Re: Threat mail from russia

[Richard Forno <rforno () infowarrior org>]

Not wanting to start a long thread, and I know Al will kill it if it becomes
one, but this Russian note looks like a crock to me. I've seen similar
things before. 

Providing "guidelines" for securing a system can be as easy. This guy is
probably planning to strike it rich on some poor sap that responds to his
note. It'd be like me asking for $5K USD and then telling you something
brainless like recommending you not use Borgware OS products. Technically, I
would have provided you guidance, but in reality, it's probably a scam. Pay
me $10K USD to learn the secrets of avoiding automobile accidents.....my
response (after money is deposted of course) might be "don't drive."  :)

Plus, anyone purporting to be a legitimate business would never say they
would help you "on the following conditions...." That's the sign of a novice
or extortion letter. Make a mental note and move on to the next pressing
issue of the day....

FYI - a new marketing trick is for security/IT vendors to do a public query
of your DNS records and then spam you with "we noticed you don't have
alternate sites for your mail servers - we can help with that disaster
recovery item if you like..." messages.

Cheers, 

rf




> From: "Bjorn Djupvik" <Bjorn.Djupvik () globalone net>
> Date: Mon, 25 Jun 2001 14:20:56 +0200
> To: incidents () securityfocus com
> Subject: Threat mail from russia
>
> A client of ours received this mail today, did anyone else see this? Its
> probably just a scam/spam but we'd like to be
> sure.
> -- 
>
>
>
> Subject: 
> Attention! Read this letter attentively and show its your boss!!!
> Date: 
> Mon, 25 Jun 2001 16:53:57 +0600
> From: 
> odyssey () rambler ru
> To: 
> support@obfuscated
>
>
> Hi!!! I am poor Russian hacker which very much adores to research all that is
> connected with INTERNET (with network
> safety, finding various bugs.) Recently has decided to research
> your site and everything, that with it can be connected .Sorry ,should mark,
> that your protection system not so is
> perfect, as probably you think (in it I has detected 3 serious bugs.) And now
> present, that this information becomes accessible to anothers hackerz or to
> your competitors... Your reputation can thus
> .... But. I am ready to help to remove to you these bugs, but under
> condition of: Number first: your company will send on following bank score
> 5000 $ (for your company it is the trifling
> sum) Number second: As soon as money will be translated I immediately
> I shall send you my guidelines on elimination of these bugs.... Remember, what
> only at observance of my conditions my help
> (for me in it already is not absolutely nice experience) So, your
> company road your reputation is possible(probable)? Superfluous problems are
> necessary for you? So, you select...? P.S. I
> want to assure you of the following: I am not cyber-thief I am not
> cracker or vandal. Is simple to find bugs in a protection system is my
> weakness, except for that it that I know how to
> do(make) rather well. So I earn to myself on life... Banking account :
> Intermediary Bank Code: ABNAUS33 Intermediary Bank: ABN AMRO Bank, New York
> Beneficiary Bank Acc: 574074590141 Beneficiary
> Bank Code: IINDRUMM Beneficiary Bank:
>
> -----
> End of mail..


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com