This needs to be blocked. Otherwise tucows will take away the tor2web.org domain.
---------- Forwarded message ---------- From: *Paul Karkas* <[email protected]> Date: Thursday, 19 May 2016 Subject: Fwd: Trojan Detected - Please Shut Down! tor2web.org Hello; Please note that there is active malware on your site located at http://eqrvbczir5ua2emd.tor2web.org/ This may be due to an exploit , would you kindly remove the link and let me know so we can put this issue to rest? Thank you. http://en.wikipedia.org/wiki/malware Since you are using Tucows whois privacy, I would kindly ask that you let me know how you will respond to this inquiry. Should you not respond to this email within 48 hours, or provide Tucows/Contactprivacy indication that you will respond to the inquiring party, Tucows/Contactprivacy may act to remove or reveal the proxy/privacy services on your domain, as per the terms and conditions of the ContactPrivacy service: see https://www.opensrs.com/docs/contracts/exhibita.htm Section 33. WHOIS PRIVACY SERVICE "g. Right to Suspend and Disable. We shall have the right, at our sole discretion and without liability to you or any of your Contacts, suspend or cancel your domain name and to reveal Registrant and Contact Whois Information in certain circumstances" Thank you. Paul Karkas Compliance Officer OpenSRS Tucows Inc. [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> 416-535-0123 ext 1625 Direct line 416-538-5458 1-800-371-6992 Paul Karkas Compliance Manager OpenSRS Tucows Inc. [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> 416-535-0123 ext 1625 Direct line 416-538-5458 1-800-371-6992 Fax416-531-2516 fax416-531-2516 -------- Forwarded Message -------- Subject: Trojan Detected - Please Shut Down! - [BBVA - E2142429] - 38.229.70.4 Date: 19 May 2016 14:20:02 +0300 From: RSA Anti-fraud Command Center <[email protected]> <javascript:_e(%7B%7D,'cvml','[email protected]');> To: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> BBVA - E2142429 To whom it may concern: RSA, The Security Division of EMC (“RSA”), an information security company, has detected and verified that a Malware (as defined below) program is being propagated from a server which is associated with the following URL: (the “Designated Site”) >From our review, it is our understanding that you operate the Designated Site and that it is, therefore, under your control. For the purposes of this letter, “Malware” means any software applications or executables that perform actions unanticipated by and without the consent of the person running the software. Malware is distributed via many mechanisms including, but not limited to: email attachments; content injection such as cross site scripting; exploiting security vulnerabilities in operating systems and other software; and/or insertion into downloadable software. Malware is designed, among other things, to misappropriate personal data in order to engage in fraudulent transactions using that data, and/or to compromise and co-opt an end-user’s networked computer; all for the purpose of performing illegal or improper acts such as misappropriating funds; carrying out denial of service attacks; and sending unsolicited mass emails. For your information, we have analyzed the specific Malware and enclose a file, which includes: - Malware name: *Ransom* - Description:Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration. http://www.symantec.com/connect/node/1618951 - http://eqrvbczir5ua2emd.tor2web.org/ This file also details the method by which it appears that the Malware is downloaded to a victim’s computer. In this instance, it is our belief that the specific purpose of the Malware is to misappropriate account credentials and identity information from the customers of one or more financial institutions in order to access their bank accounts fraudulently. *Therefore, we request that you immediately take all actions necessary to disable and remove this Malware from the Designated Site.* We specifically would ask that you also take the following actions: *Please provide us with a tar/zip file of all the content located under the Malware's path (including hidden files)*, so that we may analyze it to help prevent further attacks. If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit. Please provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn about the identity and location of the customer for whom the website has been operated. We would appreciate your email confirmation that the source of the Malware infection has been disabled. We understand that you may not be aware of the above described improper use of the Designated Site and we thank you for your cooperation in the prevention of fraudulent online activity. The foregoing is without prejudice to any and all rights and remedies of any financial institution impacted by the improper use of the Designated Site, which rights and remedies are hereby expressly reserved. If you need further information, please do not hesitate to contact RSA at the numbers below. Sincerely, RSA SECURITY INC. *RSA Anti-Fraud Command Center* Tel: +44 (0)800-032-7751 (UK) Tel: +1-866-408-7525 (US) E-mail: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');>
_______________________________________________ Tor2web-talk mailing list [email protected] https://lists.ghserv.net/mailman/listinfo/tor2web-talk
