Summary
This month is my first sighting of this new name. The scam itself is the same in all important respects as the Norway Consulting Group scam, and I see no reason to think that this is anything but the same phishing/jobscam gang operating under a new name. The name change may be motivated by the fact that "Norway Consulting Group" was becoming too easily uncovered as a scam, and the fact that all of their ".cn" domain names for Norway Consulting were recently suspended. The job is a money mule position.
The Spam
As usual, the message is presented in a GIF image, accompanied by "filter buster" text coloured to be invisible against the background.
Representative Images
Early instance.
Instance received on 2006-10-09, which (unlike its predecessors) was not hyperlinked to the website.
Names used as signature in image
Subjects encountered
Subjects are often suffixed with a timestamp.
- A real chance to raise much money
- Good offer for those who are looking for a part time job
- good part time job.
- High salary part time job.
- interesting part time job.
- israeli brokerage calls your attention to the wonderful post!
- offer for those who are looking for a part time job!!
- part time job (2-3 hours a day)!!
- part time job for you!!
- Part time job with immediate payments.
- Part time job with immediate salary payments!!
- the best offer for those who are looking for a part time job!
- very interesting part time job.
- We Offer Part Time Job!
- Work With Us! Earn More.
- Work with us - part time job
- Work With Us!
There may be others, but these are getting too tedious to document. I'm sure you get the idea.
Sender names encountered
Capitalisation may vary.
- ISRAELI BROKERAGE services
- ISRAELI BROKERAGE SERVICES Ltd
Links encountered
- http://ibltd.biz
- http://ibltd.hk
- http://ibltd.org
- http://ibsl.hk
- http://ibsl.org
- http://isbro.net
- http://israelibrokeragelimiredservices.com/index.php?sect_id=6&lang=en
- http://israelibrokerageservices.cn/index.php?sect_id=6
- http://israelibrokerageserviceslimired.biz/index.php?sect_id=6&lang=en
- http://israelibrokerageserviceslimired.com/index.php?sect_id=6&lang=en
- http://israelibrokerageserviceslimired.net/index.php?sect_id=6&lang=en
- http://israelibrokerageserviceslimired.org/index.php?sect_id=6&lang=en
- http://israelibrokservices.hk/index.php?sect_id=6
- http://israelibrokservicesltd.hk/index.php?sect_id=6
- http://israelilimiredbrokerageservices.com/index.php?sect_id=6&lang=en
- http://israelilimiredbrokerageservices.net/index.php?sect_id=6&lang=en
- http://israelilimiredbrokerageservices.org/index.php?sect_id=6&lang=en
- http://israeliltdbrokerageservices.cn/index.php?sect_id=6
- http://israeliservicesbrokerage.cn/index.php?sect_id=6
- http://israeliservicesbrokerageltd.cn/index.php?sect_id=6
- http://ltdisraelibrokerageservices.cn/index.php?sect_id=6
Website
Domain information (for experts)
Due to the very large number and constantly changing nature of domains associated with this spam, not all domains are listed here. The sample presented should be taken as indicative of the modus operandi of the spammers; little more.
ibsl.org
WHOIS query at Mon Oct 9 15:48:38 UTC 2006
Connecting to whois.publicinterestregistry.net.
Domain ID:D130222226-LROR
Domain Name:IBSL.ORG
Created On:07-Oct-2006 10:46:34 UTC
Last Updated On:07-Oct-2006 10:49:37 UTC
Expiration Date:07-Oct-2007 10:46:34 UTC
Sponsoring Registrar:Register.com Inc. (R71-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:0695129619b87810
Registrant Name:George Gwaltney
Registrant Street1:522 Shin Oak
Registrant Street2:
Registrant Street3:
Registrant City:San Antonio
Registrant State/Province:TX
Registrant Postal Code:78233
Registrant Country:US
Registrant Phone:+1.2106566654
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:georgegwaltneyuu@yahoo.com
Admin ID:7267727618458145
Admin Name:George Gwaltney
Admin Street1:522 Shin Oak
Admin Street2:
Admin Street3:
Admin City:San Antonio
Admin State/Province:TX
Admin Postal Code:78233
Admin Country:US
Admin Phone:+1.2106566654
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:georgegwaltneyuu@yahoo.com
Tech ID:4390988619c35255
Tech Name:Domain Registrar
Tech Organization:Registercom
Tech Street1:575 8th Avenue
Tech Street2:
Tech Street3:
Tech City:New York
Tech State/Province:NY
Tech Postal Code:10018
Tech Country:US
Tech Phone:+1.9027492701
Tech Phone Ext.:
Tech FAX:+1.9027492701
Tech FAX Ext.:
Tech Email:domainregistrar@register.com
Name Server:NS1.TEAMS-CS.COM
Name Server:NS2.TEAMS-CS.COM
DNS query
Trying "ibsl.org"
host: Couldn't find server 'NS1.TEAMS-CS.COM': Name or service not known
Trying "ibsl.org"
host: Couldn't find server 'NS2.TEAMS-CS.COM': Name or service not known
WHOIS query for nameserver domain "teams-cs.com" at Mon Oct 9 15:54:56 UTC 2006
Connecting to whois.crsnic.net.
Domain Name: TEAMS-CS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS2.TEAMS-CS.COM
Name Server: NS1.TEAMS-CS.COM
Status: REGISTRAR-HOLD
Status: REGISTRAR-LOCK
EPP Status: clientHold
EPP Status: clientDeleteProhibited
EPP Status: clientTransferProhibited
EPP Status: clientUpdateProhibited
Updated Date: 25-Sep-2006
Creation Date: 30-Jul-2006
Expiration Date: 30-Jul-2008
israelibrokeragelimiredservices.com
WHOIS query at Tue Oct 10 12:50:05 UTC 2006
Connecting to whois.crsnic.net.
Domain Name: ISRAELIBROKERAGELIMIREDSERVICES.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: NS2.MB2GB.COM
Name Server: NS1.MB2GB.COM
Status: REGISTRAR-LOCK
EPP Status: clientTransferProhibited
Updated Date: 08-Oct-2006
Creation Date: 08-Oct-2006
Expiration Date: 08-Oct-2007
DNS query
Trying "israelibrokeragelimiredservices.com"
Using domain server:
Name: NS1.MB2GB.COM
Address: 72.29.93.95#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41727
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;israelibrokeragelimiredservices.com. IN A
;; ANSWER SECTION:
israelibrokeragelimiredservices.com. 1800 IN A 84.254.20.235
israelibrokeragelimiredservices.com. 1800 IN A 85.176.81.251
israelibrokeragelimiredservices.com. 1800 IN A 88.72.214.124
israelibrokeragelimiredservices.com. 1800 IN A 62.227.236.32
israelibrokeragelimiredservices.com. 1800 IN A 82.83.123.156
;; AUTHORITY SECTION:
israelibrokeragelimiredservices.com. 1800 IN NS ns2.mb2gb.com.
israelibrokeragelimiredservices.com. 1800 IN NS ns1.mb2gb.com.
Received 175 bytes from 72.29.93.95#53 in 91 ms
israelibrokerageservices.cn
WHOIS query at Sat Oct 7 08:05:57 UTC 2006
Using server whois.cnnic.net.cn.
Query string: "israelibrokerageservices.cn"
Domain Name: israelibrokerageservices.cn
ROID: 20060908s10001s79119686-cn
Domain Status: clientHold
Domain Status: clientDeleteProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientTransferProhibited
Domain Status: clientRenewProhibited
Registrant Organization: LOWRIE
Registrant Name: NATHAN
Administrative Email: nathanlowrie@mail.com
Sponsoring Registrar: CSL Computer Service (d.b.a. Joker.com)
Name Server:ns1.fopen-ph.com
Name Server:ns2.fopen-ph.com
Registration Date: 2006-09-08 20:22
Expiration Date: 2007-09-08 20:22
DNS query
dig: Couldn't find server 'ns1.fopen-ph.com': Name or service not known
DNS query for nameserver
; <<>> DiG 9.2.4 <<>> NS fopen-ph.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6676
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;fopen-ph.com. IN NS
;; Query time: 142 msec
;; SERVER: 207.99.0.2#53(207.99.0.2)
;; WHEN: Sat Oct 7 08:11:59 2006
;; MSG SIZE rcvd: 30
Summary: this domain refers to nameservers which do not exist, and therefore will not work at this time.
israelibrokerageserviceslimired.biz
WHOIS query at Tue Oct 10 13:02:34 UTC 2006
Using server whois.nic.biz.
Query string: "israelibrokerageserviceslimired.biz"
Domain Name: ISRAELIBROKERAGESERVICESLIMIRED.BIZ
Domain ID: D14799278-BIZ
Sponsoring Registrar: REGISTER.COM
Sponsoring Registrar IANA ID: 9
Domain Status: clientTransferProhibited
Registrant ID: 0163074592D33616
Registrant Name: David DeBoer
Registrant Address1: 3489 West Minster Way
Registrant City: Napa
Registrant State/Province: CA
Registrant Postal Code: 94558
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.7072544910
Registrant Email: daviddeboerrr@yahoo.com
Administrative Contact ID: 4984917592AB5044
Administrative Contact Name: David DeBoer
Administrative Contact Address1: 3489 West Minster Way
Administrative Contact City: Napa
Administrative Contact State/Province: CA
Administrative Contact Postal Code: 94558
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.7072544910
Administrative Contact Email: daviddeboerrr@yahoo.com
Billing Contact ID: 6760068592C33115
Billing Contact Name: Domain Registrar
Billing Contact Organization: Registercom
Billing Contact Address1: 575 8th Avenue
Billing Contact City: New York
Billing Contact State/Province: NY
Billing Contact Postal Code: 10018
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.9027492701
Billing Contact Facsimile Number: +1.9027492701
Billing Contact Email: domainregistrar@register.com
Technical Contact ID: 9869455592E3D119
Technical Contact Name: Domain Registrar
Technical Contact Organization: Registercom
Technical Contact Address1: 575 8th Avenue
Technical Contact City: New York
Technical Contact State/Province: NY
Technical Contact Postal Code: 10018
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.9027492701
Technical Contact Facsimile Number: +1.9027492701
Technical Contact Email: domainregistrar@register.com
Name Server: NS1.MB2GB.COM
Name Server: NS2.MB2GB.COM
Created by Registrar: REGISTER.COM
Last Updated by Registrar: REGISTER.COM
Domain Registration Date: Sun Oct 08 14:35:04 GMT 2006
Domain Expiration Date: Sun Oct 07 23:59:59 GMT 2007
Domain Last Updated Date: Sun Oct 08 14:37:34 GMT 2006
DNS query
Trying "israelibrokerageserviceslimired.biz"
Using domain server:
Name: NS1.MB2GB.COM
Address: 72.29.93.95#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11242
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;israelibrokerageserviceslimired.biz. IN A
;; ANSWER SECTION:
israelibrokerageserviceslimired.biz. 1800 IN A 84.176.206.81
israelibrokerageserviceslimired.biz. 1800 IN A 84.254.20.235
israelibrokerageserviceslimired.biz. 1800 IN A 62.227.236.32
israelibrokerageserviceslimired.biz. 1800 IN A 68.53.173.12
israelibrokerageserviceslimired.biz. 1800 IN A 82.49.126.12
;; AUTHORITY SECTION:
israelibrokerageserviceslimired.biz. 1800 IN NS ns2.mb2gb.com.
israelibrokerageserviceslimired.biz. 1800 IN NS ns1.mb2gb.com.
Received 178 bytes from 72.29.93.95#53 in 36 ms
israeliltdbrokerageservices.cn
WHOIS query at Wed Oct 4 17:54:22 UTC 2006
Using server whois.cnnic.net.cn.
Query string: "israeliltdbrokerageservices.cn"
Domain Name: israeliltdbrokerageservices.cn
ROID: 20060908s10001s79119933-cn
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientRenewProhibited
Domain Status: clientUpdateProhibited
Registrant Name: Bridgette T. Rodgers
Administrative Email: bridgettetrodgers@yahoo.co.uk
Sponsoring Registrar: CSL Computer Service (d.b.a. Joker.com)
Name Server:ns1.gwjirr.com
Name Server:ns2.gwjirr.com
Registration Date: 2006-09-08 20:56
Expiration Date: 2007-09-08 20:56
DNS Query
; <<>> DiG 9.2.4 <<>> A israeliltdbrokerageservices.cn @ns1.gwjirr.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49643
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;israeliltdbrokerageservices.cn. IN A
;; ANSWER SECTION:
israeliltdbrokerageservices.cn. 1800 IN A 85.181.6.194
israeliltdbrokerageservices.cn. 1800 IN A 172.186.187.219
israeliltdbrokerageservices.cn. 1800 IN A 69.37.180.207
israeliltdbrokerageservices.cn. 1800 IN A 82.240.104.190
israeliltdbrokerageservices.cn. 1800 IN A 85.176.17.33
;; AUTHORITY SECTION:
israeliltdbrokerageservices.cn. 1800 IN NS ns2.gwjirr.com.
israeliltdbrokerageservices.cn. 1800 IN NS ns1.gwjirr.com.
;; ADDITIONAL SECTION:
ns1.gwjirr.com. 1800 IN A 195.170.173.8
ns2.gwjirr.com. 1800 IN A 66.78.51.10
;; Query time: 110 msec
;; SERVER: 195.170.173.8#53(ns1.gwjirr.com)
;; WHEN: Wed Oct 4 18:02:13 2006
;; MSG SIZE rcvd: 206
israeliservicesbrokerage.cn
WHOIS query at Thu Oct 5 09:31:29 UTC 2006
Using server whois.cnnic.net.cn.
