Mortgage Servicing Fraud
occurs post loan origination when mortgage servicers use false statements and book-keeping entries, fabricated assignments, forged signatures and utter counterfeit intangible Notes to take a homeowner's property and equity.
Articles |The FORUM |Law Library |Videos | Fraudsters & Co. |File Complaints |How they STEAL |Search MSFraud |Contact Us
Somebody is trying to play around with viruses...

When I opened William Roper's post is scribd, my antivirus catched a few...

And also I received some nasty virus disguised as "UPS NOTIFICATION"
Watch out guys.        Somebody does not love us.

Quote 0 0
William A. Roper, Jr.
It is unquestionably a very good idea to keep your anti-virus and malcious code protection software current.

I have also been receiving an inordinate number of messages with a malicious code payload recently.  Most of these purport to be from the USPS, UPS, DHL or some other package delivery service and falsely represent that details about a delivery may be found within the file attachment.

But the file attachment is actually an executable file -- a so-called trojan -- which contains malicious code.  I downloaded and used Symantec's Endpoint Protection software to examine the malicious code payload of one of these messages.

It was identified by Symantec as the trojan "Trojan.FakeAV".  See:

It is noteworthy that the characteristic of this malicious code is to falsely represent that the end user's computer is infected by a virus to induce the user to purchase fake anti-virus protection or to give up a ceredit card number in seeking to make such a purchase.  So the indication that the Scribd file is infected may actually be a FALSE indication.

I want to assure you and others that I DO have very robust protection on my own computer.  I also have some confidence that Scribd has some scanning process in place to check for malicious code, but I do NOT know this to be true.

I would be VERY WARY about responding to messages which represent that you should purchase some unknown anti-virus product or even that you need to RENEW or upgrade your protection of a known product, as these could be FALSE messages from this kind of malicious code.

Make sure that you have a good solid anti-virus protection from a REPUTABLE purveyor:  Symantec, McAfee, Microsoft.
Also download and run the FREE MS monthly malicious code protection updates.

IF you have a virus, trojan or other malicious code, it is NOT likely that you got it from me, NOR is it likely that you got such a virus from ANY file I uploaded to Scribd.  But you certainly MIGHT have gotten infected if you opened the file attachments to one of the messages you describe.  I have gotten similar messages at least several times a day for the past week or so.

It MAY BE that another MS Fraud Forum user is infected and the malicious code COULD BE harvesting our e-mail addresses from that user's address book.  This is a common vector for malicious code viral worms.
Quote 0 0
Totally agree. 
Quote 0 0

Millions of sites hit with mass-injection cyberattack

PC World - Hundreds of thousands -- and possibly millions -- of websites have been hit with a cyberattack that some are calling "one of the biggest mass-injection attacks we've ever seen."

The attack was discovered on March 29 by security firm WebSense, and the injected domain was called -- thus, the name of the mass-injection is "LizaMoon." According to WebSense, LizaMoon uses SQL Injection to add malicious script to compromised sites. While the first injected domain was, additional URLs have since been injected in the attack (WebSense has a full list here).

The method of using an injected script redirects users to a rogue AV site, which tries to get people to install a fake anti-virus program called Windows Stability Center.

When WebSecurity discovered the attack on March 29, 28,000 URLs had been compromised. The number quickly grew to 226,000, including many iTunes URLs (though the malicious code is neutralized by Apple).

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," WebSense security blogger Patrik Runald wrote on Tuesday, "So good job, Apple."

The number of infected sites now appears to be over 1.5 million (at the time of this blog post, a quick Google Search shows 1.53 million infected URLs) -- but WebSense is quick to point out that a Google Search is an inaccurate metric. Google search spits back unique URLs, not unique hosts. Thus, there are likely less than 1.5 million infected sites, but WebSense says it's safe to say that the number is in the hundreds of thousands.

The attack continues to rampage across the Internet, and currently doesn't show any signs of slowing down. So don't install any web-based anti-virus software that claims your computer is full of bugs.

Quote 0 0
William A. Roper, Jr.
As mentioned in my prior post, the Microsoft Windows Malicious Software Removal Tool is updated monthly and downloadable FREE from Microsoft's download site:

Although this software should automatically download and run in an abbreviated scan as part of the regular MS Windows Update process, for those with weak or secondary antivirus protection software, it is probably a good idea to periodically download this tool and to do a periodic thorough scan of your system.

Scans are NOT an alternative for good antivirus and malicious code innoculation of the system OR for prudence and caution in opening file attachments from UNKNOWN sends.

USPS and UPS NEVER send delivery messages with executable file attachments. 
Quote 0 0
William A. Roper, Jr.
One of the trojan infected messages recently arriving in quantity purports to be from "Post Express Shipping".  It has message subject "Post Express Services. Get the parcel NR nnnnn".  The file attachment is an executable trojan which will infect your computer.

Quote 0 0
We have had this problem for years here, its not just one virus, its several, many of us have lost hard drives before, from them, companies like Litton employ companies to monitor this site, and screw with members here, we have document a number of attacks from bank operated sites, companies like FIV Serve, are believed responsible for some, while others from Texas and CA have been identified also.  Most attack you through your email systems, and shut down your fan, so your hard drive burns out, just some FYI for you, most of the older members here have gone through this before here.

Quote 0 0
Oh, for heaven's sake...EPSILON was hacked and lots of email addresses were stolen. (Google if you don't know what Epsilon is).

If your email address is in a server for Best Buy, Walgreen's, Citibank and many other banks and companies, you will receive spam phishing emails.

To be safe, delete the messages without clicking any links contained in the message body. Your bank is not going to email you asking for verification info, nor are any of these other companies. They already know your info.

This is not a raid targeted at this forum.....

Quote 0 0
William A. Roper, Jr.
arkygirl said:
This is not a raid targeted at this forum.....

I AGREE with arkygirl about the absence of targetting in general.  HOWEVER, note that it is NOT at all uncommon for malicious code such as a trojan or an e-mailed virus worm to seize the e-mail address books it finds on an infected computer.

So IF an MS Fraud Forum participant's computer IS infected AND if that participant has the e-mail addresses of other participants on their computers, then the e-mail address may be used as part of the address book exploit.

While the malicious code is probably NOT singling out Forum users' computers, it CAN spread to a network of the like minded using address book exploit.

I believe that the vast majority of incoming messages are NOT targetted.  And I do NOT want to spread paranoia and alarm by suggesting that routine users of this site are being targetted.

By contrast, I would NOT doubt for an instant that the criminal enterprises which pervade mortgage servicing and foreclosure would employ a hacker to gain access to and sabatage a user's computer.


This protects against both random and concerted attacks!
Quote 0 0
Here you go guys......
Quote 0 0
Write a reply...