Crack!

30-5-07

Mijn server gecrackt

Wat is dat nu weer in mijn mailbox, een berichtje uit Brazilië met de volgende inhoud:

Dear Sir/Madam

INDENTIFICATION:

This e-mail was sent to you by Banco do Brazil’s Computer Security Incident Response Team (CSIRT). Banco do Brasil is the largest bank in Brazil, South America. Our web site is located at http://www.bb.com.br and our customer financial service can be accessed at https://www2.bancobrasil.com.br/aapf/aai/login.pbk.

THE INCIDENT:

Some crackers are using *your* infrastructure to host a trojan horse designed to steal sensitive information (office branch, account number and PIN) from our clients.

How the fraud occurs:

1. Spam mail is sent to random e-mail addresses in Brazil (not necessarily using your computers)

2. The e-mail sends the victims where the trojan is located (PLEASE SEE BELOW).

3. The victim’s computer is compromised by the trojan horse

4. The trojan horse acquires sensitive information and sends the data to the cracker.

5. The cracker then impersonates our client in the official Banco do Brasil Internet banking page and frauds the account.

We are requesting that you take every possible action to prevent the use of your services in this scam.

This case is under investigation by law enforcement agencies in Brazil. In the meantime we need your help to block/disable this site/account. By doing this we can minimize the extension of the security incident. Additionally, we would welcome any information/log/archive/scrips concerning this case.

Best regards,

Banco do Brasil
CSIRT - Computer Security Incident Response Team
abuse@bb.com.br  http://www.bb.com.br

The trojan is located at:
Ttulo Cd    Msg Email
2007-05-29_BD
http://***(weggehaald om veiligheidsredenen)/abb.cmd

De strekking van het verhaal is dat via een bestandje, dat door een cracker op mijn server is gezet, klanten van de Braziliaanse bank worden gephist.

In eerste instantie dacht ik: "banken sturen nooit dergelijke vertrouwelijke mailtjes per e-mail dus dit zal wel weer een hoax zijn".

Totdat ik enkele uren later een mailtje kreeg van mijn provider ...

Lees meer "Mijn server gecrackt" »

Gepubliceerd in Crack! | | Reacties (0) | TrackBack (0)