Slashdot Mirror
Scam Combines Patriot Act FUD With IE Bug
LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
I hope this isn't what Bill was talking about with The Secure Computing Initiative
...now we're outsourcing scams to India too.
Where's an MS patch when we really need one?
Being prevented by the DMCA?
Where's an MS patch when we really need one?
:-)
These solutions will solve your problem.
Visit Jonesblog and say hello.
Ha! Can't get my money - don't have any.
Paul
Wherever you go, there you are.
Any law which is so powerful and ambiguous as to put fear into people by its mere mention must be a bad law. A reasonable person, if accused of violating the Patriot Act, might actually doubt his own innocence because of the sheer labyrinthian might of the Act.
MORTAR COMBAT!
This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)
"The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
Right here.
"W3 n33d jO0r b@nk @cc0un7 # bc@u$3 FDIC $@ys $0."
I hit delete. Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?
.deviatefromtheabsolute.
Here is a repost of the email on news.admin.net-abuse.sightings.
" >http://www.fdic.gov/idverify/cgi-bin/index.htm</a >
The link text:
<a href="http://www.fdic.gov@202.63.206.88/index.htm
There's no point in a slashdotting/DDoS since the U.S. connectivity provider has already choked off the flow of packets to this server in Pakistan. Pinging 202.63.206.88 times out.
Apparently they are "still working on it", just like they have been for the last two scheduled patch releases they've had. Unfortunately, the scammers and phishers are "still working on it" as well. And yet despite this, Microsoft still spouts such choice quotes about its software security as "The tool had to to be tested before we could put it on Windows Update... it would be unfair to accuse Microsoft of tardiness." (about a five month wait for an official Blaster clean-up tool) and "Windows is far more commonly afflicted with worm infections than Linux... but Microsoft offers greater accountability and support than open source alternatives".
Well, I'll agreee with one of those points. Can you guess which? ;)
UNIX? They're not even circumcised! Savages!
A patch was released by an open source development site for this bug, unfortunately, it turned out that the patch contained a buffer overflow and malicious code, click here for the story.
The IT section color scheme sucks.
The real www.fdic.gov is running a rather standard press release to warn that it's a scam.
Consumers never have any reason at all to send information to the FDIC. They already can get all they need to know out of banks.
It's in the same place they put their concern for their end-users. Once you find that, let the rest of us know.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
We are with the government. You are violating the patriot act gullableguy@aol.stupiduser.com. We just want you to go to this site and give us all your compromising information because you are violating the patriot act under provision 1234. Please go to this site otherwise you will lose your FDIC insurance coverage. Please disregard the fact that if you really were suspected, the US government wouldn't actually contact you by email, and that the patriot act doesn't have anything to do with the FDIC. Oh and we would have addressed you by name instead of your email account. Oh, and other obivious and logical stuff too.
Best regards,
A guy who isn't pakistani
many roads lead to a safer internet expirience. mozilla, firewalls, scriptblockers.. however, the method i've found most effective is what i call "security through some old piece of crap". my mIRC client says "copyright 1995-1998", and when I asked 50+ nerds on a channel to try and DoS me, nobody could find a crack old enough! so the lesson is: don't wait for the new patch. revert to a version before the bug was even introduced.
Now that I'm unemployed, I feel more secure knowing that I have no money which can be scammed from me because of a "Patriot" Act. Thank God for the state of our Bushist economy!
The Welkin: Online Music Reviews
The only way they could be any closer was if they touched.
Oh...wait, they do...
(puts on asbestos underwear)
The Patriot act invades the privacy and tramples the civil rights of America's citizenry by allowing the DOJ and the CIA to bypass the Bill of Rights whenever they feel like it by declaring someone a suspected terrorist, or, even better, and enemy combatant. The only thing preventing the Executive branch from using this to silence political dissidents is the enormous political fallout should they attempt it. It is, in addition, transparently racist in its implementation because it is being used to focus the eyes of law enforcement on dark-skinned foreigners, while largely ignoring homegrown terrorist groups such as the Ku Klux klan, National Alliance, Posse Comitatus, and the World Church of the Creator.
But, if none of these issues bother you, ignore me. You probably will anyway.
