rl.ammyy.com

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within

HoneyPot VM After reading /r/scambait I can see a pattern in their script as well as the tools and tricks they use. As such I'm planning on setting up a Honeypot for them to scambait. Please let me know if I'm missing anything or give me some suggestions Setup: Hyper-V running a Windows 7 VM. Both host and VM have VPN's installed (Although I really should do this at the router level) host is a laptop connected to the Guest WiFi of my router. Alternate is to put laptop on DMZ in case of some really clever malware leaking out of the hypervisor and infecting the host and thus the rest of my internal network Honey Pot VM: ------------------------------ 1) HOSTS FILES: A) redirect Paypal website to Sandbox Paypal website with fake account and fake sums B) 127.0.0.1 for rl.Ammyy.com (favorite remote connection tool from what I read of scammers) 2) Rename/Delete CMD.exe and Syskey.exe and replace with custom fake versions that still look like the real thing but doesn't do anything. Any command entered into CMD.exe will return output of "No virus found, your safe and clean! HOoorayyy". and Syskey will probably say, "Nice try scammer" 3) Load and setup the AMMYY 3.5 metasploit so I can remote control their PC's (if they use AMMYY) 4) Clear EventViewer of all logs. Scammers love pointing to Critical alerts in here to show you have a virus! They'll be so confused when it's empty 5) On desktop as well as Document folders. All kinds of the latest campaigns of malware/ransomware/cryptolocker grabbed from the usual repositories online and renamed as things like "My Passwords" "My Bank account info" "Naked Photos of Girlfriends" etc. Better yet, I imagine there probably is already Word/Excel Docs with malicious macros all ready to go if I find them. Anything to entice them to steal. 6) Use Fake Address Generator site to generate fake CC numbers that will never go through. 7) Figure out how to edit Hyper-V so the "Virtualization" labels do not show up within