[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Chargebacks and credit card frauds

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Chargebacks and credit card frauds
From: BMF <badmotherfsckr@xxxxxxxxx>
Date: Mon, 21 Sep 2009 21:58:43 -0700

On Mon, Sep 21, 2009 at 9:26 PM, Steven Anders <anderstev@xxxxxxxxx> wrote:

> 1. how do they place the orders using all the legit IPs - since all the IPs
> are from Sbcglobal  , Cox communications,  and all the other major ISPs near
> the billing addresses.  Could it be that they actually took control of the
> PCs and then steal the credit card, and then place the order remotely from
> the controlled PC?

Yes. They proxy the orders through compromised windows boxes using the
credentials they stole right off that same box when someone ordered
something online. It's not like there is any shortage of compromised windows
boxes through which they could do this.

2. Any insights on how these fraudsters obtain the stolen credit card
> numbers?
>

Straight off the keyboards of the compromised boxes they proxy through.

I am now tasked with improving our backend checks to make sure we don't have
> any more fraudulent order, and would appreciate any pointer or insights into
> this matter. Any theories, insights, or information would be very useful.
>

You are fucked. Thank Microsoft.

BMF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Chargebacks and credit card frauds
  - From: Steven Anders

Prev by Date: [Full-disclosure] Chargebacks and credit card frauds
Next by Date: Re: [Full-disclosure] Chargebacks and credit card frauds
Previous by thread: [Full-disclosure] Chargebacks and credit card frauds
Next by thread: Re: [Full-disclosure] Chargebacks and credit card frauds
Index(es):
- Date
- Thread