This is archived news from 2005, for current news click here.
December 12, 2005You may have received an email like this, in fact you may have received several.
While the message text only refer to a generic credit union, the headers are forged with ncua.gov or cuna.org. NCUA was the target of similar phishing attack in July.
The messages are virtually the same text except for the fake case ID, we have recorded
The first string of messages linked to 126.96.36.199, a subnet in China. Later, the link changed to: http://www.tamin.org/.CREDIT-UNION/update.php. There is no content at this location but the site is still up. Tamin.org is registered to a company in Iran.
December 8, 2005How do the ISPs rate in response to viruses attacks from their networks?
November 21, 2005About Sober.
November 20, 2005
Beta participation in this project is already having an effect. 922 Shutdowns and suspensions are pending because emails forwarded by testers.
Two sites have recently been shutdown through efforts of the KnujOn project:
November 10, 2005Beta info.
November 3 & 4, 2005KnujOn was presented at the NE-HTCIA training.
October 26, 2005Emails with the title: You have just received a virtual greeting from a family member! actaully link to a spyware/virus download run from a subnet at the Kent Institute of Art and Design in Kent, England.
October 25, 2005You may have noticed an increase in stock-related spam recently. A great site: spamstocktracker.com follows the value of the stocks pumped through junk mail. Big surprise, all of these stocks a losers. So far he has lost a hypothetical eight thousand dollars on spam stocks.
October 13, 2005Computer Security Professionals and Law Enforcement are invited to an HTCIA meeting November 3 - 4, 2005 at Pace University in Manhattan. KnujOn will be one of the presentations.
September 26, 2005KnujOn is looking for beta testers. More information here.
September 22, 2005More information here.
September 1, 2005Active testing began on March 1, 2005 and the results have meet and exceeded our expectations. With over 1000 shutdowns, 147 voluntary removals, 2963 administrators tracked, and 3507 domains tracked we are calling the alpha test an amazing success. However, this is only the beginning. Soon we will begin soliciting beta testers and expanding our network and the project scope.
August 26, 20051000 Shutdowns and climbing. With more networks soon to join the effort the number can only grow faster.
August 9, 2005bailieldnab.com, bbovercowia.com, cnyoungunba.com, dnbfbsqs.com, eeladd.com, narrjl.com, gemuleycn.com, ghtnsecn.com, rumbumbale.com, tnashbsv.com, turuntale.com as well as others were all junk mail sites run by "Alexandr Zhamelgo" of Moscow. They have all been shutdown or suspended by KnujOn.
August 5, 2005As the database grows, the program becomes more efficient resulting in more and more shutdowns.
August 4, 2005oneclicksearches.com and psguard.com are using viruses to take over PC browsers. For more information and to find out what you can do, click here.
July 27, 2005Phishing
Shutdown Count Exceeds 500 - July 25, 2005
July 18, 2005Phishing
July 13, 2005A "mortgage approval" email processed by KnujOn lead to a site with an unauthorized use of TRUSTe seals. tpbaj.com, a purported "American Financial Specialist" is actually located in Canada and has an TRUSTe seal on his site but is not a register TRUSTe member.
Ronald Hentington of Toronto also runs these sites with similar offers:
None of these sites are TRUSTe members. If you have an email or site with a questionable TRUSTe seal you may verify it here.
July 12, 2005Phishing
July 11, 2005Phishing
July 7, 2005Phishing
July 6, 2005The shutdown/suspension count has passed 400 and will continue to grow at a faster rate.
Related Article: Hackers make way for criminals, experts say(Reuters)
July 2, 2005PayPal is under siege. Two different PayPal impersonators were revealed by KnujOn. One, in Arizona and another in Mexico. It is important to identify these scams quickly and report them before anyone falls victim.
July 1, 2005KnujOn processed an email which used web content from the National Credit Union Administration(ncua.gov) requesting that customers login and update their accounts, but the "Click Here to Update You Account" link actually went to a site hosted in South Korea. The "log-in" page at the Korean site was also used hijacked web content from ncua.gov and requested personal credit card information. This incident has been reported. If you are an NCUA customer or you have received a suspicious email from firstname.lastname@example.org, do not reply to it or click the links. Go to ncua.gov/Phishing/phishing.htm to read about Phishing and report fraud.
June 29, 2005PayPal seems to be a frequent target of phishing. One processed by KnujOn today was traced to the Egyptian Universities Network. The email was forwarded to PayPal administrators.
June 28, 2005KnujOn has processed several emails from greatrefi.com, savecashtoday.net, fastrefi.biz, and savenowtoday.com. All these sites claim to be operated by "Fast Refi Co." and offer rates as low as "2.9%"(typical rates are around 5%). We have been unable to locate any registered company or bank by the name "Fast Refi Co.", however all of the sites associated with this "institution" are run out of Brazil. It is unlikely that this is a real refinance offer, but actually an attempt to harvest personal information for unknown purposes. KnujOn has filed various reports about these sites.
June 27, 2005As of June 27th the total number of unique sites shut down or suspended by KnujOn is 301.
June 24, 2005An email claiming to be from PayPal actually linked to "paypal-chk.com" a site not associated with PayPal but registered to a Werner Strijewski in Toronto, Canada (PayPal is based in San Jose, CA). This was reported to PayPal.
June 23, 2005Phishing
June 22, 2005Phishing
Related article: ID data breaches: as rampant as it seems (money.cnn.com)
June 21, 2005A "bank" has been sending emails promising $300,000 loans at 3.6%(typical interest these days is around 5%). A review of the site rsraoyh.com showed they claimed FDIC and BBBOnLine accreditation. KunjOn was unable to find certificates at either organization for rsraoyh.com. The owner of rsraoyh.com is actually located in Moscow, Russia.
All FDIC insured banks must have a certificate number. This site was reported to the FDIC and BBB by KnujOn. For more information on verifying FDIC seals and protecting your privacy, click here. To verify a BBB member, click here. To report BBB-related scams, click here.
June 16, 2005Phishing
June 14, 2005Today the number of sites shut down or suspended is over 200. These are unique sites associated with junk mail and various Internet scams. The number is quite significant since it represents the results of a single network running KnujOn. Within a year the impact of KnujOn on this network on the Internet in general will be amazing. Beyond the shutdowns, KnujOn has also identified various attempts to obtain personal information for use in possibly illegal activity. Our goal in the coming months is to make KnujOn available for general use. For more information, please contact us.
June 9, 2005We have collected dozens of email samples like this one:
The linked websites are constantly changing, but they are all cleverly crafted, clean-looking sites. There are no phone numbers, names, addresses or even names of legitimate lending agencies, merely on-line forms asking for personal information.
The following sites are all connected to these questionable emails:
slmply.net, easi3r.com, ast0unds.com, f1nds.net, l3arn.net, bllls.net pr1m3time.com, pay-m3.net, m0n3y.net, fre3d0m.com, br3aks.com, easi3r.com
These sites are all owned by "David Learner" of London England who is identified by spamcop.net and toastedspam.com as a notorious junk mailer. It is doubtful that "David Learner" is associated with any banks or lending agencies in the United States even though his emails all claim to offer refinancing in all 50 states.
June 8, 2005A spammer in Russia who claimed to sell licensed versions of Microsoft and Adobe software had his site (rrtop.com) terminated 1 hour after the hosting company was contacted by KnujOn. Shutdowns can often take days to complete, but this hosting company was instantly satisfied by KnujOn's reporting and presentation of the case.
June 7, 2005Phishing
June 6, 2005Phishing
May 26, 2005KnujOn was presented to the High Technology Crime Investigation Association and produced considerable interest and debate. KnujOn and Cold Rain hope to continue to work with the HTCIA in the future.