¿Qué es un navegador?

Una web muy clarificadora sobre lo que es hoy en dia un navegador (Browser)

Las fuentes del SPAM

Los spamers consiguen las direcciones de correo electrónico de varias formas:
- Generación automática de las direcciones a partir de nombres de dominios, es un metodo de prueba y ensayo, lento pero seguro.
- Recogida de direcciones de correo indexadas por los buscadores.
- Robo o compra de agendas o directorios.
- Obtención directa mediante registro previo a descargas, etc.

Para mantener el máximo tiempo nuestro buzón libre de spam, además de disponer de un sistema antispam, debemos de ser muy cautos a la hora de escribir nuestro e-mail. Para registros en web podemos inventarnos direcciones de correo, pero esto no vale en el caso de que nos sea remitido un link de confirmación (los webmaster no son tontos) en ese caso podemos generar direcciones volátiles y anónimas como las de Mailinator, Spambog, yopmail, instantemailaddress y Ddispostable.

Tambien es una buena solución usar alias de cuentas que pueden crearse con aplicaciones como mailexpire y reenvíos de emails que se pueden hacer con aplicaciones específicas como trashmail o simplemente encadenando dos o mas cuentas de correo como las de gmail.

Convertir videos de flujos de Internet a ficheros

Los videos de Youtube (máximo 10 minutos o 2 GB), Vimeo y otras webs especializadas en la difusión de videos se pueden ver sin mayores problemas con una adecuada linea (ADSL) y el plug-in correspondiente para el navegador que usemos, por ejemplo para Youtube necesitamos el plug-in de Adobe Flash Player.

Para descargar y almacenar como ficheros los flujos de vídeo se puede usar el complemento o extensión "Download Helper" que está disponible para el navegador Firefox. Aunque esta extensión permite la conversión del formato de video a la vez que realiza la descarga, a mi nunca me ha satisfecho completamenten, así que realizo la descarga en el formato original de Youtube (320x240 H.263 mono MP3 audio; 720p HD; 1080p HD H.264/MPEG-4 AVC AAC audio)

Despues se pueden visualizar los videos en local con un reproductor como VLC o convertirlo a un formato de video domestico (SVCD o VCD) con el programa Mediacoder .

Por último nos quedaría almacenar el video descargado y convertido en una memoria o disco USB o en un CD o DVD.

Tipos de SPAM

Una clasificación más completa del SPAM, en la que se incluyen tipos de correos neutros la da M86 el correo SPAM se puede clasificar en:

- SCAMS (Timos)
- CONTENIDOS DE ADULTOS (Pornografía)
- SERVICIOS FINANCIEROS (Hipotecas, refinanciación, prestamos, etc.)
- VENTA DE STOCK
- FARMACIAS (Pildoras adelgazantes, viagra, etc.)
- PHISHING (Suplantación para la obtención de credenciales)
- DIPLOMAS
- REPLICAS
- SOFTWARE
- MALWARE
- GAMBLING (casinos, poker, etc.)
- DATING
- OTROS (Bulos, estafas)

Cifras sobre el SPAM

Según el informe que sobre SPAM realiza VIRUSLIST más del 84% de todos los e-mail que circulan por Internet es SPAM, y casi el 3% de todo este correo basura además es maligno (contiene malware). 

Casi 1 de cada 4 correos de SPAM procede de Estados Unidos (24,9%), que es lider en la emisión de basura, siguiendole India (8,5%), Brasil, Colombia y España (casi un 5%), ... y por detrás Ruisa (3,6%).

Las webs sobre las que se realiza un mayor número de intentos de phising son Paypal (70%, con el que suele usar el engaño de la cuenta bloqueda), eBay (5,8%).

Los verdaderos secretos no debe concerlos nadie

En un post anterior comentaba la posibilidad de hacer búsquedas en Google usando el protocolo https, esto asegura la confidencialidad, pero solamente en los elementos intermedios pues tanto Google, como el navegador conocerán las búsquedas realizadas.

Si queremos confidencialidad en Google debemos hacer las busquedas a través de un proxy como Hide My Ass! y además hacerlas desconectados del usuario Gmail.

Si queremos confidencialidad en las búsquedas en el navegador debemos configurarlo de forma que: no recuerde historial, no guarde cache, no sugiera en las busquedas, ... y en caso de que el navegador no permita esta configuración pasarnos a Firefox que si que lo permite.

Un, dos , tres … timando otra vez

... o variaciones progresivas de un timo a la nigeriana

Un

Es usted muy afortunado pues tenemos mucho dinero proveniente de herencias, comisiones ilegales, botines de guerra, cuentas dormidas, … tanto, que no sabemos que hacer en un país tan pobre como el nuestro (Burkina Fasso, Nigeria, Costa de Marfil, etc.) y queremos compartirlo con usted, que por cierto no lo conocemos de nada y tampoco nos importa, pero antes necesitaríamos un pequeño adelanto para hacer las gestiones necesarias para poder enviarle tanta pasta, que Dios lo bendiga.


Ejemplo

Dos

No sabemos si ustede tiene noticias de que hay mucho timador suelto por Internet que hacen creer a sus victimas que tienen mucho dinero para ellas y les piden un pequeño adelanto para las gestiones previas, no se fie de ellos. Nosotros hemos sido oficialmente comisionados para el reparto mundial de fondos y así evitar los timos, … aunque entenderá que necesitamos un pequeño adelanto para las gestiones oficiales necesarias para la expatriación segura de los fondos.

