Quantcast

Owning Bad Guys and Mafia with JavaScript Botnets 3: Scammers Exposed

Chema Alonso demonstrates several hilarious findings retrieved during his research, dissecting the Nigerian, dating, and other popular scams out there.

Nigerian scams: help the Prince!

Nigerian scams: help the Prince!

So, the question is: who the hell uses proxy services on the Internet? How many of you are using this kind of services on the Internet? If you read related manuals, they all say: “If you want to be anonymous, use anonymous proxy server. If you want to be more anonymous, use more than one anonymous proxy server,” which is cool, because you can be infected by more than one proxy server.

And the idea is that the kind of people who are using these services are, of course, bad people. All we were able to collect was bad people doing bad things. Of course, the first thing we discovered was the Nigerian scammers. We collected all information, and of course we collected all usernames and passwords. But we had warned them, so it’s all legal.

Mailbox of a scammer accessed – thank you, botnet!

Mailbox of a scammer accessed – thank you, botnet!

So, once we got the passwords, we could get into the mailboxes of those people. There were lots of people doing this, but this is one of my favorites (see image to the left). As you can see, the email alias is royalhotelengland@hotmail.co.uk. That guy was creating a spam campaign trying to scam people with visa scheme. He was offering the victims a special visa to get a job in the UK.

Email for the UK visa scam

Email for the UK visa scam

This is the mail (see right-hand image), of course he was asking for money, 275 Pounds. And a lot of people were suspicious, saying things like: “I appreciate the information, but show me the job first. Show me the job and then I’ll send the money.” Of course, if the guy was suspicious, the scammer wasn’t continuing the scam. But others weren’t so suspicious, so in the end they were sending all the information needed to create a visa – passports, application forms, resumes, high-quality pictures for the UK passport, even fingerprints, and so on. This is the easiest way of identity theft that I’ve seen in my life, for sure. If you got all this information, then you probably can create your own mule to use in banking malware.

Predators: the flirt scam

Predators: the flirt scam

Here is another one (see image to the right), which is one of my favorites too. This is a profile on a social network for having a fling, that kind of thing. How many of you really think that this girl needs to search for a guy on the Internet? Well, it was very suspicious to us from the beginning. So, we decided to collect the username and password of this profile and analyze what she was doing.

Another fake profile

Another fake profile

And in the end, as you can see, this Axionqueen here is searching for relationship and dating, she is from Texas, and she is about 30. But she has another profile on another network (see image to the left). And in this case she is from New Zealand, she’s 31, she’s Aries, and so on. And in another profile, she lives in Virginia. Anyone from Virginia who has seen this girl? And of course, the most wonderful thing is that in all the profiles she looks completely ‘different’.

In the end, we decided to get into this guy’s email box, and we read the information he was storing there. Well, this person, of course, is not a girl, it’s a boy, it’s a he, and he was collecting conversations with people who were in contact with this profile. Those profiles are for phishing the victims.

Chat with a to-be victim

Chat with a to-be victim

That is one of my favorite chats (see image), in which kkbill is supposedly the girl, and fiat176punto is the victim:
– Hello, sweetie.
– Hello, my sweet Mous.
(I think we need an “e” here.)

The second one is:
– How are you doinf?
– Doinf?

In the chat they are discussing the details of their love, and one of the details implies 700 Euros that need to be sent in exchange for the ‘nicked’ pics. I don’t know what kind if pictures those are. And the point is that this guy, this predator, is a multitasking scammer, so he is chatting with different people at the same time, and that’s probably why he fails here, because in the middle of the chat he started to chat in German, I think so: “Ich frage Sie, dass, wenn Sie…”

The dating scammer’s mailbox

The dating scammer’s mailbox

So, we went inside the email box and it’s quite nice, because he has all the victims very well classified in his email box (see image). And there is a folder with all the chats, in which he is working right now, and we were searching for mails asking for money through Western Union, and, as you can see, there were 158 messages asking for money from Western Union.

Heartbreaking payment misunderstanding between scammer and victim

Heartbreaking payment misunderstanding between scammer and victim

And the mails were like this (see left-hand image) : “Hello sweetie, why haven’t you sent me the nicked pictures you promised me?” And the guy said: “Hello baby, I don’t know but my bank manager told me that the address city and country are not possible, now what can we do?” Of course, she is asking for money that needs to be transferred to a different country in which she’s supposed to be living, that fake profile, and she gets angry: “Stop playing games on me, I gave you the right address!”

The world’s most profitable Yorkshire

The world’s most profitable Yorkshire

Another scammer in that test that we did was someone very weird, because he was doing something strange with dogs. We weren’t sure what he was doing with dogs and why he needed to use a proxy server on the Internet, an anonymous proxy server on the Internet. So, we decided to use the username and password to get into the email box, and we discovered something very hardcore. We discovered a picture – I’m warning: please, if you love animals, don’t look at this picture, because this is the picture (see image). He was selling this fake Yorkshire, and in the end he was selling the same Yorkshire around the world. So, it’s the most profitable Yorkshire in the world. He was placing the same picture in a lot of places selling dogs and making money out of it.

Read previous: Owning Bad Guys and Mafia with JavaScript Botnets 2: Creating a JavaScript Botnet from Scratch

Read next: Owning Bad Guys and Mafia with JavaScript Botnets 4: Bypassing Anonymity

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: