Job Scam: Global Austrian Syndicate (gas-ltd.cn)
This is the same "Global Austrian Syndicate" job scam reported earlier, except that they've changed domain names from ".biz" to ".cn". Key phrases in this spam include the name "Francois Veillon", who claims to be "the manager of a Human Resources department of Global Austrian Syndicate (GAS)".
At this moment, the website for "gas-ltd.cn" is being served up from five distinct compromised computers: adsl-71-132-152-189.dsl.pltn13.pacbell.net [71.132.152.189], i166108.upc-i.chello.nl [62.195.166.108], adsl-69-229-122-56.dsl.scrm01.pacbell.net [69.229.122.56], adsl-70-228-129-73.dsl.akrnoh.ameritech.net [70.228.129.73], and mo-71-50-28-170.dhcp.sprint-hsd.net [71.50.28.170]. This is likely to change rapidly, for such is the nature of a botnet.
The nameservers for "gas-ltd.cn" are currently 202.95.232.72.reverse.layeredtech.com [72.232.95.202], and 41.91.232.72.reverse.layeredtech.com [72.232.91.41]. In my experience so far, layeredtech.com do respond to abuse reports, although not spectacularly quickly.
Update at 2006-06-22 05:33. I've just checked the nameservers again, and they're no longer responding. Either layeredtech.com is on the ball, or we're just lucky. Kudos to Layered Tech if they are, in fact, responsible.
No comments:
Post a Comment