Query string: "israeliservicesbrokerage.cn"
Domain Name: israeliservicesbrokerage.cn
ROID: 20060908s10001s79120051-cn
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientTransferProhibited
Registrant Name: Debra Salerno
Administrative Email: debrasalerno@usa.com
Sponsoring Registrar: CSL Computer Service (d.b.a. Joker.com)
Name Server:ns1.gwjirr.com
Name Server:ns2.gwjirr.com
Registration Date: 2006-09-08 21:13
Expiration Date: 2007-09-08 21:13
DNS query
; <<>> DiG 9.2.4 <<>> A israeliservicesbrokerage.cn @ns1.gwjirr.com
;; global options: printcmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.2.4 <<>> A israeliservicesbrokerage.cn @ns2.gwjirr.com
;; global options: printcmd
;; connection timed out; no servers could be reached
israeliservicesbrokerageltd.cn
WHOIS query at Wed Oct 4 18:53:56 UTC 2006
Using server whois.cnnic.net.cn.
Query string: "israeliservicesbrokerageltd.cn"
Domain Name: israeliservicesbrokerageltd.cn
ROID: 20060908s10001s79120148-cn
Domain Status: clientDeleteProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientTransferProhibited
Domain Status: clientRenewProhibited
Registrant Name: Joseph Fix
Administrative Email: josephfixxx@yahoo.com
Sponsoring Registrar: CSL Computer Service (d.b.a. Joker.com)
Name Server:ns1.gwjirr.com
Name Server:ns2.gwjirr.com
Registration Date: 2006-09-08 21:26
Expiration Date: 2007-09-08 21:26
DNS query
; <<>> DiG 9.2.4 <<>> A israeliservicesbrokerageltd.cn @ns1.gwjirr.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11621
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;israeliservicesbrokerageltd.cn. IN A
;; ANSWER SECTION:
israeliservicesbrokerageltd.cn. 1800 IN A 84.171.84.224
israeliservicesbrokerageltd.cn. 1800 IN A 85.181.6.194
israeliservicesbrokerageltd.cn. 1800 IN A 172.174.230.56
israeliservicesbrokerageltd.cn. 1800 IN A 69.37.180.207
israeliservicesbrokerageltd.cn. 1800 IN A 82.240.104.190
;; AUTHORITY SECTION:
israeliservicesbrokerageltd.cn. 1800 IN NS ns1.gwjirr.com.
israeliservicesbrokerageltd.cn. 1800 IN NS ns2.gwjirr.com.
;; ADDITIONAL SECTION:
ns1.gwjirr.com. 1800 IN A 195.170.173.8
ns2.gwjirr.com. 1800 IN A 66.78.51.10
;; Query time: 110 msec
;; SERVER: 195.170.173.8#53(ns1.gwjirr.com)
;; WHEN: Wed Oct 4 18:55:28 2006
;; MSG SIZE rcvd: 206
ltdisraelibrokerageservices.cn
WHOIS query at Thu Oct 5 23:21:54 UTC 2006
Using server whois.cnnic.net.cn.
Query string: "ltdisraelibrokerageservices.cn"
Domain Name: ltdisraelibrokerageservices.cn
ROID: 20060908s10001s79119801-cn
Domain Status: clientUpdateProhibited
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientRenewProhibited
Registrant Name: DAVID STONE
Administrative Email: davidstoneee@yahoo.com
Sponsoring Registrar: CSL Computer Service (d.b.a. Joker.com)
Name Server:ns1.fopen-ph.com
Name Server:ns2.fopen-ph.com
Registration Date: 2006-09-08 20:37
Expiration Date: 2007-09-08 20:37
DNS Query
; <<>> DiG 9.2.4 <<>> A ltdisraelibrokerageservices.cn @ns1.fopen-ph.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3186
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;ltdisraelibrokerageservices.cn. IN A
;; ANSWER SECTION:
ltdisraelibrokerageservices.cn. 1800 IN A 68.249.103.227
ltdisraelibrokerageservices.cn. 1800 IN A 83.93.28.2
ltdisraelibrokerageservices.cn. 1800 IN A 84.56.61.26
ltdisraelibrokerageservices.cn. 1800 IN A 84.162.251.108
ltdisraelibrokerageservices.cn. 1800 IN A 172.164.182.69
;; AUTHORITY SECTION:
ltdisraelibrokerageservices.cn. 1800 IN NS ns1.fopen-ph.com.
ltdisraelibrokerageservices.cn. 1800 IN NS ns2.fopen-ph.com.
;; Query time: 36 msec
;; SERVER: 72.29.93.95#53(ns1.fopen-ph.com)
;; WHEN: Thu Oct 5 23:24:32 2006
;; MSG SIZE rcvd: 176