WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST
By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.
I recently received a 419 E-Mail from a compromised SFASU.edu E-mail account which instructs the recipient to E-Mail an @hosanna.net account.
Hosanna.net appears to be hosted by a large South Korean ISP, ONSE Telecom (www.onsetel.co.kr) and was wondering if anyone here spoke Korean or had means of shutting down Korean hosting. I'll be sending an E-Mail to their abuse department, but being in English, I'm not sure that it will get the attention it warrants.
Apparently ONSE is a large ISP in Korea, so the offshore factor shouldn't be a safeguard for the lads, just the language barrier.
As far as the originating E-Mail, I've already been on the phone with Stephen F. Austin State University (the university of the originating E-Mail) all day trying to get in touch with IT Security specifically, but their communication is horrible. No one knows who to speak to about suspending an account, though I do have calls in to a few direct lines of people who should be able to help.
Spoke with a Sergeant with the SFA Police Department (whom I had to explain what a 419 letter was amongst a lot of other things... He wasn't very computer literate) who passed the information on to their detectives as well as the PD's internal IT department (apparently the PD and University both have separate IT departments), but the Sergeant had no clue who to get in touch with to get the originating account termed (trying to get it shut down just in case the lad is still blasting via the compromised account).
Additionally; SFA's E-Mail is set up so that their E-Mail headers only display the University's IPs, not that of the sender.
So, if anyone has any proficiency in Korean, or knows of anyone with success in shutting down Korean-based hosting, please feel free to contact me or take action
Are you interested in Charity work? Please contact me for more details. Contact Email: [email protected]
Caligula small sausage
Joined: 13 May 2009
Location: Growing old
Fri Jul 08, 2011 7:04 pm
You called for a sitekiller?
If I recall correctly hosanna.net just provides email addresses to whoever wants them - comparable to hotmail.com or gmail. So hosanna.net isn't a domain which will be taken offline because a scammer uses it to scam people. I also don't suggest reporting just the email address to hosanna, as we don't close individual addresses for various reasons listed in the stickeys.
As for the .edu address, I'm impressed by all the effort you went through! Many of those accounts get phished and used to spam their opening scripts and we often come accross those. I think you did brilliant work, and it's up to the IT departments to do their jobs now.
Welcome to eater!
_________________ x 600+ (gave up counting long time ago)
Joined: 14 Oct 2010
Location: Taking my new .38 special to the range
Sun Jul 10, 2011 8:02 pm
The Help Desks at the .edu's are very good about fixing things and giving their student or faculty a new email account when it gets phished like that. It has been my experience their IT departments handle them within 24 hours. I usually send a form script I have to their IT/Help Desk with pertinent information and a link to what a 419 scam is and find the universities or school districts are most appreciative.
One university help desk person wrote me back to learn more and I directed him to Eater.
Nash and 6 friends 488 Km within Ghana - bait with Agda (2012)
Safari Philip Ghana-Benin (bait w/Agda) 2013
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum