Done. On 5/19/16 10:45 AM, Virgil Griffith wrote: > This needs to be blocked. Otherwise tucows will take away the tor2web.org > domain. > > ---------- Forwarded message ---------- > From: *Paul Karkas* <[email protected]> > Date: Thursday, 19 May 2016 > Subject: Fwd: Trojan Detected - Please Shut Down! tor2web.org > > > > Hello; > > > Please note that there is active malware on your site located at > > > http://eqrvbczir5ua2emd.tor2web.org/ > > > This may be due to an exploit , would you kindly remove the link and let me > know so we can put this issue to rest? > > > Thank you. > > > http://en.wikipedia.org/wiki/malware > > Since you are using Tucows whois privacy, I would kindly ask that you > > let me know how you will respond to this inquiry. > > > Should you not respond to this email within 48 hours, or provide > > Tucows/Contactprivacy indication that you will respond to the inquiring > > party, Tucows/Contactprivacy may act to remove or reveal the > > proxy/privacy services on your domain, as per the terms and conditions > > of the ContactPrivacy service: > > see https://www.opensrs.com/docs/contracts/exhibita.htm > > > Section 33. WHOIS PRIVACY SERVICE > > > "g. Right to Suspend and Disable. We shall have the right, at our sole > > discretion and without liability to you or any of your Contacts, suspend > > or cancel your domain name and to reveal Registrant and Contact Whois > > Information in certain circumstances" > > > Thank you. > > > Paul Karkas > > Compliance Officer OpenSRS > > Tucows Inc. > > [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> > > 416-535-0123 ext 1625 > > Direct line 416-538-5458 > > 1-800-371-6992 > > > > Paul Karkas > > Compliance Manager OpenSRS > > Tucows Inc. > > [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> > > 416-535-0123 ext 1625 > > Direct line 416-538-5458 > > 1-800-371-6992 > > Fax416-531-2516 > > fax416-531-2516 > > > -------- Forwarded Message -------- > Subject: Trojan Detected - Please Shut Down! - [BBVA - E2142429] - > 38.229.70.4 > Date: 19 May 2016 14:20:02 +0300 > From: RSA Anti-fraud Command Center <[email protected]> > <javascript:_e(%7B%7D,'cvml','[email protected]');> > To: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> > > BBVA - E2142429 > > To whom it may concern: > > RSA, The Security Division of EMC (“RSA”), an information security company, > has detected and verified that a Malware (as defined below) program is > being propagated from a server which is associated with the following URL: > > (the “Designated Site”) > > From our review, it is our understanding that you operate the Designated > Site and that it is, therefore, under your control. > > For the purposes of this letter, “Malware” means any software applications > or executables that perform actions unanticipated by and without the > consent of the person running the software. Malware is distributed via many > mechanisms including, but not limited to: email attachments; content > injection such as cross site scripting; exploiting security vulnerabilities > in operating systems and other software; and/or insertion into downloadable > software. Malware is designed, among other things, to misappropriate > personal data in order to engage in fraudulent transactions using that > data, and/or to compromise and co-opt an end-user’s networked computer; all > for the purpose of performing illegal or improper acts such as > misappropriating funds; carrying out denial of service attacks; and sending > unsolicited mass emails. > > For your information, we have analyzed the specific Malware and enclose a > file, which includes: > > - Malware name: *Ransom* > - Description:Ransomware is computer malware which holds a computer > system, or the data it contains, hostage against its user by demanding a > ransom for its restoration. > http://www.symantec.com/connect/node/1618951 > - http://eqrvbczir5ua2emd.tor2web.org/ > > This file also details the method by which it appears that the Malware is > downloaded to a victim’s computer. > > In this instance, it is our belief that the specific purpose of the Malware > is to misappropriate account credentials and identity information from the > customers of one or more financial institutions in order to access their > bank accounts fraudulently. > > *Therefore, we request that you immediately take all actions necessary to > disable and remove this Malware from the Designated Site.* > > We specifically would ask that you also take the following actions: *Please > provide us with a tar/zip file of all the content located under the > Malware's path (including hidden files)*, so that we may analyze it to help > prevent further attacks. If any customer data has been captured that is > stored on your systems or equipment, please send us that data so that the > customers to whom that data relates can be notified and take steps to > protect their credit. Please provide a copy of any records you maintain > that indicate the name, contact information, method of payment or similar > information that may be useful in helping learn about the identity and > location of the customer for whom the website has been operated. > > We would appreciate your email confirmation that the source of the Malware > infection has been disabled. > > We understand that you may not be aware of the above described improper use > of the Designated Site and we thank you for your cooperation in the > prevention of fraudulent online activity. The foregoing is without > prejudice to any and all rights and remedies of any financial institution > impacted by the improper use of the Designated Site, which rights and > remedies are hereby expressly reserved. > If you need further information, please do not hesitate to contact RSA at > the numbers below. > > Sincerely, > RSA SECURITY INC. > > *RSA Anti-Fraud Command Center* > Tel: +44 (0)800-032-7751 (UK) > Tel: +1-866-408-7525 (US) > E-mail: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> > > > > _______________________________________________ > Tor2web-talk mailing list > [email protected] > https://lists.ghserv.net/mailman/listinfo/tor2web-talk >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tor2web-talk mailing list [email protected] https://lists.ghserv.net/mailman/listinfo/tor2web-talk
