[Full-disclosure] Chargebacks and credit card frauds
BMF
badmotherfsckr at gmail.com
Tue Sep 22 05:58:43 BST 2009
On Mon, Sep 21, 2009 at 9:26 PM, Steven Anders <anderstev at gmail.com> wrote:
> 1. how do they place the orders using all the legit IPs - since all the IPs
> are from Sbcglobal , Cox communications, and all the other major ISPs near
> the billing addresses. Could it be that they actually took control of the
> PCs and then steal the credit card, and then place the order remotely from
> the controlled PC?
Yes. They proxy the orders through compromised windows boxes using the
credentials they stole right off that same box when someone ordered
something online. It's not like there is any shortage of compromised windows
boxes through which they could do this.
2. Any insights on how these fraudsters obtain the stolen credit card
> numbers?
>
Straight off the keyboards of the compromised boxes they proxy through.
I am now tasked with improving our backend checks to make sure we don't have
> any more fraudulent order, and would appreciate any pointer or insights into
> this matter. Any theories, insights, or information would be very useful.
>
You are fucked. Thank Microsoft.
BMF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090921/17fc9b82/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.