CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Uber
CKA Uber
User avatar
Profile
Posts: 26245
PostPosted: Tue Sep 19, 2017 5:48 am
 


Tricks wrote:
DrCaleb wrote:
We've been getting a huge number of phishing attempts, with a zero day payload. Do NOT open emails with subject lines:

“Pat due invoice notification”

“My O2 Business - Your O2 Bill is ready”

“#09932 Invoice secondary notice”

Our firewall blocked addresses associated with those payloads, but you probably don't have a sophisticated firewall like ours. As well, no AV products caught this.

I had a fun assignment last week about tracing emails back to people.

Found the guy's phone number in Africa who tried to get my information claiming to be from the IRS.


I used to do that. :) After a while I stopped. No point.

But it must be fun calling him at 3am and asking if he'd like to buy an all inclusive Caribbean cruise!!


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 21099
PostPosted: Tue Sep 19, 2017 9:48 am
 


DrCaleb wrote:
Tricks wrote:
DrCaleb wrote:
We've been getting a huge number of phishing attempts, with a zero day payload. Do NOT open emails with subject lines:

“Pat due invoice notification”

“My O2 Business - Your O2 Bill is ready”

“#09932 Invoice secondary notice”

Our firewall blocked addresses associated with those payloads, but you probably don't have a sophisticated firewall like ours. As well, no AV products caught this.

I had a fun assignment last week about tracing emails back to people.

Found the guy's phone number in Africa who tried to get my information claiming to be from the IRS.


I used to do that. :) After a while I stopped. No point.

But it must be fun calling him at 3am and asking if he'd like to buy an all inclusive Caribbean cruise!!
I was tempted. I'm glad I'm finally doing something in this program outside of meaningless programming and learning what a botnet is. :lol:


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Tue Sep 19, 2017 4:31 pm
 


When I find spammers living in progressive countries like Nigeria and Belarus my favorite trick is to send them an original email from my email address.

I first check Live Ships to see what cargo ships are expected in their ports and when. Then I pick a random container number for an actual container.

Then I draw up a spreadsheet with a list of small to medium arms and ammunition and I attach it to the email.

The message typically reads:

Quote:
Mr. Spammer,

Your payment of $3,720,000 was received in our account in the Seychelles.

Attached is the manifest of the weapons and ammunition you ordered.

Container 324567-39 will arrive in your port aboard the MV Spam Queen.

The passcode for taking possession of the container is A325-67Y4-8291

Thank you for your business and should you have any future needs please do not hesitate to contact us. Best of luck with your revolution and the overthrow of President Nmbimbwe.

- Bart


This is often followed by a desperate sounding email denying any knowledge of the transaction.

The end game is usually noted by a drop off in global spam traffic. 8)


Offline
CKA Uber
CKA Uber
User avatar
Profile
Posts: 26245
PostPosted: Wed Sep 20, 2017 6:07 am
 


I like your style! :rock:


Offline
CKA Uber
CKA Uber
User avatar
Profile
Posts: 26245
PostPosted: Fri Sep 22, 2017 7:45 am
 


Sort of off topic, but related. If you use 'CCleaner' as your Antivirus, you probably got hacked. And it looks like the hack was intended as corporate espionage!

CCleaner malware outbreak is much worse than it first appeared


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Fri Sep 22, 2017 8:25 am
 


DrCaleb wrote:
Sort of off topic, but related. If you use 'CCleaner' as your Antivirus, you probably got hacked. And it looks like the hack was intended as corporate espionage!

CCleaner malware outbreak is much worse than it first appeared


The version that was reported as compromised is 5.33.6162.

But I isolated four of our computers that had CCleaner on them and found evidence of Floxif compromise on all four.

Their versions were:

4.00.0.4064
4.14.00.4707
5.18.00.5607
5.23.00.5808

If your machines have these hashes then they should be considered compromised:

ccleaner.exe - ef694b89ad7addb9a16bb6f26f1efaf7, d488e4b61c233293bec2ee09553d3a2f

ccsetup533.exe - 75735db7291a19329190757437bdb847

The compromised update server (which should be blocked on your firewall) is at 216.126.225.148

:wink:


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 21099
PostPosted: Fri Sep 22, 2017 11:45 am
 


Shit I have to check some family computers, I had switch from CCleaner to glary a while ago, but I can't remember who might still have it.


