Last visit was: Sat Jul 05, 2014 12:25 pm
It is currently Sat Jul 05, 2014 12:25 pm

NZ Bank Phishes


All times are UTC - 5 hours [ DST ]


 [ 5 posts ] 
Author Message
 PostPosted: Thu Aug 19, 2010 7:18 pm   
Spam Reporter
User avatar

Joined: Sat Jun 13, 2009 11:34 pm
Posts: 140
Recently I have had a new email address created at nzart.org.nz
This address was published in an E newsletter and harvested.
The newsletter is published on the web in html format as well as sent out to members.

I have been in contact with one of the victims, survey.co.nz, to offer him some advice.
His domain is not being used but that did not stop spammy from using it to add some creditability to the phish attempt. The poor guy got a number of phone calls from people that received the spam as well as other problems.

I have long suspected that the registrar of survey.co.nz is an associate of Shane Atkinson and co and or Joe Dunning. I think privacy protect has something to do with this as well. As some would know privacy protect used a PO Box provider in NZ. All my tracking of this type of phishing over the years has yielded many dead ends and much of the anecdotal I had has been not recorded. kiwiphil.com is one lead that is still valid.

I have placed all the evidence that I have on my web server in a protected directory.
Anyone that has in this type of spam is welcome to take a look. The victim, Zane has tracked Joe Dunning to an address in Christchurch NZ and he will be sending me this info as soon as he can... His registrar has removed his DNS entry which I think is par for the course as previously stated maybe in league with spammy.

If anyone is able to assist with information please email me off list.

https://www.bencom.co.nz/zl-anti-spam/

Login: ibr
Pass: ibr123rbi

Please forgive the bad ssl cert.

There is only one dir with the evidence.

The spam source has been identified as the Send Safe bot net which as you all know is the bot net Shane (Ex Mike Van Essen) and his spam gang use.

I have also included evidence from 2004 as I have a hunch the two are very related. In 2004 I was being attacked by the gang and eventually I tracked the source of these attacks to Dean Westbury after he made several extortion threats and a phone call. Dean used to send me very fresh virus files (Sobig and others associated with send safe) that were not detected by up to date scanners. There is a link between Dean and Joe (Joseph Dunning) in that they both have married Philippine women and as such I am told Joe visits the Philippines.

Any help whatsoever would be much appreciated as I have been on the issue on and off since 2003 when I got the first kiwi bank phish bounces. Note the dates... I lost the 2003 bounces somewhere in my archive but on Christmas day 2003 & 2004 the same type of attack was made by the scammers... I believe this was my Christmas message from the gang after I outed Shane earlier in 2003. In between the two lots of bounce messages I saw no bank phishing activity at all but after December 2004 the gang attacked NZ banks in earnest and have not stopped since. As you see when you view the spam there is a NZ source that allows the gang inside knowledge to NZ conditions and companies like survey.co.nz to target NZ'ers.

Be assured that if you access my web server your IP address/identity will never be released. If you need to use a proxy use the non SSL version of the URL but beware many proxy IP addresses are blocked at my firewall.

I will remove access to my server (IBR login) on Monday our time. Anyone who wants ongoing access to the ongoing investigation will need to email me for a personal login name.

I have reenabled resources to take up the gauntlet of spam fighting again and am running my own mail server again. From logs the same email addresses that the gang attacked in the past are still being attacked today despite the mail boxes being closed for some years.

TIA and best regards.
Peter Bennett aka Anony Mouse
Bencom Ltd


Top
 Profile  
 PostPosted: Sun Aug 22, 2010 10:10 pm   
Spam Reporter
User avatar

Joined: Sat Jun 13, 2009 11:34 pm
Posts: 140
Oh well...


Top
 Profile  
 PostPosted: Tue Aug 24, 2010 12:57 pm   
Spam Reporter
User avatar

Joined: Thu May 22, 2008 10:39 am
Posts: 114
You might want to wait a bit longer :)

I don't know about the attendance rates here but IBR is smallish forum and we don't all visit this place on daily (or even weekly) basis.


Top
 Profile  
 PostPosted: Tue Aug 24, 2010 5:16 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
lordpake wrote:
I don't know about the attendance rates here but IBR is smallish forum and we don't all visit this place on daily (or even weekly) basis.


24 members have logged in in the last 24 hours (an unusually busy day, actually -- was there a joe job emailing today? Gotta check my email :) )
30 in the last 48 hours
35 in the last week
48 in the last month
73 in the last 90 days
91 in the last 180 days

Overall, there are a surprisingly small number of active members considering how much people on this forum accomplish. OTOH, a lot of other forums allow bots to register pretty easily, which bloats their statistics.


Top
 Profile  
 PostPosted: Wed Aug 25, 2010 9:36 am   
Spam Reporter
User avatar

Joined: Sun Aug 13, 2006 6:57 pm
Posts: 248
AlphaCentauri wrote:
Overall, there are a surprisingly small number of active members considering how much people on this forum accomplish.


The accomplishments are even more impressive because the activity of some members is limited to lurking.

I won't mention any names but... :oops:


Top
 Profile  
 [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008