| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ff6682c60909212158j50b248aaxe9d914dc15e26746@mail.gmail.com>
Date: Mon, 21 Sep 2009 21:58:43 -0700
From: BMF <badmotherfsckr@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Chargebacks and credit card frauds
On Mon, Sep 21, 2009 at 9:26 PM, Steven Anders <anderstev@...il.com> wrote:
> 1. how do they place the orders using all the legit IPs - since all the IPs
> are from Sbcglobal , Cox communications, and all the other major ISPs near
> the billing addresses. Could it be that they actually took control of the
> PCs and then steal the credit card, and then place the order remotely from
> the controlled PC?
Yes. They proxy the orders through compromised windows boxes using the
credentials they stole right off that same box when someone ordered
something online. It's not like there is any shortage of compromised windows
boxes through which they could do this.
2. Any insights on how these fraudsters obtain the stolen credit card
> numbers?
>
Straight off the keyboards of the compromised boxes they proxy through.
I am now tasked with improving our backend checks to make sure we don't have
> any more fraudulent order, and would appreciate any pointer or insights into
> this matter. Any theories, insights, or information would be very useful.
>
You are fucked. Thank Microsoft.
BMF
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists