Date: Sun, 10 Aug 2014 18:01:36 +0000 From: RSA Anti-Fraud Command Center <AFCC@rsa.com> To: "'questions@freebsd.org'" <questions@freebsd.org>, "'ftpadm@freebsd.org'" <ftpadm@freebsd.org>, "'hubs@freebsd.org'" <hubs@freebsd.org>, "'dnsadm@freebsd.org'" <dnsadm@freebsd.org>, "'ftp-master@freebsd.org'" <ftp-master@freebsd.org> Subject: Fraudulent site - please shut down![Bancolombia E1031802] Domain: regardinggongumos.net Message-ID: <9E43833B01142A4783AF29255126991D922E092B@MX102CL02.corp.emc.com>
next in thread | raw e-mail | index | archive | help
[Description: \\corphzfs\afcc_home$\PostOffice\PostOffice2.1.4\PostOffice v= 2.1.4\Logos\Banco_Colombia.jpg] Dear Sir / Madam, It appears that the Phishing attack at the following URL: http://www.regard= inggongumos.net/images has become active again. It is likely that the website was hacked into and compromised by the frauds= ter. It is possible that the fraudster also installed backdoors which would enab= le him to regain access to the server at any given time. This usually happens due to outdated software (scripts, applications) insta= lled on the website, which contain security holes fraudsters take advantage= of. In order to avoid similar issues in the future (and in order to protect the= information on your server),it would be advisable to reinstall all softwar= e with the latest updates (or even format the server). Changing passwords or permissions alone would usually prove to be insuffici= ent. =1B$B!!=1B(B Please perform any necessary actions in order to ensure the Phishing attack= is permanently disabled. We understand that you may not be aware of this activity and appreciate you= r assistance. =1B$B!!=1B(B Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc@rsa.com<mailto:afcc@rsa.com> For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3D3348 39 Dear Team, The following URL is a "redirection attack" - a URL which redirects to a ph= ishing attack. As you can see, when trying to access the URL it automatically redirects to= a different site which hosts a phishing attack. The redirection URL is: http://www.regardinggongumos.net/images The phishing attack which it redirects to is: http://191.91.176.5/httpss/ Please take the necessary steps in order to disable this redirection URL. =1B$B!!=1B(B Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc@rsa.com<mailto:afcc@rsa.com> For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3D3348 39 To whom it may concern, RSA, The Security Division of EMC (=1B$B!H=1B(BRSA=1B$B!I=1B(B), an informa= tion security company, has been appointed to assist Bancolombia in preventi= ng or terminating online activity that targets, or may target Bancolombia= =1B$B!G=1B(Bs clients as potential fraud victims. RSA has been made aware that your company appears to be providing internet = services to a website, which is making unauthorized use of Bancolombia=1B$B= !G=1B(Bs trademarks. This site http://www.regardinggongumos.net/images/ not= only violates Bancolombia=1B$B!G=1B(Bs copyright, trademarks and other int= ellectual property rights, but may also become a host to a phishing attack,= or other fraudulent scams directed against Bancolombia and Bancolombia=1B$= B!G=1B(Bs clients. The fraudulent website not only represents a misappropriation of Bancolombi= a=1B$B!G=1B(Bs intellectual property; its purpose is to mislead Bancolombia= =1B$B!G=1B(Bs clients. Our experience has shown that such sites become a ho= st of phishing* and other fraudulent scams against our customer=1B$B!G=1B(B= s account holders. Please take all necessary steps to immediately shut down the fraudulent web= site, terminate its availability on the Internet and discontinue the transm= ission of any e-mails associated with this website. We understand that you may not be aware of this improper use of your servic= es and we appreciate your cooperation. We specifically ask that you also ta= ke the following actions wherever relevant or possible: * Please provide us with a tar/zip file of the source code for this web= site, so that we may analyze it to help prevent further attacks; * If any customer data has been captured that is stored on your systems= or equipment, please send us that data so that the customers to whom that = data relates can be notified and take steps to protect their credit; We specifically would ask that you also provide a copy of any records you m= aintain that indicate the name, contact information, method of payment or s= imilar information that may be useful in helping learn the identity and loc= ation of the customer for whom the website has been operated. The foregoing is without prejudice to any and all of rights and remedies of= any financial institution in connection with this matter, which are hereby= expressly reserved. RSA is providing this notification to you in the interest of preventing the= proliferation of phishing scams and the information contained herein is pr= ovided to you on an "AS-IS" basis, without representation or warranty of an= y kind. Thank you for your cooperation to prevent and terminate this fraudulent act= ivity. If you need further information, please do not hesitate to contact RSA at t= he numbers below. Sincerely, RSA SECURITY INC. RSA Anti-Fraud Command Center Tel: +44 (0)800-032-7751 Tel: +1-866-408-7525 E-mail:afcc@rsa.com<mailto:afcc@rsa.com> *=1B$B!H=1B(BPhishing=1B$B!I=1B(B generally refers to a variety of web base= d scams that make use of an illegitimate website which passes itself off as= being that of a targeted financial institution together with associated da= ta collection points (including web based email accounts) in order to decei= ve the account holders of the financial institution into revealing their pe= rsonal information, including but not limited to their credit or debit acco= unt numbers, checking account information, social security numbers, or bank= ing account passwords. Once these account holder credentials are collected = they can then be used to commit wire fraud or other similar activities of a= criminal nature. 39
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9E43833B01142A4783AF29255126991D922E092B>