AA419 DDOS May 2010

Reports and investigations into Distributed Denial of Service attacks.

AA419 under DDoS

Postby meep » Tue May 25, 2010 10:06 pm

According to the twitter post from today: "aa419 under ddos attack-trying to get it sorted now" by @aa419.

:roll:
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

AA419 DDOS May 2010

Postby Red Dwarf » Wed May 26, 2010 12:46 am

A web site specializing in Advanced Fee Fraud exposure has come under a Distributed Denial of Service attack (DDOS)

The attack is mentioned in these forums
http://antifraudintl.org/showthread.php?t=37584
and http://netscammers.blogspot.com/2010/05/aa419-ddos-attack.html

A twitter notice says
http://twitter.com/aa419 - aa419 under ddos attack-trying to get it sorted now

Previous DDOS attacks on the same site were in September 07 and April 08.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10431
Joined: Tue Jun 27, 2006 2:01 am

Re: AA419 DDOS May 2010

Postby AlphaCentauri » Wed May 26, 2010 1:12 am

I've merged the two topics so we can keep any discussion in one place.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: AA419 DDOS May 2010

Postby ahoier » Wed May 26, 2010 2:09 am

Interesting I come to the new posts today, "AA419 DOS" and "Zeus Botnet is knocked offline"

Curious who's behind the DOS then :)
ahoier
Spammer Killing Machine
 
Posts: 593
Joined: Thu Apr 03, 2008 4:33 pm
Location: Florida

Re: AA419 DDOS May 2010

Postby meep » Wed May 26, 2010 8:06 am

aa419.org is still offline for me, so this must be a big attack. I wonder if any artist volunteers from there will post here.

ahoier wrote:
Curious who's behind the DOS then :)


According to one of the links Red posted above, Netscammers Blogspot, it may be German-based attackers. I have no insight into these groups or who may dislike them, but the timing for all these is interesting to note. Let's hope they get their hosting back online as soon as possible.

Preliminary reports indicate the DDoS is coming from scammers who recently launched attacks on a German based blog:
http://autosec4u.forumieren.com/
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: AA419 DDOS May 2010

Postby spamislame » Wed May 26, 2010 10:44 am

Huh. Interesting news. It's always a wonder what caused this particular tantrum.

They must have had some pretty decent successes recently to cause this reaction. In which case, ultimately very good news.

And on the day I reached $50bn USD. *sigh*

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: AA419 DDOS May 2010

Postby spamislame » Wed May 26, 2010 11:52 am

More coverage and investigation:

http://netscammers.blogspot.com/2010/05 ... cammers%29

Preliminary reports indicate the DDoS is coming from scammers who recently launched attacks on a German based blog:
http://autosec4u.forumieren.com/

And in a comment:

autosec4u said...

The scammer contacted us, demanding we not publishing any new Shops or bank accounts he is using. Also he told us to remove a certain member from our team. Otherwise he will "ddos endlessly".
We basicly told him to eff off. Soon after we received a email with sites he is and will attack, mainly those who are found first on google. Amongst them aa419.org. The scammer is a kiddie from the german carders scene, attacks are via russia, c&c probably hosted at heihachi.net, webalta, wahome, 2x4.ru.

Interesting!

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: AA419 DDOS May 2010

Postby meep » Wed May 26, 2010 6:15 pm

... The scammer is a kiddie from the german carders scene, attacks are via russia, c&c probably hosted at heihachi.net, webalta, wahome, 2x4.ru.


