4.59.0/20101115 found [Troj/Agent-PHW]
Sunbelt 7315/20101115 found [Trojan.Win32.Generic.pak!cobra]
SUPERAntiSpyware 4.40.0.1006/20101115 found nothing
Symantec 20101.2.0.161/20101115 found [Trojan.Bamital!gen1]
TheHacker 6.7.0.1.083/20101115 found [Trojan/Oficla.azk]
TrendMicro 9.120.0.1004/20101115 found [TROJ_BAMITAL.AH]
TrendMicro-HouseCall 9.120.0.1004/20101115 found [TROJ_BAMITAL.AH]
VBA32 3.12.14.2/20101115 found nothing
ViRobot 2010.11.15.4148/20101115 found nothing
VirusBuster 12.75.3.0/20101114 found [Trojan.Oficla.CPS]

[ notes ]
ThreatExpert info:
http://www.threatexpert.com/report.a...8627ffead263b7
http://info.prevx.com/aboutprogramte...839F00C760999E

**

It seems as if BT is doing its job well!

Cheers

D.

[StevieO]

Perhaps they are ALL part of the Secret Annex Society?

You never thought of that did you...LOL



"~BD~" <~BD~@nomail.afraid.org> wrote in message
newseidnbQMfaz2tX3RnZ2dnUVZ8uGdnZ2d@bt.com...

I tell you the truth - and you choose not to believe me. Your
prerogative, of course. IMO it would have been FAR better had you
co-opted some of your colleagues in the security world to check out
Annex/Annexcafe and then taken appropriate action accordingly. You know
full well that you could have notified me of the findings by email.

BD