The Latest in IT Security

China’s Black Market: an Analysis

15
Aug
2011

The Black Market is not new at all, and we know it exists because illegal products or services are readily available, such as drugs, sex, stolen goods, etc.

These days I have been impressed by the increase in the number of emails targeting Italian users with offers of electronic goods sold at very interesting prices.

Everyday my personal inbox is stuffed with emails coming from people pretending to offer me electronics at below market value prices and suggesting I visit their new commercial web site (Figure 1-2).


[Figure 1 – Email Spam for aocodo.com]


[Figure 2 – Email Spam for cart-foooo.com]

Also interesting to notice is that the email is sent with a request of receipt (Figure 3).


[Figure 3 – Request of Receipt]

It is clear the intent of the malicious author is to record the active emails  and store them in a database to eventually send promotional offers and gather new addresses to sell and/or exchange to other black-marketeers.

Going into details, I discovered that all the emails received – which seem to come from different senders -come instead from the same precise Chinese location where the author is supposed to use the Internet connection (Figure 4).


[Figure 4 – Geolocation of the network used by the malicious author]

Let’s take a look now at the web site offering interesting products (Figure 5):


[Figure 5 – aocodo.com]

The web site is very well organized, with a chat-live person available to respond to questions related to the electronic materials being sold.

Taking a look at the electronic equipment offered we noticed that all the stuff is undersold, and this raises our suspicions on possible illegal operations.

After a second analysis we realized that the owner of the web site is a certain Mr. Chu WenBo, who registered his web site for only one-year, which is just enough to get our attention. (Figure 6):


[Figure 6 – Web site Registration Details]

Data included in the registration result proved false after another analysis by the Total Defense Research Intelligence Team.
We found that the phone number indicated in the registration data belongs to the Chinese Government. (Figure 7):


[Figure 7 – Chinese Government Location Map]

Conclusions and Suggestions

It is obvious that in an economy like this, people are attracted by false e-commerce web sites offering very competitive prices for the latest electronic devices like cameras, computers, mobile devices and other modern technology products.
It is highly recommended to be very careful and seriously consider the tricks behind these offers.
Through this analysis, the Total Defense Research Intelligence Team has revealed what really exists behind these kinds of operations, which we consider illegal and part of a bigger black market.
The consequences of a purchase on these  kinds of web sites are:

  • Stolen goods: This could be part of a bigger design  “money laundering” operation, so you could be involved in a criminal game
  • Credit card fraud: The purchase process is not trusted so your credit card information is not secure
  • Waste of money: You purchase a product and may never receive it

China seems to be the perfect location where malicious authors are able to deliver illegal operations without being disturbed by authorities.

The Total Defense Research Team suggests the following:

  • Never trust emails whose sender is not known or  is suspicious
  • Be very skeptical on web sites offering products at very low prices
  • Update your anti-spam module to block such emails
  • Update your web site filtering module to block such malicious web sites
  • If you think to have been a victim of fraud, immediately inform your local authorities

Leave a reply


Categories

WEDNESDAY, OCTOBER 21, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments