Security Street Knowledge
  • The China States of America
  • The China States of America – Unethical Marketing Tactics?

    I recently had the fortune of investigating a case where a unsuspecting Internet user received an email that looked suspicious. (Figure 1)  I see a lot of SPAM that comes through like that and suspect it is something that goes wrong during the language translation that often result in text that just doesn’t make any sense.  Anyway, my gut feeling is that this is a site setup by Chinese Scammers with fake online electronics for sale.  Another scenario would be an unethical marketing company hired to drive traffic to this Chinese electronics site and they are using illegal tactics by exploiting user email accounts.  Give them your credit card and you might get ripped off!

    Figure 1


     

     

     

     

     

     

     

    1.  Hacked Victim <hacked-victim@hotmail.com> account was compromised

    • > By execution of an attachment sent to him from an email

    • > Or he visited a malicious site by accident

    • > Or via weak password

    2.  Malicious code was executed and copied the victim’s entire contact lists

    3.  The malicious program generated emails and analyzing the Email-Header revealed an IP address 118.250.214.250, registered to CHINANET Hunan province network.

    4.  In the Body of the email it contained a link to DZSTORETRADE.COM (Figure 2) created 4 days prior on 23-jul-2010

    5.  After analyzing the site it did not appear to contain any malicious links.  However, I found it to be hosted on a shared server with some site functions using float2006.tq.cn

    6.  My gut feeling is that this is a site setup by Chinese scammers with fake electronics for sale.  Another scenario would be an unethical marketing company hired to drive traffic to this Chinese electronics site and they are using illegal tactics by exploiting user email accounts.

    Figure 2

     

     

  • Comments: Off Category: Uncategorized
  • Tags: , , , , , , , ,

Comments are closed.

cyber3.jpg