Ejemplo


Tres

Como sabiamos que hay muchos timadores que decían tener mucho dinero para repartir, o que estaban comisionados para repartir mucho dinero, hemos realizado un operativo que ha permitido detener a estos delincuentes que tanto daño hacen y tan mala fama dan a nuestro país. Además hemos conseguido recuperar el dinero que han estafado, una cantidad enorme, y la lista de personas que han sido engañadas o que al menos han intentado timar, y usted está entre ellos. Pero tiene suerte queremos resarcirle económicamente de ello pero necesitamos un pequeño adelanto para las gestiones necesarias para poderle enviar el dinero, pero ya sabe muy rápido.

Ejemplo

ROBERT MUELLER III EXECUTIVE DIRECTOR FBI
FROM THE DESKTOP OF THE CHAIRMAN ECONOMIC FINANCIAL OF
CRIMES COMMISSION UNDER FEDERAL BUREAU OF INVESTIGATION FBI.WASHINGTON DC.


ATTENTION:BENEFICIARY:

How are you? i hope you are fine. Well, I believe by the time you will be through with this email and will understand and surely place your mind at rest as you are going to start a new life in no distance time. Most families have lost lives, homes and there great wealth due to the high rate of fraud and scams that has been all over the Nation and the world in general, but since the setup of the Economic and Financial Crimes Commission alongside with the FBI Washington D.C for the purpose, these crimes has been reduced and we are fighting heavily to put this to an end.

Right now, [$900,000,000]Nine hundred million us Dollars has been recovered from these fraudsters through our Intelligence network, and most suspects are still under our custody for proper investigations and trials. Your mail address has been found in our list of those that has been defrauded through some of these media, Account/bank transfer, dating and others. The bank transfer, and other means of sending money that has been sent so far to some country like London Ghana,Togo,Spain,South Africa and United States etc are being received here in our country by these scammers in the name of having transaction that you don't know about. Yo be paid to an individual through any means without a proper investigation. We have our agents in the bank all round the World with proper security to checkmate these scammers and any bank that goes contrary to our instruction will stand the risk of losing its certificate of accreditation. If this is true about you, do not border much because it is time for you to regain what you have lost .This wonderful compensation program was introduced by the new chairman of Economic Financial Of Crimes Commission(EFCC) and the FBI Washington DC.
All you need to do is to contact the head of verification department with this information below for further clarification and screening after which part of this money will be sent to you through any means which will be convenience for you as stated.

FULL NAME:
COUNTRY:
ADDRESS:
SEX:
MARITAL STATUS:
OCCUPATION:
AMOUNT SCAMED FROM YOU:
PHONE NUMBER:

OFFICE OF VERIFICATION ECONOMIC AND FINANCIAL CRIMES COMMISSION
MR. Kelly Lyre Contact person
EMAIL:efccoffice.fileaccount@gmx.com
OFFICE PHONE: +234-8062830397

Sign
MRS FARIDA-WAZIRRI
[Chairman EFCC Republic of Nigeria]
NOTE: Contact the verification office as you were instructed to the email above. This payment has a limited time frame for funds dispatch. Your response is expected within 7 working days of receiving this notice.
BEST REGARDS

Este timo (419 scam) circula por Internet al menos desde verano de 2008

UN foro sobre fraudes en Internet FW - fraudwatchers

Quien quiera fiesta ... que abra el anexo

From: gffkj hgkjgkljkl
Date: 2010/7/23
Subject: YOU HAVE WON THE COCA'COLA ONLINE PROMOTION
To: yyyyyyy7477@att.net

PLEASE OPEN ATTACH

Como se ha acabado el mundial de fútbol hay que buscar otros ganchos para hacer un timo nigeriano ... un premio de Coca Cola ... al cual como siempre no hemos jugado, ... pero este además es cutre por el remitente que se han buscado.

La cabecera que tenemos es:

Received: from [41.245.23.34] by web83814.mail.sp1.yahoo.com via HTTP; Fri, 23 Jul 2010 05:01:24 PDT

Que Email Trace nos fija la IP 41.245.23.34 como asignada por la empresa Telkom SA Ltd. de Johannesburgo (Sudáfrica)

Phising premio BBVA

Vamos a analizar un nuevo phising, en este caso se trata de un e-mail que aparentemente procede del BBVA en el que nos conceden un premio. Ya hemos visto otro en el que nos habían hecho una transferencia y en spamdb hay otro ejemplo en el que la cuenta se ha bloqueado por razones de seguridad (Vaya temporada que les están dando al BBVA).

El correo aparentemente lo remite Servicios@PremiosBBVA.net  (basta hacer un replay para comprobar que el dominio PremiosBBVA.net no existe), y él se nos informa de que hemos recibido un premio a la fidelidad.


El texto dice (lo tecleo para que quede indexado el contenido por los buscadores):

Estimado cliente,

BBVA concede un premio  tu cuenta con un bono de fidelidad.

A fin de recibir el bono es necesario leer servicios en línea en las próximas 72 horas cuando usted recibió el correo electrónico.

Bono será acreditada directamente a la cuenta en las próximas 72 horas

Conectarse a servicios en línea para la acreditación

Vamos a analizarlo por partes:
- Si comprobamos las cabeceras del e-mail se ve que el correo originalmente procede de la IP 70.38.123.116 localizada en Canadá.
- Si analizando el texto vemos que hay muchas y graves faltas de ortografía y se ve claramente que no lo ha escrito una persona que no domina el español pues falla en el uso de los signos de puntuación, las preposiciones y la flexión verbal, tres quebraderos de cabeza para los estudiantes del español.

Con todo esto tenemos ya mucha información importante para afirmar que es una estafa: el correo remitente no existe, el correo no ha partido del BBVA sino de una web de Canadá y nadie en el BBVA hubiese autorizado un correo a clientes tan mal escrito.

Pasamos a analizar cómo se ha construido el mensaje-trampa. El correo está compuesto por:
- Una imagen (con el fin de evitar los filtros de phising y además conocer el número y localización de lecturas del e-mail del phising) que está alojada en http://81.171.121.45/.poza/pre.PNG (La IP 81.171.121.45 está localizada en Holanda, según Machine IP, tiene instalado Apache/2.0.54 con Debian GNU/Linux y PHP/5.2.1-0.dotdeb.1 with Suhosin-Patch Server  donde se subió la imagen el mismo 23 de julio de 2010 y el nombre del servidor es web00.telinco.be). El servidor tiene una instalación Apache completa aunque protegida y por ello al intentar acceder al manual de APACHE que debería estar en http://81.171.121.45/manual/index.html recibimos el mensaje "You don't have permission to access /manual/index.html on this server" ... ¿y si probamos http://81.171.121.45/index.htm? ... pues nos contesta "Not Found The requested URL /index.htm was not found on this server." ... y como dice el gran Chema si algo nos da respuestas diferentes a preguntas diferentes, siempre podremos obtener información.

- Sobre la imagen hay mapeado el hiperenlace (QUE NUNCA HAY QUE SEGUIR) que nos va a llevar a la web trampa que simula la web del BBV y que está en la URL http://www.redirectbb.1meds.org/en/009.php (http://www.1meds.org/ es el dominio de una e-farmacia y la IP es 69.42.173.7) que redirecciona con un Apache/2.2.3 con CentOS a la URL http://www.bbvanetoffice.romale.sk/local_bdno/bbx/index.html cuya IP es lógicamente la misma  69.42.173.7 que está alojada en en Estados Unidos.

Esta redirección sirve para ir cambiando la URL, y así intentar saltarse los sistemas de antiphising basados en listas negras de URL. Y así en pocas horas cambió a http://www.bbvanetoffice.premios.atcoe.com/local_bdno/bbx/index.html (http://www.atcoe.com/ es el dominio de otra e-farmacia)

Otros muchos dominios como http://telebfax.com/ están redireccionados a esta IP que muestra en el home una pantalla de logon  ¿mantenimiento?  http://www.redirectbb.1meds.org:80/logon.php?acao=logar

Mucha inforamción sobre servidores y dominios la proporciona Netcraft

El dominio romale.sk pertenece segun Domain Tool a Eslovaquia y está registrado por BOXN-0001 (Box Network s.r.o., 36195618, Komenskeho 41, Kosice 04001, 0905 942 606, 0905 942 606) o no, pues tampoco los datos de registro de un dominio son de fiar.

Con Firefox, que es mas bueno de lo que muchos piensan la web aparece bloqueada "POR PHISING"

Con otros navegadores vemos la web sin problemas

Que se parece un poco a la original https://www.bbvanetoffice.com/local_bdno/login_bbvanetoffice.html
pero solamente un poco. Fíjese que la web original tiene un certificado válido y cifra con https el tráfico, que no es una garantía absoluta, pero en caso de que una web no cifre los datos si que es una clara evidencia de que se trata de una web nada fiable.

Pero bueno vamos a probar, por su puesto con números y datos aleatorios. En principio dado el sistema de comprobación de la tarjeta de coordenadas del BBVA parece que no tiene mucho futuro el PHISING, pero los malos no son tontos, y así   la web nos lleva a la URL a http://www.bbvanetoffice.romale.sk/local_bdno/bbx1/index.html   que nos ofrecen un correo seguro para evitar el PHISING ... una forma de ganarse la confianza de la víctima ... hay mucho malo suelto que quiere tangar, menos mal que hay malos buenos que nos previenen de los malos malos ...

Un nuevo ACEPTAR nos lleva a  una página web que nos piden todos los datos de la tarjeta de crédito y del DNI ... ¿Pero no era un ingreso en cuenta lo que nos había tocado?

... nos van a freir la tarjeta de crédito antes de que le demos al INTRO

Y hasta aquí la e-estafa ... y una pequeña enseñanza final ... "De poco vale securizar  una web si lo que hacen los cacos es estafar en nuestro nombre" ... ya sea con un XSS (Cross Site Scripting) o un Phising

¿Por qué desde mi ordenador no visualizó las webs falsas? ... si usas un DNS con filtrado como OpenDNS directamente le bloqueará estas webs falsas. Para ver si esta explicación es válida, todo lo que dice hay que demostrarlo,  basta con que intenta acceder a ellas mediante un PROXY WEB como Anonymouse
o una red paralela como CoralDNS

¿Por qué este ensañamiento de los delincuentes con el BBVA? ... pues es sencillo, al ser uno de los mayores bancos españoles, el número de clientes también es uno de los mayores y por lo tanto la probabilidad de que quien recibe el e-mail sea un cliente del BBVA es mucho mayor y con ello la probabilidad de conseguir llevar la estafa a buen fin ... "no es un tema personal, es un de rentabilidad".

Timos nigerianos

He he encontrado una serie de 3 posts en el blog de Chema Alonso sobre los timos nigerianos, muy interesantes.

Curso práctico de seguridad

Web Application Exploits and Defenses es una aplicación desarrollada por Google para enseñar de forma práctica cómo descubrir vulnerabilidades de una aplicación web, como explotarlas y cómo corregirlas.
Didácticamente puede mejorarse pero es un buen comienzo.
El nombre de Gruyere, le vienen que ni que pintado, pues se los usuarios lo asocian al conocido queso de suizo de agujeros ... aunque realmente el se llame emmental.

Más correos desde Nigeria y paises satélites

Unos e-timos nos solicitan ayuda para sacar fondos provenientes de herencia, comisiones, etc. de un pais africano, otros hacen ver que hay muchos aprovechados y que por ello debemos confiar en ellos para concluir la operación de salida de fondos que tenemos a medias.

En este caso en lugar de hacerse pasar por el FBI se hacen pasar por en Banco central de Nigeria

CENTRAL BANK OF NIGERIA

TINUBU SQUARE,VICTORIA ISLAND,LAGOS-NIGERIA

SUB: IMMEDIATE CONTRACT PAYMENT :

From the Desk Of:

Mr. Emakpo Sam Banks

Financial Secretary(CBN)

IMMEDIATE PAYMENT

REF: CBN/IRD/CBX/021/10

[OFFICE OF THE SECRETARY ]

Attn:TIM OGRAN.

We the staff of the Central bank of Nigeria will like you to know that during the auditing and closing of all financial records of the Central Bank of Nigeria (CBN) it was discovered from the records of outstanding Foreign contractors due for payment with the Federal Government of Nigeria in the year 2009 that your name and company is next on the list of Those who will receive their fund I wish to officially notify you that your payment is being processed and will be released to you as soon as you respond to this letter. Also Note that from the record in our file, your outstanding contract payment is USD$15.Million (fifteen Million United States Dollars only) Kindly re-confirm to me if this is inline with what you have in your Record and also re-confirm the information below to enable this office Proceed and finalize your fund remittance without further delays.

1) Your full name.

2) Phone, fax and mobile #.

3) Company name, position and address.

4) Profession, age and marital status.

5) Scanned Copy of Drivers License I .D.

Note that there is a new development in our banking sector regarding transferring of fund. The Management/Federal Ministry of Finance has appointed a new Financial Secretary his name is (Mr. Sam Banks), you are hereby advised to deal with him directly, regarding to the transferring of your fund and be advised that, any email you receive that is not from him, should be disregard and not to be responded to for security reasons and to avoid diversion of fund.

In regards to your email, we want you to be aware that we are working on your payment file and i believe in the next 3 hours time we might have completed the processing. Should in case you receive any email or phone call from anyone telling you that your should contact him regarding your transaction, be advised to disregard that email or phone call because we noticed that some imposter's/Impersonator are using our bank to for local extortion of fund from our clients. Note that all fees needed for cost of transfer and other charges are to be paid to (Mr. Sam Banks), not anyone else.

We will advise that you get back to us immediately regarding the receipt of this email and as well let us know that payment mode in which you want to receive your fund and note that you have to update your payment file because it has been due for transfer and it can lead to the cancellation of your payment file. If we do not hear from you in the next 24 hours we will have no choice than to move to the next payment file in our list and as well cancel your fund. In your best interest, we will advise that you keep everything regarding your transaction personal until the transferring processing is been completed for security reasons because cases has been reported to us whereby some imposter's will contact us stating that they have been sent by some of out client to claim their fund and at the end of the day, we will find out that it was they best Friend or Relatives, whom they have informed about this transaction. We don't want that to happen, that's why we have advise you to keep everything concerning the transferring of your fund personal to avoid all this problem.

It might interest you to know that all arrangements have already been concluded in regards to the immediate disbursement of your fund to you accordingly. Without wasting much of time, it is my pleasure to notify you on the payment schedule as we have (4) options in disbursing funds to our clients, It is then left for you to choose the best option that suites you accordingly. The options are as follows:

1. Through an International Diplomatic courier service, this way your fund will be officially packaged in a consignment and delivered to your door-step by a Diplomat, but note that you will be responsible for the flight expenses of the Diplomat as well as the handling charges as may be required by the US custom.

2. Through Telegraphic transfer, this way your fund will be wired directly into your nominated Bank account as designated and means your banking information will be needed so as to enable the foreign remittance director start processing your payment file prior to subsequent release of your fund into your Bank account without any further delay, but note that you will be responsible for the Cost of Transferring (COT) the fund into your Bank account as nominated.

3. Through a Certified bank draft which will be delivered to your door-step by an approved courier service. This way your full contact address will be needed for successful delivery of your Certified Bank draft to you as designated, but note that you will be responsible for the courier delivery charges as may be required.

4. Through an (ATM CARD), This way your full contact address, including your banking information will be needed so as to enable the foreign remittance director start processing your payment file prior to subsequent release of your fund/ATM Card to your door-step without any further delay, but note that you will be responsible for the Cost of Delivery (COD) of the fund to your door-step.

You are further advised to choose from the above listed options on the mode which you wish to receive your funds with and upon receipt of your response; we will start taking the next necessary procedural steps prior to the routing of your funds to you accordingly. Also be informed that all the necessary documentations evidencing this project will be forwarded to you for your documentation and reference as we proceed. I will personally advise that you hasten up in making your claims, to avoid cancellation of your payment file. We will earnestly be waiting for your urgent response on this matter so as to enable us serve you better and should in case you care to call me for any inquiries, you can reach me with my direct cell# on :+234-70-36-810-013

Thank you once again for your anticipated cooperation in advance while we await your urgent response.

YOURS SINCERELY,

Mr. Emakpo Sam Banks

Financial Secretary, Central Bank of Nigeria (CBN).

CC: Mallam Sanusi Lamido Sanusi

Executive Governor , Central Bank Of Nigeria (CBN).

**This communication (including any attachments) is intended for the use of the intended recipient(s) only and may contain information that is confidential, privileged or legally protected. Any unauthorized use or dissemination of this communication or in part is strictly prohibited. If you have received this communication in error, please immediately notify the Central Bank of Nigeria by return e-mail message and delete all copies of the original communication. Thank you for your cooperation.*** © 2010. Central Bank Of Nigeria(Nigeria Apex Bank. 

 

Este e-mail lleva ya tiempo dando vueltas

Phising con troyano de Twitter y Facebook

Otro caso de phising, en este caso con Twitter como cebo, pero que en lugar de buscar la obtención de las credenciales lo que busca es la ejecución del anexo apra la instalación de malware, tipicamente un troyano.

From: Twitter
To: xxx
Replay to: transposed098@rdidirect.com

Hi, xxx
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
The Twitter Team

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter.

Un análisis rápido de las cabeceras nos muestra que procede de "243-205-95-178.pool.ukrtel.net" que está localizado en Ucrania


También se usa el mismo e-mail con Facebook como cebo.

Lobos con piel de cordero

Como la imaginación humana no tiene límites, hay e-timadores que nos quieren prevenirnos de los estafadores nigerianos, y se ofrecen a ayudarnos a recuperar el dinero que para nosotros hay preparado en nigeria, el e-mail no tiene desperdicio:

From: "FEDERAL BUREAU OF INVESTIGATION."
To:
Subject: WARNING AND INSTRUCTION FROM (FBI) !!
Replay to:

THIS IS THE (F.B.I)
http://www.fbi.gov
Special Agent
Henry Shawn.

Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington,
D.C. 20535-0001, USA

FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET

The Federal Bureau of Investigation (F.B.I) write to you in correspondence to the meeting we recently had with the Federal republic of Nigeria Government on the ERADICATION of SCAMS on the internet. Federal bureau of investigation (FBI) Washington, DC in conjunction with some other relevant Investigation Agencies like Internal Revenue Service here in the United states of America have recently been informed through our Global intelligence monitoring network that you presently have a transaction with the Central Bank of Nigeria (CBN) as regards to your over-due contract payment which was fully endorsed in your favor accordingly. After the meeting held on Friday 9th of July 2010 at the Bank Auditorium Center, the whole conflict of SCAMS was revealed to us by the Board of Trustee of Federal Republic of Nigeria mostly by the three arms of Government.

The Judiciary, the Legislature and the Executive).

These three arms of Government has made Us realize that the ramped of SCAMS over floating around the United State of America and some other part of the world was been set up by the root of some CBN Ex-Workers that have been suspended for sometimes due to their dubious characters of initiating
people to impersonate the Government Workers to receive peoples hard earn money from them, mostly with the Executive Governor identity.

For these reasons, the New Central Bank Executive Governor was invited to this office to defend the allegation against Him. While he made complain that his office was not in charge of foreign transfer of funds, that the accredited office was Federal Ministry of Finance Department (FEDMINAP) in person of EXECUTIVE GOVERNOR: MR. LAMIDO AMINU SANUSI as the New appointed Accountant General in charge of all foreign transfer Payment files.

They also told us that the only problem they are facing right now is that some unscrupulous element are using this project as an avenue to scam innocent people off their hard earned money by impersonating the Executive Governor that is why the Federal Government has appoint EXECUTIVE GOVERNOR:
MR. LAMIDO AMINU SANUSI as the Payment Director of the Central Bank office.

The Federal government of Nigeria has approved that all overdue outstanding payments must be paid on or before 23rd of July2010, before the upcoming Local Government Electorates which might leads to recalling of funds back to the Bank Treasury. Meanwhile, we are also informed that a Man with an America passport number (3028882234) came to the Central Bank affiliated bank office in U.K few days ago with a letter, claiming to be your true representative.

Here are the man information below:
Name: Denis Marion
Bank Name: City Bank
Bank Address: Arizona, USA
Account Number: 6503809008.

NB: You are urgently advised to please reconfirm the below following information to the Office of the New Accountant General, as a matter of urgency if this Man is from you so that this office will not issue your
fund and be held responsible, If this man isn't of your true representative, you are requested to contact for your inheritance claim valued of US$15,000,000.00M (Fifteen Million United State Dollars) only
will be remitted into your nominated bank account or any other way you
which to receive it.

1) Your full name..
2) Home, fax and mobile #.
3) Residential address.
4) Company name,
5)Company address.
6)Office position and
5) Age and marital status.
6) Working I'd / Int'l passport.

And should incase you are already dealing with anybody or office claiming to be From the Central Bank of Nigeria, you are further advised to STOP further Contact with in person from Africa in your best interest and as you already know that prof Soludo is no more the acting Gov of the (CBN) and then contact the real office of the New (GOV) of the Central Bank of Nigeria (CBN) only with the Below information's accordingly:

EXECUTIVE GOVERNOR: MR. LAMIDO AMINU SANUSI
OFFICE ADDRESS: Central Bank of Nigeria,
Central Business District,
Cadastral Zone,
Abuja, Federal Capital Territory,
Nigeria.
Direct Line: + 234 802-332-1073
Email:- centrrallbankoffnigeria@gmail.com
IMPORTANT NOTICE.

Note: we are on investigation and security watch over any message with Central Bank, to benefit the satisfaction of all the United States Citizen by seeking to Wiretap scams on the internet with the help of Nigeria Government and also with The assistance of all United states Citizen, by listening to the instructions we give out to avoid falling for SCAMS on INTERNET.

All modalities has already been worked out even before you were contacted and note that we will be monitoring all your dealings with them as you proceed so You don't have anything to worry about.

All we require from you henceforth is an update so as to enable us be on track with you and the Central Bank of Nigeria. Without wasting much time, will want you to contact them immediately with the above email address so as to enable them attend to your case accordingly without any further delay as there is limit of validity on this transaction and further delay might make you lose this transaction as the rightful Beneficiary.

Should in case you need any more information's in regards to this Notification, be free to get back to us so that we can brief you more as we are here to guide you during and after this project has been completely
perfected And you have received your contract fund as stated.

Thank you very much for your co-operation in advance as we earnestly await your urgent response to this matter.

Regards,

Henry Shawn,,
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington,
D.C. 20535-0001, USA
Cell :- 206-666-2275.

Algunas curiosidades del correo:
- Aunque aparentemente nos lo envian desde una dirección del FBI (las cabeceras fijan su origen en "from User ([91.98.157.95]) by lister.uk.frutarom.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 12 Jul 2010 16:20:58 +0100" Iran) la dirección de respuesta es de Gmail. 
- El nombre del agente especial Henry Swan es real, aunque es famoso por su uso en scams.
- Como otros SCAM no tiene destinatario, nos aseguran que hay una enorme suma de dinero muy importante esperándonos, pero que nos demos prisa

Security By Default: DNS Botnet Cyberwar

Un análisis muy completo sobre el funcionamiento de los DNS, de los DNS con filtrado DNS Hijacking, de sus ventajas , inconvenientes y riesgos inherentes a su arquitectura lo podemos leer aquí:
Security By Default: DNS Botnet Cyberwar

Prevención ante el malware

Para prevenir los efectos del malware residente en webs y el contenido en los e-mails, se puede hacer uso a medida preventiva es el uso de DNS y servidores de correo que filtren las webs y los correos. Así podemos evitar que un enlace nos termine llevando a una web no deseada

En general los servidores DNS públicos son neutrales por definición, pero en la práctica no tienen por que serlo y pueden bloquear la resolución de ciertos dominios. Por otra parte nada nos obliga a definir unos determinados DNS u otros.

Ejemplos de DNS que filtran dominios por temas de seguridad son los de:

• Open DNS (208.67.222.222 y 208.67.220.220 ) 
• Norton DNS (198.153.192.1 y 198.153.194.1)
• ScrubIT  (67.138.54.100 y 207.225.209.66)
• Comodo DNS  (156.154.70.22 y 156.154.71.22)
• DNS Advantage (156.154.70.1 y 156.154.71.1 ) ahora ofrece seguridad, fiabilidad y rapidez, y tiene previsto ofrecer filtrado próximamente, igual que seguramente hará de Google Public DNS (8.8.8.8 y 8.8.4.4 ).

Así pues vemos que la idea de definir unos únicos servidores DNS, típicamente los de nuestro proveedor de acceso a Internet, es una visión obsoleta y restrictiva. Para gestionar el uso de varios conjuntos de servidores DNS dependiendo de nuestra navegación, podemos usar una utilidad como DNS Jumper.

Cómo un e-chorizo pega un e-palo en 4 e-mail

Sobre los e-timos quedaba por analizar un proceso completo que sigue un e-chorizo para conseguir su objetivo de  timar a un e-primo, y así extraer su modus opendi. Para ello nada tan sencillo como seguirle la corriente, desde una dirección de correo creada para este fin, y  no aportándole al timador ni tan siquiera un mal nombre o dirección.

Reumo los correos recibidos:

1 – Soy una anciana viuda (Lima Fota) que antes de morir quiero ver cumplido el deseo de mi difunto marido (Mr Joseph Fota de Kuwait) consistente en  repartir su  fortuna ($ 3,500,000 ) entre los más necesitados, y Dios lo ha elegido para esta misión ( my Bible tells me that God works in many ways and all things works out for good to them that believed in Christ Jesus, all i need from you is to assure me that you will never betray the trust i am trying to entrust in your hand for the work of God).

Todo el mundo sabe el dinero que tienen los Kuwaities ... y sus fe en Dios ... ¿no será Ala?