You are not the customer.
I lost money to a similar scam, except in my case the mail came in the form of a white envelope from the "Department of the Treasury, Internal Revenue Service." Short verison, there were papers in there wanting to know my social security number, how much I made, what I spent it on, all of the same information from my wife...and then it ordered me to give a percentage of my income to them or else they would come and put me in jail!
I did a bit of research and found that this money had been taken from me from some group of thugs called the Congress of the United States. Apparently, they took my money and I'm told there's very little chance of getting it back.
They've even got my employer in on the scam - now they are paying some of my paycheck directly to them.
Where's an MS patch when we really need one?
Honestly, the Patriot Act is so fucked up I doubt a simple patch will fix the problem. We'd have to throw the entire thing away and start from scratch. It's not worth salvaging.
And further more... What? Oh. You meant a patch for IE. Okay, I got it. My bad.
GMD
watch this
You are not the customer.
Man, I thought I was going to see some nasty Goatse-thing but then ... horror of horrors!! GEORGE BUSH!! AHHHHHHHHHHH!!!!!!!!!!!
That was rude, man...
I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.
I always swore by Norton, but from the things I've seen as of late, I think I'm sticking with Network Associates.
Until we all start signing our emails with PGP.
Remember, it's only defined as critical if it's exploited in the wild.
I do security
There are scams for the 0,001% with huge payouts (bank scams, 411 scams etc., simply rip-offs)
Then there's the scams for the 0,1% with some medium payouts (mortgages, loans etc., often poor business deals but "real")
Then there's scams for the 10%, like cheap herbal viagra and other one-off product sales, which are just a few dollars each but large in numbers.
Also, it's about finding the blind spot. Even people who would never normally buy SPAM but then get this wonderful offer that they just HAVE to try anyway.
You know it yourself. You might know a good price and who's a serious actor for buying a Pentium 2.8C or AMD XP 2800+ on sight, but in other areas you're at a blank. That's where spammers come in.
Kjella
Live today, because you never know what tomorrow brings
People that actually fall for this bullshit don't deserve to have a bank account in the first place. Do you honestly think the feds are gonna contact you via email to tell you that you're violating the patriot act? Go get an education.
Lots of elderly women who outlive thiner husbands, have to deal with the finances for the first time. These people make a great targets, they are computer illiterate. They where given a computer to communicate with their family, and dont know about all the email scams. And with the new homeland security daily threat levels, it confuses them.
Do a little research before you blame the victim.
Here's the text that prompted me into give away my personal info :)
Important News About Your Bank Account
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
http://www.fdic.gov/idverify/cgi-bin/index.htm
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
Yesterday I received a message that appeared similar in nature to that described by the article. After many phone calls I managed to speak to the fraud section at the Commonwealth Bank (biggest bank in Oz), where the message appeared to come from.
Their solution (after getting some of the bank staff to pull their head from the sand) was to redirect all requests to a specific URL to the Bank's home-page.
Now I for one, think that the only way that they could do that, was with cooperation from ALL ISP's in this country.
The scam and the banks initial response pissed me off, but the redirect scares the *shit* out of me.
Anyone else share my concerns, or should I just crawl back into my box and live with the idea that the Internet has just died...
|>>?
Someones comment above made me think about how you could possibly lessen the effects of attacks like these. They mentioned that one of the US providers lines cut access to the IP in question. Indeed its no longer pingable.
:) I'm sure there is plenty, its just an idea. :)
But how long does it take for word to reach them about that?
What I was thinkingwas, a sort of P2P network client that could actively collect IP's from sites like this and, while not outright blocking them (so the next legit user of that IP isnt screwed) could at least sit in a ZoneAlarm-like position on your system and monitor the IP addresses you try to connect to, if it matches the outgoing IP to one on the list, it throws up an error like "Warning! This IP may contain fraudulent information or be dangerous to your computer, only proceed if you are absolutely certain this site is safe!".
The P2P aspect would be nice because once new scams are caught in the wild (honeypots might be a very usefull tool to help catch them fast) users/admins could update the list (though some sort of peer review would almost certainly have to be in place to avoid abuse) and could redistribute itself amongst the network.
