PDF Reader 2009 – Fraud-Scam

May 24, 2009

Hi,

Scam over software mantains high its trend, this time the software used is PDF Reader 2009, the message is the following:

+———————————————————————————–

PDF Reader 2009 – New Version for Windows
The latest PDF Reader: Open, Edit & Create PDF Files

Activation Code: 9462
http://bulletinqrelease.com/re.php?lnk=1203489724

Included in this package:

OpenOffice Suite – Get things done more quickly and improve your work efficiency.

-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.

Activation Code: 9462
http://bulletinqrelease.com/re.php?lnk=1203489724

Download the complete Office solution today and also receive free updates and 24/7 customer support.

“Since the 90’s, PDF has become the standard file format for document exchange.” – Adobe

Activation Code: 9462
http://bulletinqrelease.com/re.php?lnk=1203489724

Thank you for choosing us, the worldwide leader in PDF Reader Solutions.

Best Regards,

Michael Daniels
PDF Reader 2009
You will not get anymore of our emails if you go here
http://bulletinqrelease.com/

or write to:

Plaza Neptuno, local #7
Via ricardo J Alfaro, Tumba Muerto
Panama Ciudad
Republica de Panama

+———————————————————————————–

The true PDF Reader 2009 can be free downloaded, in this case user is asked for an activation code and next prompted to a Special Offers page, where victim can chose some benefits at payment, money transaction is accoplished with Credit Card.

As usual in these frauds, money is stolen and no service is given.

Here some inspections about the domain:

ICANN Registrar: ENOM, INC.
Created: 2009-05-20
Expires: 2010-05-20
Updated: 2009-05-20

Server Data

IP Address: 67.209.131.18 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location United States – Nevada – Las Vegas – Acampana
Response Code: 200
Domain name: bulletinqrelease.com

Registrant Contact:
WhoisGuard
WhoisGuard Protected ()


Fake Download Open Office 2009 – Credit Card Fraud

October 12, 2008

Hi,

This morning I’ve discovered another funny Fraud attempt, based on a fake membership to Download Open Office 2009. This is the mail that I’ve received:

—————————————————————–

Open Office Suite 2009

Open, Create & Edit Your Files
Download Office Suite 2009??Here
Edit Word, Excel & Power Point files- 100% MS Office Compatible.

Office Solutions

Read and write PDF files just like Adobe.
Here’s how to download Open Office 2009:
1. Go to: Download Page
2. Download Open Office 2009
3. Receive access immediately
This software package is the best way to edit your documents.
Publish all of your documents online in the HTML format.
Thank you for choosing us, the worldwide leader in Open Office 2009.
For More Information Visit our Website
Thank You,

David Matthews

If you want to stop receiving mail, please go to:
http://daily–new-product.org/
or you may contact us at the following address:

Plaza Neptuno, local #7
Via ricardo J Alfaro, Tumba Muerto
Panama Ciudad
Republica de Panama

—————————————————————–

Republica de Panama? and OpenOffice?..that really strange you don’t !?!?

but let see this ‘great offer’..by clicking on the link reported into mail we are suddenly prompted to:

http://67.214.168.130/openoffice/index.asp?aff=001&camp=openoffice_espd&kbid=1587&sub=oo_espd&pop=1

and also this as you should understand sounds strange.. OpenOffice Website that is based upon an IP..

A classical well designed fake page, now let’s click on download, and as we can see we are asked for Membership, after filling email and Name/Surname fields appears the core of the Scam, the Membership to Be Activated needs a Credit Card Payment 😉

After accepting we are infront off a classical phishing form that contains:

  • Name
  • Surname
  • Location
  • PostalCode
  • E-Mail
  • Cc Number
  • CcV2
  • Scad

Here you can see the screenshot:

After clicking system “validates” you transaction and the fraud is successfully completed 🙂

Here some information about the used IP

IP Information for 67.214.168.130

IP Location: United States United States South Bend Colostore.com
IP Address: 67.214.168.130
Blacklist Status: Clear

Whois Record

OrgName:    Colostore.com
OrgID:      KCA-7
Address:    1805 South Michigan Street
City:       South Bend
StateProv:  IN
PostalCode: 46613
Country:    US

ReferralServer: rwhois://rwhois.colostore.com:4321/

NetRange:   67.214.160.0 – 67.214.191.255
CIDR:       67.214.160.0/19
OriginAS:   AS12260
NetName:    COLOSTORE-COM
NetHandle:  NET-67-214-160-0-1
Parent:     NET-67-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.COLOSTORE.COM
NameServer: NS2.COLOSTORE.COM
Comment:    http://www.colostore.com
RegDate:    2007-09-28
Updated:    2008-07-21

See you to the next post.. 🙂