Cool sleuthing. The only thing that sounds familiar to me there is Webalta.ru. Yuck cybercrime haven. I don't know what these other websites are, but it sounds pretty bad; I am sure google could give me a few tips.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: AA419 DDOS May 2010

Postby Red Dwarf » Wed May 26, 2010 6:52 pm

http://www.webhostingtalk.com/showthread.php?t=859747 has a very revealing self incriminating conversation with heihachi.net if you would like some background on these RU hacker sites.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10431
Joined: Tue Jun 27, 2006 2:01 am

Re: AA419 DDOS May 2010

Postby spamislame » Thu May 27, 2010 10:54 am

This definitely deserves a lot more research. Obviously not on the level.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: AA419 DDOS May 2010

Postby spamislame » Thu May 27, 2010 11:19 am

Possibly related, possibly not, but Spamnation was also DDOS'd.

http://www.spamnation.info/blog/archive ... on+Blog%29

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: AA419 DDOS May 2010

Postby AlphaCentauri » Thu May 27, 2010 5:12 pm

Actually, they are highly related. Reverse IP lookup shows these three domains:
1. aa419.org
2. castlecops.com
3. spamnation.info


A "high value target" as we would say.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: AA419 DDOS May 2010

Postby ahoier » Thu May 27, 2010 7:00 pm

Indeed, likely due to the domino effect. Even if the criminals only wanted to attack one site, since there are 3+ hosted at the same address, they all got collateral damage....
ahoier
Spammer Killing Machine
 
Posts: 593
Joined: Thu Apr 03, 2008 4:33 pm
Location: Florida

Re: AA419 DDOS May 2010

Postby Red Dwarf » Thu May 27, 2010 7:51 pm

Some fascinating output as background to these attacks. They are thought to be the fallout from the sort of information being released at sites like
http://heihachi-worms.blogspot.com/2010 ... worms.html

Note that autosec4u.de is also under attack, and it reveals information on carder scams and activity.
On bullet-proof twitter they continue to post information on a gold dealer operation - http://twitter.com/autosec4u

Twitter, autosec4u, translated wrote:Scammer responsible for DDoS attacks announces via email, read here: http://autosec4u.blogspot.com

gold-truhe.com - more gold scam yet! http://tinyurl.com/38cav62
Check out this site: Heihachi worms - http://bit.ly/d7T9hd
Gold tuerkei.com - on it goes with gold rip http://tinyurl.com/3yqfwut
Continuing with Gold rip-off: gold-secure-kaufen.com, gold-and gold-see.com zeit.com
More Gold rip-off! gold-direkthandel.com und gold-direkt.com
More Goldbetrug! http://www.gold-erwerben.com
Gold-mail scams! www.gold-versandhandel.com handel24.com gold-gold-gold-haus24.com kaufen24.com gold onlineshop.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10431
Joined: Tue Jun 27, 2006 2:01 am

Re: AA419 DDOS May 2010

Postby AlphaCentauri » Fri May 28, 2010 3:01 am

Via his twitter page:
http://news.softpedia.com/news/Romanian ... 3204.shtml

The Romanian organized crime police has dismantled a major cybercriminal ring that specialized in manufacturing and selling ATM skimmers. Law enforcement officials descended at more than 40 locations in several cities and detained 20 suspects...

Teams of Romanian Police special forces raided 38 locations in Craiova, six in Bucharest and three in a neighboring county earlier today, taking a total number of 20 suspects back for questioning. ...

In related news, two days ago, DIICOT also arrested five fraudsters after executing similar raids in the city of Brasov. The individuals are believed to be members of another cybercriminal group specializing in card cloning. According to prosecutors, EXEBA card magstripe reading/writing equipment was found and confiscated, along with various ATM skimming devices.

Romania, once a safe haven for cybercriminal operations, has made significant progress in combating organized crime that focuses on credit-card fraud, phishing or hacking. During the past two years alone, the Romanian DIICOT has managed to dismantle an impressive number of cybercriminal rings operating in the country and abroad. Many of these successful takedowns were the result of a close collaboration with the FBI, the US Secret Service, the INTERPOL and other foreign law enforcement agencies.


I wonder if that has anything to do with the DDoS?
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Next

Return to Denial of Service Attacks [DDOS]

Who is online

Users browsing this forum: No registered users and 1 guest

cron