Tuesday, May 25, 2010

aa419 DDOS Attack

http://www.aa419.org/ is currently under a DDoS attack.
(Distributed Denial of Service)
Explanation here:
http://en.wikipedia.org/wiki/Denial-of-service_attack
This also affects the forum:
http://forum.aa419.org/index.php
and Fake Bank Database.

Preliminary reports indicate the DDoS is coming from scammers who recently launched attacks on a German based blog:
http://autosec4u.forumieren.com/

As posted below in the comments area:

autosec4u said...
"The scammer contacted us, demanding we not publishing any new Shops or bank accounts he is using. Also he told us to remove a certain member from our team. Otherwise he will "ddos endlessly".
We basicly told him to eff off. Soon after we received a email with sites he is and will attack, mainly those who are found first on google. Amongst them aa419.org. The scammer is a kiddie from the german carders scene, attacks are via russia, c&c probably hosted at heihachi.net, webalta, wahome, 2x4.ru
. "

The DDoS attack is coming from Russian servers and is a result of refusals to remove the posts on fake sites.

Here is a list of the fake sites that these scammers didn't want posted on
http://www.aa419.org/
and
www.autosec4u.info http://www.forum.autosec4u.info/
autosec4u.forumieren.com

gold-traum.com
gold-anonym-kaufen.com
gold-barren-silber.com
welt-gold.com
gold-im-trend.com
gold-truhe.com ,
gold-tuerkei.com
gold-experten.com
gold-erwerben.com
gold-handel24.com
gold-haus24.com
gold-kaufen24.com
gold-onlineshop.com
gold-versandhandel.com
gold-direkt.com
gold-direkthandel.com
gold-sicher-kaufen.com
gold-see.com
gold-zeit.com

McAfee Site Advisor has these sites listed with warnings.
Example:
http://www.siteadvisor.com/sites/gold-zeit.com/postid/?p=4691830

One of the scammers is using this email address:
Silvio Trulli dersilviode@yahoo.de supposedly belonging to a German male, 37 years of age:
He is using this IP address:
216.18.20.108

Here are threatening messages in German and English which the scammer sent to the Autosec4u sites:

hey

hier derhaha sicher dir bekannt.
ich werd eure ganzen mist seiten bis zum geht nicht mehr ddosen habe jetz so einen starken ddos den niemand aushalten wird.
Ich gebe dir eine vernüftige chance wenn du
a) dieselente aus dem forum entfernen tust
b keine shops und konten mehr veröffentlichen lässt
ich kann dir anbieten das du nach paar tagen wenn ich die shops gewechselt habe die shops posten kannst.
Alles was hier geschrieben wird bleibt unter uns und wenn du denkst das ich nur spass mache kannst du mich testen.Veröffentliche aufkeinenfall diese email sonst sind die verhanldung beendet.
ich hoffe wir werden uns einige

here derhaha sure you know.
I'll mist all over your pages is to no longer have to endure ddos ddos book now such a strong no one will.
I give you a chance if you are very sensible
dieselente a) remove from the forum do
b no shops and accounts can publish more
I can offer you that you can sit for few if I changed the shops, the shops post.
Everything that is written here remains among us and if you think I'm just fun you can email me testen.Veröffentliche aufkeinenfall this verhanldung otherwise have ended.
I hope we will get some


ihr volldeppen
niemand weiss was über mich auch nicht heihachi und heihachi sitzt auch irgendwo in russland und das geld schick ich immer auf ein Konto in russland von einem Konto was einem finanzagenten gehört den ich seid 2 jahren nutze also erspart euch alles.
Wo ich site?Ich sitze soeben in Büro mit meinem Laptop und nutze das Wlan von Polizei Xy das sind nämlich gute Freunde also bevor irgendwas gegen mich ist weiss ich schon längst bescheid und bin über alle Berge muhahaha
volldepppen


her volldeppen (idiots)
nobody knows what about me and not Heihachi Heihachi sits somewhere in russia and I always send money to an account from an account in russia what is a fiscal agent that I use two years are therefore spared you all things.
Where to site? I just sit in office with my laptop and use the wifi of the Xy police are in fact good friends before anything against me then I know has long been know and am over all the mountains muhahaha
volldepppen

More on these scammer's exploits here:

http://www.facto24.de/?p=2780

*English Translation*


Here is a new list of fake shops by these scammers.
All hosted on the same server by the scam friendly Heihachi Ltd:

Administrative Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Technical Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Registrant Contact:
Heihachi LTD.
Andreas Mueller ()

Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT



inetnum: 92.241.190.0 - 92.241.190.255
netname: HEIHACHI
descr: Heihachi Ltd
country: RU
admin-c: HEI668-RIPE
tech-c: HEI668-RIPE
status: ASSIGNED PA
mnt-by: RU-WEBALTA-MNT
changed: lexa@wahome.ru 20090908
source: RIPE

person: Andreas Mueller
address: Bella Vista, Calle 53, Marbella
address: Ciudad de Panama, Panama
remarks: Visit us under gigalinknetwork.com
remarks: ICQ 7979970
remarks: Dedicated Servers, Webspace, VPS, DDOS protected Webspace
remarks: Send abuse ONLY to: abuse@gigalinknetwork.com
remarks: Technical and sales info: support@gigalinknetwork.com
phone: +5078321458
abuse-mailbox: abuse@gigalinknetwork.com
nic-hdl: hei668-RIPE
mnt-by: WEBALTA-MNT
changed: support@gigalinknetwork.com 20100307
source: RIPE

% Information related to '92.241.160.0/19AS41947'

route: 92.241.160.0/19
descr: Wahome IP's =)
origin: AS41947
mnt-by: RU-WEBALTA-MNT
mnt-routes: GIGABASE-MNT
mnt-routes: RU-WEBALTA-MNT
changed: lexa@wahome.ru 20071218
source: RIPE

1. Apple-versandhandel.com
2. Barschi24.com
3. Billig-aber-gut.com
4. Deine-online-apotheke.com
5. Der-etwas-andere-sicherheitdienst.com
6. Edelmetall-experte.com
7. Elektro-direkthandel.com
8. Elektro-discounter.com
9. Elektro-grosshandel24.com
10. Elektro-outlet.com
11. Elektronik-direkthandel.com
12. Elektronik-discountler.com
13. Elektronik-master24.com
14. Elektronik-verkauf.com
15. Elektronikonlineshop.com
16. Es-geht-noch-billiger.com
17. Gargouri-goldversand.com
18. Geiz-bleibt-geil24.com
19. Geld-jobs.com
20. Gemeinsam-sparen.com
21. Gold-erwerb.com
22. Gold-jetzt-kaufen.com
23. Gold-kauf24.com
24. Gold-onlinekauf.com
25. Gold-profi.com
26. Gold-sofort-kaufen.com
27. Gold-versandshop.com
28. Goldmuenzen-verkauf.com
29. Hardware-versandhandel.com
30. Haushalt-shop.com
31. Job-helfer.com
32. Job-mails.com
33. Job-und-nebenjob.com
34. Jobs-online-finden.com
35. Jobs-online24.com
36. Lager-verkauf24.com
37. Lego-versand24.com
38. Luxus-sparen24.com
39. Media-shop-online.com
40. Motorradbekleidung2010.com
41. Mountainbike-fahrrad.com
42. Mu-bu.com
43. Nebenjob-jetzt-finden.com
44. Nebenjob-suche.com
45. Nebenjob-sucher.com
46. Nebenjobs-online-finden.com
47. Nebenverdienst-hier.com
48. Online-juwelier24.com
49. Online-markt24.com
50. Outlet-handel.com
51. Schmuck-versandhandel.com
52. Shop-infos.com
53. Testsieger-shop24.com
54. Hu-bu.com 0 listings
55. Jobs-direkt24.com
56. Juwelier-mit-herz.com
57. Juwelier-welt.com
58. Mein-elektronik.com
59. Nebenjob-portal24.com
60. Acer-notebooks-kaufen.com
61. Asus-notebooks.com
62. Bauknecht-gefriergeraete-hier.com
63. Bauknecht-gefriergerate.com
64. Bauknecht-waschmaschinen-infos.com
65. Bauknecht-waschmaschinen.com
66. Bep-bep.com
67. Canon-kamera-kaufen.com
68. Canon-spiegelreflexkamera.com
69. Delonghi-kaffeevollautomat.com
70. Ewe-ewe.com
71. Gefriergeraete-kuehl.com
72. Gefriergeraete-kuehlschranke.com
73. Kaffeevollautomaten-hier-kaufen.com
74. Kaffeevollautomaten-hier.com
75. Lcd-hier-kaufen.com
76. Lcd-jetzt-kaufen.com
77. Liebherr-kuehlschraenke-hier.com
78. Liebherr-kuehlschrank.com
79. Plasma-jetzt-kaufen.com
80. Spiegelreflex-hier-kaufen.com
81. Spiegelreflexkamera-hier.com
82. Vorwerk-thermomix-infos.com
83. Waschmaschinen-hier-bestellen.com
84. Waschmaschinen-hier.com

4 comments:

autosec4u said...

The scammer contacted us, demanding we not publishing any new Shops or bank accounts he is using. Also he told us to remove a certain member from our team. Otherwise he will "ddos endlessly".
We basicly told him to eff off. Soon after we received a email with sites he is and will attack, mainly those who are found first on google. Amongst them aa419.org. The scammer is a kiddie from the german carders scene, attacks are via russia, c&c probably hosted at heihachi.net, webalta, wahome, 2x4.ru.

no_muie said...

Feel free to send the sites to me and I will post them here.

Rodger Flemming said...

you got the sites....ruzzia is not getting enuff of what it deserves...lets hope the servers in moscov burn soon....

Chris said...

Same ordeal I am going through. Second DDoS attack in two months with scammers angered over their sales being outed.

Post a Comment