escrow car fraud- the payback(hopefully)

Have you been frauded at at an Online Escrow Site? Put your story, questions and comments here!
Click Here to return to escrow-fraud page


Moderators: georg, suziecue, JaxHot

Postby dominus » Tue Jun 05, 2007 3:17 pm

Ok... if I get it-the only thread for my pc was when I entered the escrow-europa site? Is my pc safe now-after deleting the host entries? And how the *spammer* can be my computer harmed by a stupid e-mail? Sry for language but microsoft makes me mad now...
dominus
Infant
 
Posts: 19
Joined: Sun Jun 03, 2007 2:26 pm

Postby peg » Tue Jun 05, 2007 3:18 pm

Dominus (and others that got the email) sorry, I sent you the wrong email accusing you as the scammer.... I have "Resent" the email that was intended for you.

Also, your HOSTS file should read as follows:

Code: Select all
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

You generally do not need anything other than that..... If you have more than that one line (those preceded with # are just comments and harmless) lf the 127.0.0.1 localhost especially if it's pointing to a site that you are questioning... you should delete it (or atleast put a # at the beginning of that line)


Here is a site that gives more detail about the HOSTS file http://accs-net.com/hosts/what_is_hosts.html but suffice it to say.... You only need that one line!
- peg -

-- eschew obfuscation!! --
If we were able to help you please consider making a donation to support this site.
Donation button at the top of page.
User avatar
peg
Site Admin
Site Admin
 
Posts: 827
Joined: Sun Feb 09, 2003 6:25 am
Location: United States

Postby georg » Tue Jun 05, 2007 3:24 pm

and make the host
"write-protected"
..is not absolut secure, but better then nothings
User avatar
georg
Moderator
Moderator
 
Posts: 442
Joined: Mon Mar 13, 2006 9:44 am

Postby dominus » Tue Jun 05, 2007 3:36 pm

np peg :lol:

guys I would offer You a beer if possible :wink:
dominus
Infant
 
Posts: 19
Joined: Sun Jun 03, 2007 2:26 pm

Postby dominus » Tue Jun 05, 2007 3:39 pm

And that is the car I wanted(still want) to buy http://www.autoscout24.it/Details.aspx?id=89450005

:lol:
dominus
Infant
 
Posts: 19
Joined: Sun Jun 03, 2007 2:26 pm

Postby CapriceFéline » Tue Jun 05, 2007 3:53 pm

Una bella macchina. Anche io la voglio. Siamo d'accordo. Ma...che..
Caprice
Wer kein freundliches Gesicht hat, sollte keinen Laden aufmachen. Chinesisches Sprichwort.
CapriceFéline
Adult
 
Posts: 89
Joined: Tue Apr 25, 2006 9:54 pm
Location: Germany

Postby lightfair » Tue Jun 05, 2007 7:27 pm

dominus wrote:Ok... if I get it-the only thread for my pc was when I entered the escrow-europa site? Is my pc safe now-after deleting the host entries? And how the *spammer* can be my computer harmed by a stupid e-mail? Sry for language but microsoft makes me mad now...


dominus:

Please think back a bit: Did you get an email from the scammer containing an attachment, like a picture or an invoice? This is the most typical way to manipulate the hosts file.

(Excurs: While I was baiting a scammer a long time ago he tried to make me open the attachment he sent me. Unfortunately I was on a Mac and hence his nice little trojan horse went nowhere. Finally I opened up the attachment in an emulator, and it actually displayed a picture with the "terms and conditions" - but at the same time it was changing my hosts file in the emulator. The virus scanners did not detect this; a couple of days later they did though.)

It is REALLY important that you do a thorough virus check on your computer. Update the virus signatures first. If there actually WAS such an attachment I would like to have a look at it.

Now a short description of what has happened to you.

At the core of the Internet are so called "IP addresses". Each computer and each server on the Internet has such an address (actually it's a bit more complicated but let's stick to this). For example, the server "www.autoscout24.de" has the IP address 212.18.30.44; ot the server "www.autoscout24.it" has the IP address 212.18.30.45. All communication is done with those addresses. If you type "www.autoscout24.it" into your browser your computer actually connects a so called "Domain Name Server" first; this server tells your computer the IP address (212.18.30.45 in our case) and then your computer makes the connection to this IP address.
This is done for all domain names (web addresses) with one exception: addresses found in the "hosts" file. For those the IP address found in the hosts file is used.
So something (probably a trojan horse) changed your hosts file and added entries for "escrow-europa.com". Now let's see what is happening now. Normally, when calling up "escrow.europa.com" or "www.escrow-europa.com" from your browser your computer would contact the Domain Name server to obtain the IP address. This would have been 80.207.87.67 and you computer would afterwards make the connection to this address. BUT because there were entries for escrow-euopa.com and http://www.escrow-europa.com in your hosts file the IP addresses found in the hosts file are used; and so your computer goes to IP address 208.179.102.59 (instead of the correct one). Of course this is a completely different server which has nothing to do at all with escrow-europa.com!
The really scary thing is that the user does not even notice this because the address bar in the web browser displays "www.escrow-europa.com"; it is not at all appearent that one is sent to a completely different server.

Bottom line: The "bad guys" somehow managed to manipulate your computer, and actually this must have happened before you went to the fake version of escrow-europa.com. As described please try to remember if there were any files or attachments involved. Those are very likely the culprits.
lightfair
Master
 
Posts: 865
Joined: Sat Sep 09, 2006 12:54 pm

Postby georg » Tue Jun 05, 2007 7:58 pm

bewuscht fallllsch jeschribben....

llass dän spiinner in ruhhe, är "schnallllt" es nicht...
gruss
georg
User avatar
georg
Moderator
Moderator
 
Posts: 442
Joined: Mon Mar 13, 2006 9:44 am

Postby dominus » Tue Jun 05, 2007 11:11 pm

lightfair
Tnx for explanation, I allready learned that today ;)
I have avast antivirus fully updated+spybot updated and they both didn't detect anything.

I can mail You the attachment(allready mailed to some friendly guys), just send me a pm with your e-mail address ;)
dominus
Infant
 
Posts: 19
Joined: Sun Jun 03, 2007 2:26 pm

Postby dominus » Wed Jun 06, 2007 8:31 pm

I have bought a car today 8)
A real one :lol: Sry for spamming but I'm so happy :wink:
dominus
Infant
 
Posts: 19
Joined: Sun Jun 03, 2007 2:26 pm

Previous

Return to Escrow Fraud

Who is online

Users browsing this forum: No registered users and 9 guests

cron