[Dshield] stolen credit card

WMAVT@aol.com WMAVT at aol.com
Wed Jan 21 15:48:36 GMT 2004

          It seems that we have two different problems here. 1: He was 
notified, could be a good thing, it just seems a little fishy how the info was 
caught. 2: How did they get all the Info? I cannot understand why anyone puts 
"Real" or Complete Info on amy computer that is connected to the Internet, 
       Ask you friend if he is using M$ Passport, If so he did not check 
around before setting it up. 
       I tell all of my customers that if they use "Passport" not to call me 
if they have problems, they are on their own. M$ set that wrote that program 
for reasons of their own, then made it look like it as just to make life easier 
for people, Tracking is Tracking, Passport will never be 100% safe. Just to 
many ways to get in. 
      I have everyone make up an Internet name, all new computers use hat 
name also [at set up] CC $s can be kept on computers - the last 4 numbers, The 
advantages to this are many, but the one that helps the most is tracking what 
program, browser, site, gathered or sent you personal info. 
      If he is using Passport get him off it, Please let him know that BANK 
security is do way the same as what the average or even most system addmins 
use. I believe that is where he got the idea it was OK to put "REAL" personal 
Information on his Computer
                               Be safe Bill

========Original Message======== 
Subj:   [Dshield] stolen credit card    
Date:   1/20/2004 1:54:07 PM Mountain Standard Time 
From:    darren at dshield.org (Darren)
Sender:    list-bounces at dshield.org
Reply-to: <A HREF="mailto:list at dshield.org">list at dshield.org</A> (General DShield Discussion List)
To:    list at dshield.org

Fellow Listers-

I have a colleague at the my bank who has had his credit card information
stolen from his home pc.  He is aware of this and he and I have been working
to try and figure out where and when.  He then received an e-mail this
morning that states the following:

> > Good day Mr. Rxxxx Xxxxxx
> > My name is Kenji Nurasaki, I am the director of R.I.S.S.(Romanian 
> > Internet Security Service).A couple of days ago I've just 
> > intercepted a IRC conversation betwen two kids.One of them gave the 
> > following to the other. The R.I.S.S. recomend that you change your 
> > Credit Card of block it.

Following this was his credit card number, expiration date, and all personal
information.  I would like some advise on what to do and if this person is
an actual person/company.  Thank you very much in advance.


list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: 

----------------------- Headers --------------------------------
Return-Path: <list-bounces at dshield.org>
Received: from  rly-xm01.mx.aol.com (rly-xm01.mail.aol.com []) 
by air-xm01.mail.aol.com (v97.18) with ESMTP id MAILINXM11-5ea400d9550301; Tue, 
20 Jan 2004 15:54:06 -0500
Received: from  mail.giac.net (mail1.giac.net []) by 
rly-xm01.mx.aol.com (v97.10) with ESMTP id MAILRELAYINXM14-5ea400d9550301; Tue, 20 Jan 
2004 15:53:36 -0500
Received: (qmail 1421 invoked from network); 20 Jan 2004 20:46:13 -0000
Received: from  (HELO dshield.com) (@)
  by 0 with SMTP; 20 Jan 2004 20:46:13 -0000
Received: from maverick12.sans.org (localhost.localdomain [])
    by dshield.com (8.11.6/8.11.6) with ESMTP id i0KKk1v14210;
    Tue, 20 Jan 2004 20:46:01 GMT
Received: from mail.giac.net (iceman1 [])
    by dshield.com (8.11.6/8.11.6) with SMTP id i0KKdlv13934
    for <list at maverick12.sans.org>; Tue, 20 Jan 2004 20:39:47 GMT
Received: (qmail 26482 invoked from network); 20 Jan 2004 20:39:07 -0000
Received: from  (HELO dshield.org) (@)
    by 0 with SMTP; 20 Jan 2004 20:39:07 -0000
Old-Received: (qmail 24629 invoked from network); 20 Jan 2004 20:36:27 -0000
Old-Received: from mail.euclidian.com (
    by 0 with SMTP; 20 Jan 2004 20:36:27 -0000
Old-Received: (qmail 26184 invoked from network); 20 Jan 2004 20:36:27 -0000
Old-Received: from  (HELO euclidian.com) ()
    by 0 with SMTP; 20 Jan 2004 20:36:27 -0000
Old-Received: from bart.lan (devems.sans.org [])
    by euclidian.com (8.12.8/8.12.8) with ESMTP id i0KKaI67025462
    for <list at dshield.org>; Tue, 20 Jan 2004 15:36:19 -0500
Old-Received: (from jullrich at localhost)
    by bart.lan (8.12.8/8.12.8/Submit) id i0KKaI3Q025460;
    Tue, 20 Jan 2004 15:36:18 -0500
Date: Tue, 20 Jan 2004 15:36:18 -0500
Message-Id: <200401202036.i0KKaI3Q025460 at bart.lan>
From: Darren <darren at dshield.org>
To: list at dshield.org
Old-X-Envelope-To: list at dshield.org
X-Seen-By: bob list
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Tue, 20 Jan 2004 20:45:50 +0000
Subject: [Dshield] stolen credit card
X-BeenThere: list at dshield.org
X-Mailman-Version: 2.1.3
Precedence: list
Reply-To: General DShield Discussion List <list at dshield.org>
List-Id: General DShield Discussion List <list.dshield.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/list>
List-Post: <mailto:list at dshield.org>
List-Help: <mailto:list-request at dshield.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=subscribe>
Sender: list-bounces at dshield.org
Errors-To: list-bounces at dshield.org

More information about the list mailing list