Blog for hpHosts, and whatever else I feel like writing about ....

Friday 27 March 2009

Malicious SMS sending victims to persdata7.com

I've been advised by Holger at Malware Domain List, that a malicious SMS message is doing the rounds, pointing victims to persdata7.com with the following SMS message (and variations thereof);

someone posted your full personal and banking information at hxxp://persdata7.com website you must remove it now


I'm trying to find out which number is sending these so I can get in touch with their provider, and am trying to get in touch with Global Net Access, LLC, who actually host persdata7.com.

persdata7.com currently infects victims with the Ambler trojan (naughty naughty). If you receive one of these SMS messages, DELETE IT - DO NOT VISIT THE WEBSITE.

/update 16:50

I've spoken some more to Holger and the number that was sending the text messages was;

+380672132627

persdata7.com has now also been suspended.

/update 20:30

I've been doing some research, and from what I can find, +38 is an Albanian mobile phone, possibly provided by AMC (Albanian Mobile Communications). I'm trying to get in touch with them to get this verified (if it does not belong to them, they will hopefully point me in the direction of the correct provider).

/update 20:50

Holger has advised me that +380 is actually the Ukraine .... (why the sites I looked at didn't mention that is beyond me).

References:

Malware Domain List - persdata7.com
http://www.malwaredomainlist.com/forums/index.php?topic=2639.0

Internet Storm Center - There is some SMiShing going on in the EU
http://isc.sans.org/diary.html?storyid=6076

Money Saving Expert - Text message scam
http://forums.moneysavingexpert.com/showthread.html?t=1588413

5 comments:

DeejayAJ said...

My dad got the same message this morning but the sender was +380672132156

Unknown said...

Mine came from +380672132421

Stephen said...

My text message came from +380672132546

natural yogurt living in Cardiff, UK.

Reading Quakers said...

I received the same message on 27th March at 03:55, but the sender was +380-672 132 991. Seems like another Ukrainian mobile.

Unknown said...

I got one on friday from +380672132214.