New server , new luck…..

Since some folks try to hack my webserver and phishing facebook  accounts ( see left screenshot ,the php script is linked with image ) and  uploadet banking malware from the royal bank of canada and the citizenbank ( see screenshot below )via a wordpress vulnerability onto my webserver and i had several  hacking attempts , my server was used for a few outgoing  DDos attacks (see screenshots below ).

Subject: Fraudulent site, please shut down! [RBC 11217] IP: Domain:

Date: Fri, 1 Jul 2011 04:23:45 +0300

From: <>

Dear Sirs:

RSA , an anti-fraud and security company, is under contract to assist

Royal Bank of Canada and its related entities (“RBC”) – A leading

Canadian bank – in preventing or terminating online activity that

targets RBC’s clients as potential fraud victims.

RSA has been made aware that*you appear to be providing Internet

Services to a fraudulent Web site*, which is part of a “phishing scam”*.

This activity violatesRBC’s copyright, trademark and other intellectual

property rights and may violate the criminal laws ofCanada, the United

States and other nations.

E-mail messages have been broadly distributed to individuals by a person

or entity pretending to beRBC. These e-mails useRBC’s name and identity

(including trademarks) without authorization. The e-mails request

recipients to verify and submit sensitive details related to theirRBC


*Within the fraudulent e-mail message, there is a link that leads the

recipients to a fraudulent website displaying****RBC’s**copyrighted

materials and trademarks. The fraudulent website is located at the

following URL address


which you provide services and which is under your control.*

The fraudulent website not only represents a misuse ofRBC’s intellectual

property; its purpose is to improperly obtain personal information ofRBC

customers in order to fraudulently access their bank accounts. The

people behind those websites typically perpetrate identity-theft related

activities, such as using customer’s credit cards or bank accounts

without authorization. In addition, since the vast majority of all of

the e-mails are not being sent to actualRBC customers, the actions serve

to damage the reputation and image of RBC.

*Please take all necessary steps to immediately shut down the fraudulent

website, terminate its availability to the Internet and discontinue

the****transmission of any e-mails associated with this website.*

*We understand that you may not be aware of this improper use of your

services and we appreciate your cooperation. We specifically would ask

that you also take the following actions:*

• Please provide us with a tar/zip file of the source code for this

site, so that we may analyze it to help prevent further attacks.

• If any customer data has been captured that is stored on your systems

or equipment, please send us that data so that the customers to whom

that data relates can be notified and take steps to protect their credit.

• Please provide a copy of any records you maintain that indicate the

name, contact information, method of payment or similar information that

may be useful in helping learn the identity and location of the customer

for whom the website has been operated.

Thank you for your cooperation to prevent and terminate this fraudulent




RSA Anti Fraud Command Center

Tel: +44(0)800-032-7751 (UK)

Tel: +1-866-408-7525 (US)

Tel: + 1-800-406-8651 (CA)

Fax: +972-9-9728101 (EU)

Fax: +1-212-208-4644 (US)



For more information about RSA’s AFCC _



*cc:*Royal Bank of Canada

_Computer Security Incident Response Team_, RBC Information Security


Address: 315 Front St. W. – 13th Flr, Toronto, Ontario M5V 3A4

Tel: +1 – 416-348-4498

Fax: +1 – 416-348-2751

Email: _CSIRT@rbc.com_ <>


*”Phishing” is an e-mail scam that attempts to trick consumers into

revealing personal information, such as their credit or debit account

numbers, checking account information, Social Security Numbers, or

banking account passwords, through an imposter’s Web site or in a reply



NSA Chief: China Behind RSA Attacks

Chinese steal a “great deal” of military-related intellectual property, and were responsible for last year’s attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s