Offshore Outsourcing & Scammer

Blog about offshore outsourcing and scammer in the outsourcing industry

Rombertik: Malware deletes itself during discovery - together with the hard drive content

Rombertik VirusOne tricky and complex programmed malicious software collects data from Internet users. if she gets discovered she swallows a digital cyanide pill.

Security researchers of the Talos Group, a division of the network equipment supplier Cisco Systems have discovered a Windows malware that has taken great care to cover up traces of their activities. "Rombertik", as the malware gets called from the experts, captures everything a user is doing with his computer on the Internet. If the malware believes that she got discovered, she makes the hard drive of the affected computer unusable and destroyed so herself.

Another feature of the digital pest is that it's not only searching for user name / password combinations of bank accounts. The malware is recording characterized obviously completely unfiltered everything what the respective users is doing with the infected computers on the Internet.

The distribution channel is not new: Rombertik gets distributed as an e-mail attachment from spam or phishing mails. According to the Talos Group, this emails are especially clever constructed and fooling the users easily. The infected emails mimics the sender "Windows Corporation" as shown by one example of the report

Camouflage by deleting

Noticeable is the elaborate camouflage with which the pest trying to protect themselves from detection. It works on several levels: If a user installs unconsciously the pest, Rombertik analyzes first the environment and checks if it is running in a "Sandbox" environment, an isolated area or the PC, which has no impact to the rest of the computer. Antivirus software uses such a sandbox to analyze suspicious software.

Only when this is excluded, the malware continues her installation. Before the malware starts her work, she is testing if she gets watched by a virus scanner. If so, she attempts to delete the so-called master boot record on the hard disk of the computer to make it unusable. If that does not work, Rombertik encrypts all user data on the boot hard drive of the computer for making them useless and brings the PC to fall into an endless loop of reboots.

Fogging by deflecting

Even if it does not come so far, Rombertik makes the work analysis software difficult: In order not to attract attention, the malware hides itself. Is the 28 kB small installation package gets unpacked, it is 1264 kilobytes long and leads to believe of 8000 program features. Although these are not getting used but makes the analysis extremely complex.

To ensure that the program does not get discovered or it is supposed to run in a sandbox, it uses another perfidious trick: Rombertik writes a file from one byte in a memory sector - 960 million times. Only by logging these processes would result in a log file of 100 gigabyte size explains Talos.

The report of the Talos group says nothing about the spread of Rombertik. User should follow the common recommendations:

Don’t click on links or attachments in emails from unknown senders and use an up to date security software.

 

You have not won the "Microsoft Lottery"

MicrosoftMicrosoft customers are often targets of a scam that uses email messages to falsely promise money. Victims receive messages claiming "You have won the Microsoft Lottery!" There is no Microsoft Lottery. Delete the message.

If you have lost money to this scam, report it. You can also send the police report to Microsoft and we will use it to help law enforcement catch the criminals who send out these e-mail messages.

To help protect yourself from these e-mail hoaxes, you can use the same general guidance that you use to protect yourself from phishing scams.

 

Internet without promotion: Adguard AdBlocker browser extension

AdGuardSimple install the Adguard browser extension if the promotion, pop-ups and pop unders from the different web pages is annoying you. Adguard AdBlocker is really fast and lightweight. It uses half as much memory as other popular solutions. Adguard can handle Anti-AdBlock scripts. You won't have to turn off the AdBlocker anymore to be able to visit the websites that are using such scripts. Just send a complaint to the Adguard tech support and they will handle it.

Adguard AdBlocker effectively blocks all types of advertising on all web pages, even on Facebook, Youtube, and others! Adguard makes your work on the Internet not only comfortable, but also safe - Browsing Security module blocks access to all fraudulent and malicious sites.

What Adguard AdBlocker does:

  • Blocks all ads including video ads (including Youtube video ads), rich media advertising like video ads, interstitial ads and floating ads, unwanted pop-ups, banners and text ads (including Facebook advertisements).
  • Speeds up page loading and saves bandwidth, thanks to the missing ads and pop up windows.
  • Blocks many spyware, adware and dialer installers (optional).
  • Protects your privacy by blocking common third-party tracking systems (optional).
  • Protects you from malware and phishing (optional).

 

Installation:

Firefox: You can install the latest release from addons.mozilla.org or download it from direct link https://chrome.adtidy.org/app.html?app=main.xpi,

Google Chrome: Install it from the Chrome Web Store

Internet Explorer: http://adguard.com/en/adblock-adguard-internet-explorer.html

Opera: You can install the latest release from addons.opera.com

Safari: You can install the latest release from extensions.safari.com

Yandex Browser: Starting with the version 14.2, Yandex.Browser introduced catalogue of recommended Extensions. This catalogue provides the free Adguard extension by default.