2 – Gracias por ayudarme, ya le he nombrado beneficiario de la fortuna ( The Versus Bank in Ivory Coast west Africa, have been informed to transfer the fund to you as the new beneficiary of the fund ,now you have to contact the bank and instruct the transfer of this money with out delay.).

Realmente soy afortunado pues me acaban de dar 3.500.000 dólares sin haber dicho ni quien era, ni de donde era.

3- Para poder trasnferirle el dinero hace falta que obtenga personalmente dos documentos en el Ministerio del Interior de Costa de Marfil ( REACTIVATION OF ACCOUNT: THIS ACCOUNT MUST BE REACTIVATED ACCORDING TO THE BANKING RULE AND REGULATIONS OF IVORY COAST, THE ACCOUNT IS CURRENTLY DORMANT, AND WITH OUT THAT NOBODY WILL HAVE ACCESS TO THE FUND. TO HAVE ACCESS AND TRANSFER THE FUND TO ANY OF YOUR NOMINATED ACCOUNT, YOU MUST PROCURE THESE DOCUMENTS FROM MINISTRY OF FINANCE AND INTERRIOR HERE IN COTE D’IVOIRE. ANTI TERRORIST CLEARANCE CERTIFICATE: TO CLEARIFY AND FREE YOUR FUND FROM TERRORISM AND ILLICIT, AQUIREMENT OF THIS VITAL PAPER MUST BE OBTAINED AND THIS IS IN LINE WITH THE RULE OF THE INTERNATIONAL MONETARY FUND SINCE THE ATTACK IN U.S.A AT THE YEAR 2001).

4 - Si no puede desplazarse para obtener los docmuentos basta con que envie sus datos personales y el dinero necesario para las gestiones

“This is the informations you need to send the money through western union money transfer for easy collection so that i can go immediately for those documents.

Receiver Toure lassina

Amount $ 550 dollars

City Abidjan

Country Cote d'Ivoire

They will give you the money transfer control number (Mtcn) at the western union office there in your country as you send the money, it is 10 digit number then you have to send it.

Yours in Service

Barrister Bob Williams.”

El final podemos imaginarlo, se envía el dinero, y con la referencia el propio timador, o un mulero por el contratado retira el dinero de la ofincina de Western Unión y punto final.

Aunque resulte increible que alguien pueda ser beneficiario de una fortuna sin aportar ni tan siquiera un nombre, lo realmente increible es que alguien termine enviando por Western Unión 550 dólares a Costa de Marfil.

Más loterias que tocan sin jugar

Os adjunto otro ejemplo de loteria que "Toca mucho" ... sin jugar.

From: "Lucky Day Star Prize"
To:
Reply to: nl.luckyday@aol.nl
Subject: Ref: GNP501/731KW

Ref: GNP501/731KW

We are delighteds to inform you of our Lucky Day Lotto prize award held on the 2rd of May 2010 in Netherlands. This lotto awards is fully based on an electronic selection, Winners were picked by computerized system, drawn from over 43,000,00 companies and individuals e-mail addresses worldwide.

This award is officially announced to day in Amsterdam,Your email ID has hereby been approved a lump sum pay out of Ђ1,319,025 Cent in cash credit file Ref: GNP501/731KW, Batch: AM72/PGS27/09FC,
Winning No: DC61/PDN32/01NL

Simply contact Our Office of Foreign Financial Security Vsb Netherlands on phone and email for your prize claim immediately.

Mr. Rob Van Dirk.
Tel +31-684-874-123,
e-mail: nl.luckydays@aol.nl

Congratulations! once again.

Yours in service,
Mrs. Marrith Driker
Dpt Sec

La cabecera

from ip224-224-210-87.adsl2.static.versatel.nl ([87.210.224.224] helo=User)
by local.gruposervidor.com
with esmtpa (Exim 4.69)(envelope-from )
id 1OW9T0-0006b7-QJ;
Tue, 06 Jul 2010 09:49:47 -0500

Muchos de estos correos los detectan los sistemas antiSPAM como el que tiene GMAIL, pero el mejor antiSPAM es el sentido común: ¿Cómo me va a tocar un premio si no he comprado ninguna papeleta?¿Cómo se puede dar premios sin tener ingresos por la venta? si he sido tan afortunado ¿Por qué no aparece mi dirección en el destinatario? si es una empresa tan importante ¿Por qué no tiene web, ni direcciones de propias? …

Hace años este mismo tipo de timo se hacia por correo ordinario o teléfono, pero hoy en dia son muy frecuentes en Internet, por ejemplo basta con ver  Consumer Fraud Reporting.

El tocomocho o timo de la loteria ... en Internet

Uno de los timos clásicos es el del "tocomocho" consistente en que el timador aborda al primo para comunicarle que le ha tocado la loteria pero que por algún motivo (viaje, etc.) no puede cobrarlo, pero que a cambio de una suma de dinero le cede la totalidad del premio.

La versión en Internet cambia un poco, nos llega un correo indicándonos que nos ha tocado un premio de un sorteo de  lotería del cual desconocemos su existencia (Por ejemplo el sorteo del mundial de futbol de sudáfrica) y del que además no tenemos participaciones, y nos piden que anticipemos una cantidad insignificante para poder cobrar la totalidad del premio.

Veamos un ejemplo:

From: "South Africa 2010 Lottery"
To:
Reply-to: saclaimsagent5@gala.net
Subject:SOUTH AFRICAN 2010 FIFA WORLD CUP LOTTERY AWARD

Dear, Winner
Kindly Open The Attached File For Your Winning Prize Award.
Thanks
Danny Jordaan.

