Since some folks try to hack my webserver and phishing facebook accounts ( see left screenshot ,the php script is linked with image ) and uploadet banking malware from the royal bank of canada and the citizenbank ( see screenshot below )via a wordpress vulnerability onto my webserver and i had several hacking attempts , my server was used for a few outgoing DDos attacks (see screenshots below ).
Subject: Fraudulent site, please shut down! [RBC 11217] IP:
188.8.131.52 Domain: let.de
Date: Fri, 1 Jul 2011 04:23:45 +0300
RSA , an anti-fraud and security company, is under contract to assist
Royal Bank of Canada and its related entities (“RBC”) – A leading
Canadian bank – in preventing or terminating online activity that
targets RBC’s clients as potential fraud victims.
RSA has been made aware that*you appear to be providing Internet
Services to a fraudulent Web site*, which is part of a “phishing scam”*.
This activity violatesRBC’s copyright, trademark and other intellectual
property rights and may violate the criminal laws ofCanada, the United
States and other nations.
E-mail messages have been broadly distributed to individuals by a person
or entity pretending to beRBC. These e-mails useRBC’s name and identity
(including trademarks) without authorization. The e-mails request
recipients to verify and submit sensitive details related to theirRBC
*Within the fraudulent e-mail message, there is a link that leads the
recipients to a fraudulent website displaying****RBC’s**copyrighted
materials and trademarks. The fraudulent website is located at the
following URL address
which you provide services and which is under your control.*
The fraudulent website not only represents a misuse ofRBC’s intellectual
property; its purpose is to improperly obtain personal information ofRBC
customers in order to fraudulently access their bank accounts. The
people behind those websites typically perpetrate identity-theft related
activities, such as using customer’s credit cards or bank accounts
without authorization. In addition, since the vast majority of all of
the e-mails are not being sent to actualRBC customers, the actions serve
to damage the reputation and image of RBC.
*Please take all necessary steps to immediately shut down the fraudulent
website, terminate its availability to the Internet and discontinue
the****transmission of any e-mails associated with this website.*
*We understand that you may not be aware of this improper use of your
services and we appreciate your cooperation. We specifically would ask
that you also take the following actions:*
• Please provide us with a tar/zip file of the source code for this
site, so that we may analyze it to help prevent further attacks.
• If any customer data has been captured that is stored on your systems
or equipment, please send us that data so that the customers to whom
that data relates can be notified and take steps to protect their credit.
• Please provide a copy of any records you maintain that indicate the
name, contact information, method of payment or similar information that
may be useful in helping learn the identity and location of the customer
for whom the website has been operated.
Thank you for your cooperation to prevent and terminate this fraudulent
RSA Anti Fraud Command Center
Tel: +44(0)800-032-7751 (UK)
Tel: +1-866-408-7525 (US)
Tel: + 1-800-406-8651 (CA)
Fax: +972-9-9728101 (EU)
Fax: +1-212-208-4644 (US)
For more information about RSA’s AFCC _http://www.rsa.com/node.aspx?id=3348_
*cc:*Royal Bank of Canada
_Computer Security Incident Response Team_, RBC Information Security
Address: 315 Front St. W. – 13th Flr, Toronto, Ontario M5V 3A4
Tel: +1 – 416-348-4498
Fax: +1 – 416-348-2751
*”Phishing” is an e-mail scam that attempts to trick consumers into
revealing personal information, such as their credit or debit account
numbers, checking account information, Social Security Numbers, or
banking account passwords, through an imposter’s Web site or in a reply
NSA Chief: China Behind RSA Attacks
Chinese steal a “great deal” of military-related intellectual property, and were responsible for last year’s attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.