Sunday, 11 March 2012

GEMA / FakePoliceAlert and money laundering

Since some days i was back on winlock tracking due to several requests.
Let's show some results.


Pwing blackhole kits (sorry no pictures, no kitten) and shit who distribute it
Finally i got multiples interesting IP who host PoliceAlert templates, like this one:
http://62.76.190.87/US/
http://62.76.190.87/CA/
http://62.76.190.87/IT/
http://62.76.190.87/DE/
http://62.76.190.87/FR/
http://62.76.190.87/UK/
http://62.76.190.87/ES/
http://62.76.190.87/SE/
http://62.76.190.87/AT/
http://62.76.190.87/FI/
http://62.76.190.87/GR/
http://62.76.190.87/BE/
http://62.76.190.87/PT/
http://62.76.190.87/LU/


Multiple GEMA on another IP:

PHP inside HTML file... *facepalm*

Some templates:

'Admin panel':

Debited PSC found (1985€):

PSC not yet debited: (700€)

Look's like they use bets sites for money laundering.
I've sent an email to Paysafecard concerning all these PIN codes, and to some French guys who do investigation in computer fraud.
Have fun, stay safe.

2 comments:

  1. fma star of milos, just saw it 1 hour ago lol, anyway great article

    ReplyDelete
  2. Ironically, I turn on my computer after browsing this site last night, and what do I see? This. Wish you would have included the install paths, because now I have to go and spend my time searching for it, but I find it extremely ironic.

    I'll be looking for the C&C, hopefully I can reverse this, and terrorize the owner.

    ReplyDelete