El texto dice

CONGRATULATIONS WINNING NOTIFICATION!!!
SOUTH AFRICAN 2010 FIFA WORLD CUP LOTTERY AWARD
South Africa 2010 Lottery
Lottery Headquater
22 sandton Drive,2127
Johannesburg/South Africa

Dear Winner,

We are pleased to inform you of the result of South African Lottery, which was held on the 6th of April, 2010. Your e-mail address attached to prize winning Number: 02-08-09-19-27-33-34, and supplementary number: 18-40 drew a prize of $3,000,000.00 (Three Million United States Dollars).
This lucky draw came first in the 2nd Category of the Sweepstake. You will receive the sum of $3,000,000.00 (Three Million United Dollars) from our authorized agent here in South Africa
we advice that you keep all information about this prize confidential until your funds: $3,000,000.00 is transferred to you by the authorized bank in the South Africa.
You must adhere to this instruction, strictly, to avoid any delay with the release of your funds to you. This program has been abused severally in past, so we are doing our best to forestall further occurrence of past mix-ups.
Your e-mail address attached to prize winning number:3 7 9 16 27 28 was selected and; it came first through an e-ballot draw from over 250,000 e-mail addresses (personal and corporate e-mail addresses). This program is sponsored by South African 2010 partners Telkom /vodacom/ microsft the biggest telecommunication company in South Africa to compensate faithful internet suffers around the globe and to support/promote the 2010 world cup soccer hosting right .

Congratulations for becoming one of the 10 lucky winners.

You must claim your prize: $3,000,000.00 not later than 30 days from the moment you receive this e-mail.
Please contact Mr. Clyde Sober the claim agent immediately.
Or Call+27 73 703 4142.

saclaimsagent5@gala.net

Provide him with your winning details.
(i). Your name(s), Age
(ii) Your telephone and fax numbers
(iii) Your contact address
(iv) Your winning information

Congratulations.
Danny Jordaan
Coordinator:


For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program by some unscrupulous elements. Please be warned.
Yours Faithfully,
{Mrs.} Nelly Chris
(Zonal Co-coordinator Sec.)

En la cabecera vemos:

from User [41.245.30.83] by efu.com.cn with ESMTP (SMTPD32-8.04) id A982B830076; Wed, 23 Jun 2010 05:22:10 +0800

Siendo la IP correspondiente a  "dsl-245-30-83.telkomadsl.co.za"de sudáfrica, pero que le llega desde efu.com.cn (Dominio chino http://www.efu.com.cn/)

Vamos a ver un segundo ejemplo:

From: "Greg Sung"
To: undisclosed-recipients:;
Subject: NOTIFICATION.
Replay to: gsung5000@rediffmail.com

Greg Sung (online coordinator)
Mega Million Lottery Promotions.
Headquarters: 31, Brixton Court, Carlton
East Gate Nottingham NG4 1SQ Essex
United Kingdom

RE: AWARD NOTIFICATION

ATTENTION: LUCKY WINNER
Be informed that you have emerged a winner of our 2010 FIFA soccer world cup edition of our Lottery International Program, which took place in the U.K that was drawn three days from the day of this notice.
Attached to ticket number 7,23,5,45,8 BONUS NO: 59, with serial Number 2113-05 matched the winning numbers 7,23,5,45,8 BONUS NO: 59, and consequently won the Stakes in the 3rd category. Approved is a lump sum of One Million Pounds (GBP Ј1, 000,000) in cash prize accredited to file REF NO. JSL/2554259003/07 that should be released to you. This is from the total prize money of (GBP Ј15, 000,000) shared among the fifteen International winners in this category.
Participants were selected through a referral program and winners were picked by a computer ballot system drawn from 25,000,000 Emails from Australia, New Zealand, America, Asia, Europe, Africa and North America as part our International Promotions Program, which is conducted in four years intervals. This particular edition was conducted to promote the 2010 FIFA soccer world cup, which will take place in South Africa.
Due to the mix up of some numbers and names, we ask that you keep this award strictly from public notice until your claim has been processed and your money released to you.
I will give you the name , email address and phone number of our claim agent as soon as I hear from you so that you can contact the agent for the release of your money.
THANKS,
GREG SUNG.
Email :gsung5000@rediffmail.com


NB: Prizes must be claimed not later than 14 working days after this notification was sent to you. After these stipulated days, all funds will be returned as unclaimed prizes and will be channeled to charity. In order to avoid unnecessary delays and complications, please remember to quote your winning reference batch numbers in every one of your correspondences with the claims officer. Anybody under the age of 18 cannot participate in this promotions and any breach of confidentiality on the part of the winners will result to disqualification.
Congratulations and thank you for being part of our 2010 FIFA soccer International promotions program .

En ambos casos los estafadores piden condidencialidad y que les enviemos nuestros datos personales,... lógicamente para comprobarlos antes de enviarnos el siguiente correo en el que nos solicitaran una "pequeña cantidad" para los gastos.

Tomando la cabecera vemos:

Received: from User (unknown [82.128.116.145]) by mail.eduapple.pl (Postfix) with ESMTP id B67265DEBC2E; Fri, 2 Jul 2010 08:35:08 +0200 (CEST)

cuyo origen es Nigeria