From owner-freebsd-questions@FreeBSD.ORG Sun Aug 10 18:02:02 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B425568C; Sun, 10 Aug 2014 18:02:02 +0000 (UTC) Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mailuogwprd51.lss.emc.com", Issuer "RSA Corporate Server CA v2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A3872DCE; Sun, 10 Aug 2014 18:01:55 +0000 (UTC) Received: from maildlpprd54.lss.emc.com (maildlpprd54.lss.emc.com [10.106.48.158]) by mailuogwprd53.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s7AI1rM0020020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 10 Aug 2014 14:01:53 -0400 X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com s7AI1rM0020020 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1407693714; bh=VwcA6Or6lfd8Q9CQv01exhQuu7Y=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=UI7fAGlEW8CZBXn2Ooe0no++J1BjySSXjJDnEi9ar/oDuuYkVUNUoOltArwTE1/+E 6qtFriBZQXtNljJXQoSPakfzH428+QXEIupsQungAGT6jGYQ4GpjylG0FRFabmaHNg rRfGCHaXh7jC7YHYKHJrKRzRi7+I5RLINKqT9+Yc= X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com s7AI1rM0020020 Received: from mailusrhubprd04.lss.emc.com (mailusrhubprd04.lss.emc.com [10.253.24.22]) by maildlpprd54.lss.emc.com (RSA Interceptor); Sun, 10 Aug 2014 14:01:39 -0400 Received: from mxhub06.corp.emc.com (mxhub06.corp.emc.com [128.222.70.203]) by mailusrhubprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s7AI1cxU005662 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 10 Aug 2014 14:01:38 -0400 Received: from MXHUB102.corp.emc.com (10.253.58.15) by mxhub06.corp.emc.com (128.222.70.203) with Microsoft SMTP Server (TLS) id 8.3.327.1; Sun, 10 Aug 2014 14:01:37 -0400 Received: from MX102CL02.corp.emc.com ([169.254.4.243]) by MXHUB102.corp.emc.com ([::1]) with mapi id 14.03.0195.001; Sun, 10 Aug 2014 14:01:37 -0400 From: RSA Anti-Fraud Command Center To: "'questions@freebsd.org'" , "'ftpadm@freebsd.org'" , "'hubs@freebsd.org'" , "'dnsadm@freebsd.org'" , "'ftp-master@freebsd.org'" Subject: Fraudulent site - please shut down![Bancolombia E1031802] Domain: regardinggongumos.net Thread-Topic: Fraudulent site - please shut down![Bancolombia E1031802] Domain: regardinggongumos.net Thread-Index: Ac+0xQ+j9XsxYIzFRZi71hwwsjlpxQ== Date: Sun, 10 Aug 2014 18:01:36 +0000 Message-ID: <9E43833B01142A4783AF29255126991D922E092B@MX102CL02.corp.emc.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.64.148.59] MIME-Version: 1.0 X-Sentrion-Hostname: mailusrhubprd04.lss.emc.com X-RSA-Classifications: public Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2014 18:02:02 -0000 [Description: \\corphzfs\afcc_home$\PostOffice\PostOffice2.1.4\PostOffice v= 2.1.4\Logos\Banco_Colombia.jpg] Dear Sir / Madam, It appears that the Phishing attack at the following URL: http://www.regard= inggongumos.net/images has become active again. It is likely that the website was hacked into and compromised by the frauds= ter. It is possible that the fraudster also installed backdoors which would enab= le him to regain access to the server at any given time. This usually happens due to outdated software (scripts, applications) insta= lled on the website, which contain security holes fraudsters take advantage= of. In order to avoid similar issues in the future (and in order to protect the= information on your server),it would be advisable to reinstall all softwar= e with the latest updates (or even format the server). Changing passwords or permissions alone would usually prove to be insuffici= ent. =1B$B!!=1B(B Please perform any necessary actions in order to ensure the Phishing attack= is permanently disabled. We understand that you may not be aware of this activity and appreciate you= r assistance. =1B$B!!=1B(B Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc@rsa.com For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3D3348 39 Dear Team, The following URL is a "redirection attack" - a URL which redirects to a ph= ishing attack. As you can see, when trying to access the URL it automatically redirects to= a different site which hosts a phishing attack. The redirection URL is: http://www.regardinggongumos.net/images The phishing attack which it redirects to is: http://191.91.176.5/httpss/ Please take the necessary steps in order to disable this redirection URL. =1B$B!!=1B(B Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc@rsa.com For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3D3348 39 To whom it may concern, RSA, The Security Division of EMC (=1B$B!H=1B(BRSA=1B$B!I=1B(B), an informa= tion security company, has been appointed to assist Bancolombia in preventi= ng or terminating online activity that targets, or may target Bancolombia= =1B$B!G=1B(Bs clients as potential fraud victims. RSA has been made aware that your company appears to be providing internet = services to a website, which is making unauthorized use of Bancolombia=1B$B= !G=1B(Bs trademarks. This site http://www.regardinggongumos.net/images/ not= only violates Bancolombia=1B$B!G=1B(Bs copyright, trademarks and other int= ellectual property rights, but may also become a host to a phishing attack,= or other fraudulent scams directed against Bancolombia and Bancolombia=1B$= B!G=1B(Bs clients. The fraudulent website not only represents a misappropriation of Bancolombi= a=1B$B!G=1B(Bs intellectual property; its purpose is to mislead Bancolombia= =1B$B!G=1B(Bs clients. Our experience has shown that such sites become a ho= st of phishing* and other fraudulent scams against our customer=1B$B!G=1B(B= s account holders. Please take all necessary steps to immediately shut down the fraudulent web= site, terminate its availability on the Internet and discontinue the transm= ission of any e-mails associated with this website. We understand that you may not be aware of this improper use of your servic= es and we appreciate your cooperation. We specifically ask that you also ta= ke the following actions wherever relevant or possible: * Please provide us with a tar/zip file of the source code for this web= site, so that we may analyze it to help prevent further attacks; * If any customer data has been captured that is stored on your systems= or equipment, please send us that data so that the customers to whom that = data relates can be notified and take steps to protect their credit; We specifically would ask that you also provide a copy of any records you m= aintain that indicate the name, contact information, method of payment or s= imilar information that may be useful in helping learn the identity and loc= ation of the customer for whom the website has been operated. The foregoing is without prejudice to any and all of rights and remedies of= any financial institution in connection with this matter, which are hereby= expressly reserved. RSA is providing this notification to you in the interest of preventing the= proliferation of phishing scams and the information contained herein is pr= ovided to you on an "AS-IS" basis, without representation or warranty of an= y kind. Thank you for your cooperation to prevent and terminate this fraudulent act= ivity. If you need further information, please do not hesitate to contact RSA at t= he numbers below. Sincerely, RSA SECURITY INC. RSA Anti-Fraud Command Center Tel: +44 (0)800-032-7751 Tel: +1-866-408-7525 E-mail:afcc@rsa.com *=1B$B!H=1B(BPhishing=1B$B!I=1B(B generally refers to a variety of web base= d scams that make use of an illegitimate website which passes itself off as= being that of a targeted financial institution together with associated da= ta collection points (including web based email accounts) in order to decei= ve the account holders of the financial institution into revealing their pe= rsonal information, including but not limited to their credit or debit acco= unt numbers, checking account information, social security numbers, or bank= ing account passwords. Once these account holder credentials are collected = they can then be used to commit wire fraud or other similar activities of a= criminal nature. 39