[nsp-sec] AS 10316 upstream AS3356 -> level3 SMS spam points to 8182375717
Smith, Donald
Donald.Smith at qwest.com
Thu Mar 13 12:07:06 EDT 2008
We are seeing 216.55.159.120 as the source of a SMS spam for a vishing
attempt against cascades bank.
Here is the basic vishing scheme.
http://800notes.com/Phone.aspx/1-818-237-5717
King Publishing is the swiped owner while the block belongs to Abacus.
Level3 is the upstream. Whois for that ip doesn't include any contacts:(
$ whois 216.55.159.120
Abacus America Inc. ABAC1999A (NET-216-55-128-0-1)
216.55.128.0 - 216.55.191.255
King Publishing Group ABAC-KING-PUBLISHING-GROUP (NET-216-55-159-113-1)
216.55.159.113 - 216.55.159.120
# ARIN WHOIS database, last updated 2008-03-12 21:43
# Enter ? for additional hints on searching ARIN's WHOIS database.
Tracing route to 216-55-159-120.dedicated.abac.net [216.55.159.120]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 10.1.210.2
<SNIP>
16 46 ms 45 ms 45 ms ae-4-4.car2.SanDiego1.Level3.net
[4.69.133.213]
17 47 ms 46 ms 45 ms ABACUS-AMER.car2.SanDiego1.Level3.net
[4.79.34.6]
18 47 ms 46 ms 46 ms gi5-15.cr1.sandiego.abac.net
[66.226.66.17]
19 46 ms 46 ms 45 ms gi1-2.dr1.sandiego.abac.net
[66.226.66.14]
20 45 ms 46 ms 45 ms 216-55-159-120.dedicated.abac.net
[216.55.159.120]
We really need to get the phone number involved taken down but I don't
know how to get that done?
The current phone number is 8182375717 which appears to be a level3
phone in burbank but with number portablility who knows who has this
number. It has been used in vishing since nov of 2007.
H8Hz
Donald.Smith at qwest.com giac
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list