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Tue Sep 26, 2017 8:56 am
 


Moar shot to block

rockjonadd.top
gokeenakte.top
sokerrorfa.top
photographycounsel.win
soundmanjl.top
download-msjlukqyrkni5ss5o.stackpathdns.com
oaksdjhtuenhed.net
ekolapsm.top
newwincasinokf.com
nbhvnfhrnmc.com
nguoiphunu.net
jnbhbyuyyyyy.com
ddl7.data.hu
www.supercleanupdate.com
helprover.com
newesttechnology.net
outingsforseniors.com.au
searbrmiyet.xyz
serverofficedoc.camaradeburitirama.ba.gov.br
slimka.xyz
www.apleid.apple.com.secure.authcode.sa ... update.com
www.tanushreedesigns.in

141.255.147.229
141.255.149.195
193.46.83.9
47.88.51.250
192.95.11.45
88.99.7.251
73.25.4.70
74.50.61.177
192.129.227.190
195.123.218.226
137.74.239.213
199.204.52.89
185.174.100.125
185.174.100.116
45.63.71.59
185.194.141.172
151.139.245.15
185.82.23.28
5.34.180.135
85.25.210.172
176.31.241.189
193.169.54.12
104.131.116.144
91.189.131.90


Offline
CKA Super Elite
CKA Super Elite


GROUP_AVATAR
User avatar
Profile
Posts: 7505
PostPosted: Tue Sep 26, 2017 9:36 am
 


CCleaner?

How 2001


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Tue Sep 26, 2017 10:29 am
 


herbie wrote:
CCleaner?

How 2001


Agreed. I just reimage my computers when this crap comes up. Anymore it's the only way to be sure you've removed whatever the hackers and the NSA have installed on your machine.


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Mon Oct 09, 2017 3:08 pm
 


The shit list for the first part of October:

differentia.ru
disorderstatus.ru
eastomjetyopd.top
easyhomeworldsn.top
donfolednobelza.top
oiqbgenbchsss.com
www.jeegtube.com

66.234.234.36
162.243.154.25
62.210.86.114
37.187.57.57
74.208.155.175
217.160.91.206
108.59.253.38
37.48.125.112
51.255.58.18
5.196.200.229
185.174.100.125
46.4.67.203
147.135.209.118
178.254.33.12
137.74.98.30
5.45.108.249
74.50.52.130
80.93.62.67
204.27.59.196
159.203.94.198
185.82.23.28
46.4.207.219
64.73.192.190
82.211.30.202
208.83.111.114
193.169.54.12
23.227.197.134
45.77.74.168
89.26.255.26


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Mon Dec 11, 2017 11:37 am
 


Whole big boatload of crap sites to block this month:

198.154.238.174
180.131.139.203
104.236.109.186
176.58.104.69
69.198.17.49
107.170.177.153
173.255.217.114
64.131.70.202
185.174.100.124
69.43.168.200
85.25.192.71
23.227.197.133
66.85.74.178
124.95.181.146
216.70.105.121
152.204.28.255
208.106.132.197
80.13.139.237
23.89.220.136
34.233.17.86
54.213.74.215
35.227.195.76
189.160.190.12
37.59.247.119
23.110.109.101
192.129.227.205
76.112.70.9
23.204.155.198
185.8.236.15
80.74.170.249
52.221.119.36
69.71.90.153
23.202.40.86
23.46.35.180
23.212.102.181
189.180.206.138
162.144.182.242
132.148.85.171
69.4.79.157
205.204.81.15
208.100.26.251
131.0.103.194
91.192.100.33
187.209.163.252
200.61.34.67
104.227.137.35
188.241.155.6
withadvertisingthe.net
docteuur13.no-ip.org
www.onesystemupdate.com
www.ckj.ink
www.treckings.info
zakzak.at
awism.com
pic.cnitblog.com
rptx.anchorfree.net
sektori.org


Offline
CKA Uber
CKA Uber
 San Jose Sharks


GROUP_AVATAR
User avatar
Profile
Posts: 57599
PostPosted: Tue Jan 16, 2018 11:45 am
 


Today's list of shitty sites and domains to block:

docteuur13.no-ip.org
update-msjlukqyrkni5ss5o.stackpathdns.com
catrand.com

49.212.135.76
103.195.103.253
23.219.140.15
133.218.41.153
178.32.255.132
198.61.207.174
212.5.159.61
193.36.46.77
90.149.213.71
208.115.116.37
23.247.120.181
192.129.227.204
13.73.157.43
115.129.14.75
118.179.249.103
189.170.148.68
24.241.107.41
104.26.37.78
176.116.236.136
192.229.221.194
200.111.98.105
108.186.31.83
117.251.127.110
184.26.167.120
187.214.33.114
201.199.95.98
200.34.200.17
193.43.88.16
125.7.81.143
59.1.227.170
23.193.176.172
173.201.245.52
93.194.101.204
192.138.210.187
137.101.49.140
172.1.250.131
141.178.110.69
19.170.16.122
176.34.145.83
170.122.103.39
149.149.128.200
185.70.33.115
208.53.160.125
176.31.254.115
142.111.149.198
64.223.90.253
70.110.115.96
198.57.193.227
144.202.238.80
36.82.142.161
153.159.237.228
78.128.129.35
80.201.112.201
188.112.189.11
169.255.126.23
187.145.171.217
77.253.84.197
192.189.221.253
104.219.56.187
145.253.158.56
72.13.114.89
68.169.44.68
128.199.255.176
24.69.102.154
80.235.62.161
46.101.168.104
166.245.148.68
38.124.48.210
64.8.64.249
104.24.204.121
122.181.147.82
192.44.189.229
196.209.208.223
216.219.134.10
67.222.4.110
216.14.91.105
185.64.142.13
107.163.118.32
135.84.152.147
210.245.121.212
134.147.177.138
138.128.208.93
216.172.173.157
163.177.203.49
88.196.209.220
75.103.126.58
104.156.227.44
202.43.45.145
82.211.30.202
121.183.239.8
115.187.62.74
43.240.237.84
68.45.48.216
148.53.245.247
197.155.23.189
23.107.7.244
65.211.211.16
31.214.197.215
78.141.10.249
209.8.150.65
187.233.63.122
187.170.6.227
23.249.167.99
198.56.171.253
82.119.26.224
98.204.117.185
83.172.91.104
196.113.24.57
196.114.182.121
198.71.174.168
148.101.235.200
188.62.82.142
187.138.45.223
190.90.27.29
192.129.227.188
23.2.185.231
187.157.247.73
42.166.90.13
82.152.190.54
92.51.161.43
193.8.57.65
87.106.163.193
37.62.139.237
185.16.60.239
101.118.195.246
23.225.72.135
160.124.139.73
189.143.230.59
117.102.98.14
201.220.130.169
125.5.85.1
186.27.232.121
52.178.146.182
94.126.18.219
38.21.11.72
71.244.60.231
24.201.37.162
65.23.150.31
107.9.187.40
36.110.66.202
50.100.23.130
85.203.17.77
66.59.69.81
90.190.99.130
150.12.89.226
23.27.242.227
24.43.164.179
111.102.171.136
60.43.182.150
155.159.205.53
194.88.246.242
45.32.11.97
164.100.222.151
124.65.112.22
126.36.25.20
128.77.1.170
189.239.173.189
194.17.211.225
12.23.241.9
80.250.126.7
138.128.85.163
170.171.208.176
64.41.95.148
167.162.157.165
69.73.137.165
187.147.250.58
82.131.166.42
147.87.250.217
103.27.108.179
146.66.72.206
103.221.233.81
203.171.220.142
46.160.90.75
149.88.80.247
193.106.107.92
47.149.106.204
165.146.175.115
132.74.66.65
151.139.244.17
23.227.197.132
216.224.113.192
178.204.159.118
185.55.108.99
201.119.127.6
160.87.211.203
188.165.26.192
194.87.228.102
23.230.78.29
68.72.75.161
115.128.120.26
23.80.243.248
148.251.94.221
107.154.60.248
66.196.39.9
107.186.42.62
77.95.80.147
191.248.226.50
45.4.32.26
134.119.194.10
23.247.88.16
133.68.164.27
81.88.77.222
125.186.197.197
67.76.234.201
107.154.174.229
197.165.206.193
202.47.180.25
178.59.102.132
45.33.254.11
89.23.70.120
155.230.193.36
104.64.11.232
132.148.12.131
23.207.123.150
85.13.211.214
113.152.249.65
104.216.245.216
38.113.60.145
68.177.148.98
190.68.219.75
104.128.74.62
138.190.118.135
94.130.205.168
185.170.212.36
187.202.76.146
210.92.196.120
74.219.247.92
69.43.168.200
213.243.39.35
64.182.125.6
67.20.93.234
221.151.185.3
104.88.192.34
74.197.132.142
88.208.192.10
109.237.99.78
211.138.123.13
216.167.203.107
45.76.250.114
24.70.241.32
103.212.69.28
107.154.196.193
138.68.147.96
64.26.29.92
188.128.20.155
158.54.201.250
185.174.100.123
23.8.26.208
144.76.255.36
188.124.254.107
189.161.232.128


Post new topic  Reply to topic  [ 58 posts ]  Previous  1  2  3  4



Who is online

Users browsing this forum: No registered users and 1 guest




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.