Idealy this should not have to be the case, but as in the above example, its not really a "bug" per-se because if you look at it, its quite obvious what they are doing, just the same there should be some way of preventing this kind of thing reaching the uneducated masses. Even 0.001% of the pop. falling for this kind of thing is unacceptable, and will only fuel people like this.
Anyway, commence poking my idea full of holes
"The saddest words of mice and men, are not those which were, but should have been."
Banks get notified of tons of things like this every day (I work in one), and all the tellers should know of the scams. Before you do anything involving your bank account, call your bank!
We also get memos telling us NOT to let Bin Laden or Saddam open accounts... allong with a list of the US Government's top 100 most wanted. I'm still not quite sure how we're suppossed to memorize all those names...
When I first heard about this bug I put a body_check in Postfix to block messages containing the offending code. In the past 24 hours it's blocked 40 messages that tried to exploit the bug but none were this FDIC scam.
n etwork.com/update/ which loads a microsoft page in one frame and in another frame attempts to download a file of type application/hta.
The virus is faked as coming from "security-center@microsoft.com" and it tries to send the user to http://www.microsoft.com%01@d2341647.u35.worldisp
I have yet to find information about this on any of the major Virus Scanners' websites. Anybody know more about it?
A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.
5
For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=12244
Right now, I feel like my taxes going towards the roads are paying largely for damage done to them by large trucks and buses.
What's their fuel consumption compared to that of your car? Once the more efficient hybrid car models show up on the used market in a couple years, they'll begin to take off among individual drivers. Less money spent on gasoline by individuals will shift the tax burden to those who buy fuel for large trucks and buses. In addition, large trucks and buses tend to run on diesel, and the government could tax that more than gasoline.
You're right, just check right here
They start the letter with To whom it may concern. Then I would think that if they don't even know my name, why should I trust them to know anything about my account? Ergo: it's spam. There should really be a mandatory Internet Safety Course for people who go online the first time. It's easy to be impressed by letters like this but also easy to learn how to distinguish between 'trusted' e-mail and spam like this.
-- Cheers!
/. users need to keep their eyes open for patches!! The patch was releasd some time back and /. did a story on it too.
OpenWares.org
Look for the IE patch. It was released Dec 2003
"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. "
(I'm joking, of course.)
False-Flag actions are easy to perform, they are incredibly effective, and the people in power are usually morally bankrupt (or outright psychotic) enough to feel no guilt in performing them.
"But they wouldn't DO that! Nobody would attack their own people! They just wouldn't DO that!"
No? They'd very deliberately lie to get us embroiled in an incredibly destructive and expensive war which is designed primarily to suck billions of dollars out of the public purse and feed it directly into the hands of a very few greedy men. The fact that or youth are being savaged both in body and mind means nothing to such people.
Oh, I assure you, they would do that. It's not a new idea by any stretch, and why would it be? Easy, effective, and nobody believes it could ever happen. Heck, it's what I'd do in their place. Easy. Effective. --And common! Every time somebody rips off an insurance company through arson or what-not, it's the same thing. It happens. People do it. If you think that people in government do not do it, you are a fool. Period.
Go and do some research. Look at all the 2003 'terrorist' bombings which took place around the world, notice when each of them happened. You'll notice that at each event, a significant step toward reason was undone. A bomb goes off, and a diplomat attending a key peace talk has a reason to storm out of the room. --Or some variation of that almost every single time. Also notice how the countries attacked were nearly always ones which happen to be sympathetic towards the so-called 'terrorist' nations opposed to US aggression. In other words, ridiculous targets which do not benefit the 'terrorists', but DO benefit the US and Israel.
My point?
The web is just another battle ground, folks.
A significant percentage of this web-damaging activity isn't perpetrated by private hackers or quick-money spammers. It's the covert arm of somebody's government and the aim is to increase the level of fear and uncertainty, to make people more willing to give up freedom. To make the public ready to accept a wave of lunatic arrests of so-called, 'hackers'.
It'll happen unless people are helped to understand the true nature of these kinds of events. If people don't get angry at the wrong parties, then we might just avoid the culling of the intellectuals which always happens during a fascist take-over.
Knowledge Protects.
-FL