Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.


Hijack Alert: talian pensioner dies hoisting flag for final game

Here's another instance of "sensational news" being used as bait to lure people to a website armed and loaded with Web-Attacker, a piece of software designed to compromise computers and place them under the control of another party. The spam itself looks like so.

World-Soccer News

"World-Cup'2006 Germany" scandals and afterparty news!

July 9-10:
Fresh news and more - on World-Soccer News!

This link to your friends!

Note the invitation to mail the link to your friends. Spread the disease, if you please, except that the link there is "" for some reason. Anyhow, the trail is fairly typical for this sort of thing. The "" (and ".org") website uses frame-wrapping to hold "". That site in turn starts with a tremendously obfuscated piece of Javascript which ultimately produces a page of soccer-related information.

Unbeknownst to the casual viewer, however, it also loads two invisible frames which incorporate Web-Attacker. One is at, and the other is at These ultimately redirect to Web-Attacker's attack-mode script. The statistics screen for the Web-Attacker instances can be found at and, respectively. You'll have to guess the password to do anything useful beyond that point, however.

No comments: