Patrick Bryant <piat_private> wrote: > I've been trying to advise eBay all day, since it's their name > that's being exploited, but all of my calls and emails have fallen > into a blackhole. Whilst it might be "nice" of you to inform eBay (I'm sure they see dozens of these a month and really don't care that much) you should really be informing the upstream hosting company of the fraudsters, possibly _their_ upstream as well (lots of "small-fry" hosting companies don't give a ^*%$ what their clients are doing so long as they pay their bills, whereas the bulk hosting companies they buy from tend to be a tad more concerned and will kill boxes/IPs much more quickly), _AND_ the DNS hosts (in such scams it is common to find the DNS is hosted other than by the hosting company). Also, as the complainant was apparently in the US, the local police and/or FBI "high tech crimes" folk should be involved too. > It now appears that the attackers are playing a shell game with > the redirector site. Even though the site that receives the > victim's post (bayers.netfirms.com) has been shut down, now the > attackers are redirecting to at least one different site for > receiving the posts. Get their DNS provider(s) to realize that by hosting and changing this scum's DNS entries they are aiding and abetting a fraud that the FBI is investigating (OK -- so don't tell the DNS host that you simply left a message on the after-hours message service) and see how quickly the DNS providers act... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 07:21:23 PST