Install Adguard for Android: http://adguard.com/en/adguard-android/install.html#howToInstall

Adguard for Mac http://adguard.com/en/adguard-mac/overview.html

 

Scammer: Rajesh Bishambar Agarwal aka Rakesh Goel

Thomas Ks sent out the following email as an scam alert:

Rajesh BishambarFrom: Thomas Ks [mailto:tender.yesindia@gmail.com]
Sent: Tuesday, April 14, 2015 2:36 PM
To: Rahul Arora; ANA SOLUTIONS; AtWorks India; Shoaaib Ali Ali; Shouaib Ali; avkumar@farasiacallcentresolutions.com.au; Bits India; Lars B Christiansen; aaradhya bpo; ahmed.basiony; Bhavin J. Nathwani; Bikram Singh; abhishek.chatterjee; Anil Choudhary; bpo.center2; datastaroutsourcing; davekm7; deep.nag; Deepak Jaiswal; Dheeraj Kumar; Forge Infotech; first idea Corp; Flexus Data; Venkatesk Falcons;faheem.lakdwala@gmail.com; abbeys Group; Ajay Garg; Anand Prakash G; galabo; Galaxy Data Solutions; gayu p; Angel Huda; Glenn Hajas; Hari Krishna; Harshad Sharma; hemant soni; hendrikus de kamp; ansari imran; Sourabh Jain; Amit Kumar Jain; Dancho Krisvim; ela kiya; Myth S; ahamed.maideen; Bindu Menon; Divyansh Mishra; Dominic Luigi Malazarte; durga madhu; hrushi naik; Nagasubramanian Srinivasan; NANDHINI.S Nil; Narayana Kumar; Hetal Oza; officemate bpo; oofice; Network Business of India Group; Akshata Patil; Arijit Patra; bipin patel; BPO PROJECTS; Amitabha Ray; clyne.rego; GROUPE RAYENWORLD CORPORATION S.A.R.L; AKS Technologies; Ashwin Tembhurne; chandan tiwari; Hope Key Techno Park; Jaison Thomas; Jince Thomas; Martin Xavier; Jeet Yadav; Ramu Yesudas; Suman .Y; Vinayak Yevale; Usman Zahid; Znome Solutions
Subject: Scam Alert

 

Dear All,


I saw on numerous classified sites that Rakesh Goel from Nagpur providing BPO projects. I've contacted him and he sent me the project details. He said he wouldn't give me any details about the client until i make the payment for the consultancy charges. He was very prompt in the beginning but after i made the payment the real truth started to appear. He took 4 lacs rupees from me for providing the project. After taking the money he said the project is from Zennett INC (Fake company mind you) which is a sister company of KPMG. What a liar. Anyways he kept on delaying the client call and never provided anything satisfactory to believe that he is actually providing the work. From past 5 weeks he stopped communicating at all. No answer on phone calls no replies on emails. Just wanted to warn everybody. Please beware from this Crook.

 Inline image 1

PHOTO OF Rajesh  Bishambar Agarwal

 

Real  Name : Rajesh Bishambar Agarwal

Residential Address in ID Proof:  904, Sachet Allure, Near Lotus School, Satellite, Ahmadabad-380015

 

Stay away from the following all belongs to him: 

Ganaraj Infotech - Rakesh Goel Nagpur/Abhey Goel/ Rakesh Agarwal 


Ganaraj IT Services - Rakesh Goel Nagpur


Ganaraj Corporate - Rakesh Goel Nagpur

 

Chrome Consultants - Rakesh Goel Nagpur 

 

 

This guy from Stayed in  Ahmadabad up to 2014 so please share this mail 

 

If you ever had dealing with this guy in past and got scammed or have any details to trace him please let me know. 

Thanks &  Regards,

J.Thomas

E-Mail: tender.yesindia@gmail.com

 

Information about Rajesh Bishambar Agarwal aka Rakesh Goel from Ashwini Sanglikar (previous Facebook profile link: www.facebook.com/ashwini.sanglikar.77):

  • He has different names, nobody is sure of his real name. another victim who got scammed contacted me and other victims through research, he broke out in the office and checked everything and found our details  and we all got in contact. we all are doing our part in finding more info but to our surprise his whole family is into this crime
  • his wife who pretends to be the receptionist her name is Pallavi
  • and the Son who pretends to be office boy Sachin
  • before taking his offer i had been to his office to cross check
  • he really made me believe like its a great deal
  • he has scammed people in the name of chit funds
  • the office that we visited in Nagpur India was just taken on rent for a month to scam people
  • recently Mr. Abhijeet Jaiswal shared on LinkedIn that he found the scammer in Gujarat
  • but when i saw online the people who got scammed by him in Gujarat also have no idea where he vanished

 

Let us take a look at his domain registration data:

Domain Name: GANARAJCORPORATE.COM
Registry Domain ID: 1842920925_DOMAIN_COM-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: www.bigrock.com
Updated Date: 2015-01-09T13:53:38Z
Creation Date: 2014-01-15T08:54:44Z
Registrar Registration Expiration Date: 2016-01-15T08:54:44Z
Registrar: BigRock Solutions Ltd
Registrar IANA ID: 1495
Registrar Abuse Contact Email: abuse@bigrock.com
Registrar Abuse Contact Phone: +1-888-924-4762
Domain Status: OK (https://www.icann.org/epp#OK)
Registry Registrant ID: 
Registrant Name: Domain Admin
Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Registrant Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator 
Registrant City: Nobby Beach
Registrant State/Province: Queensland
Registrant Postal Code: QLD 4218
Registrant Country: AU
Registrant Phone: +45.36946676
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: contact@privacyprotect.org
Registry Admin ID: 
Admin Name: Domain Admin
Admin Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Admin Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator 
Admin City: Nobby Beach
Admin State/Province: Queensland
Admin Postal Code: QLD 4218
Admin Country: AU
Admin Phone: +45.36946676
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: contact@privacyprotect.org
Registry Tech ID: 
Tech Name: Domain Admin
Tech Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
Tech Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator 
Tech City: Nobby Beach
Tech State/Province: Queensland
Tech Postal Code: QLD 4218
Tech Country: AU
Tech Phone: +45.36946676
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: contact@privacyprotect.org
Name Server: ns11.domaincontrol.com
Name Server: ns12.domaincontrol.com
DNSSEC:Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: 
http://wdprs.internic.net/
>>>Last update of WHOIS database: 2015-04-15T07:15:51+0000Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: BIGROCK
PRIVACYPROTECT.ORG is providing privacy protection services to this domain name to 
protect the owner from spam and phishing attacks. PrivacyProtect.org is not 
responsible for any of the activities associated with this domain name. If you wish 
to report any abuse concerning the usage of this domain name, you may do so at 
http://privacyprotect.org/contact. We have a stringent abuse policy and any 
complaint will be actioned within a short period of time.
The data in this whois database is provided to you for information purposes 
only, that is, to assist you in obtaining information about or related to a 
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree 
that you will use this data only for lawful purposes and that, under no 
circumstances will you use this data to: 
(1) enable high volume, automated, electronic processes that stress or load 
this whois database system providing you this information; or 
(2) allow, enable, or otherwise support the transmission of mass unsolicited, 
commercial advertising or solicitations via direct mail, electronic mail, or 
by telephone. 
The compilation, repackaging, dissemination or other use of this data is 
expressly prohibited without prior written consent from us. The Registrar of 
record is BigRock Solutions Ltd. 
We reserve the right to modify these terms at any time. 
By submitting this query, you agree to abide by these terms.

The hidden owner information is typical for a scammer.

If we take a look at the website http://www.ganarajinfotech.com/index.html then we find the typical pictures, which are licensed under the creative commons license and not one own picture. This should be already an alarms signal of a scammer. Nothing is easier than to make an own picture, which is not found on hundred other websites too. Each phone has already a camera.

The results from consumercomplaints.in are showing his fraud action too:

Search results: 16 matching "rakesh goel"

 
 
Ganaraj Infotech | Nagpur | Rakesh Goel (complaint)
 xprs on Feb 20, 2015
   
Rakesh Goel From nagpur cheated me by promising a BPO Project and disappeared
classified sites that Rakesh Goel from Nagpur providing BPO projects. I've contacted him and he sent me the project details. He said he wouldn't give me any details about the client until i make the payment for the consultancy charges. He was very prompt in the beginning but after i made the payment the real truth started to appear...

Ganaraj Infotech (complaint)
 Susmita_ghosh on Feb 25, 2015
   
Rakesh Goel of Ganaraj Infotech is no 1 fraud
/> I paid 90000 to Rakesh Goel of Ganaraj Infotech. He promised to give a non voice project and which would be started before end of Jan. But eventually he vanished. His phone is directed to voicemail. I have sent 10-15 emails but he has stopped replying. We physically went to Nagpur to sign the contract...

Chrome Consultants (complaint)
 imu_22 on Feb 24, 2015
   
Fraud Company
Rajesh Agarwal and Rakesh Goel. They have cheated atleat 100 of ppl. They just ask to deposit money in there bank account and vanish. I have also paid them for USA L1 Visa 1. 70 lacs, I am posting to caution potential victims. These ppl are just temporarily based in Nagpur. There know about is not Known, In bank they have Ahmedabad address, to some they give Mumbai address, these all are Fake...

ganarajinfotech.com (complaint)
 imu_22 on Feb 11, 2015
   
Fraud Company
The person Named Rakesh Goel (I don't know whether it’s his real name) met me in his ChromeConsultants. com office (4th Floor Induyash 2, 186 Cement Road near Ram circle Nagpur 440010). Since then I don't have any know how of this person. I have come in contact with few more persons who are also an victim of this company or person...

MKplacements.com (complaint)
 imu_22 on Feb 11, 2015
   
Fraud Company
The person Named Rakesh Goel (I don't know whether it’s his real name) met me in his ChromeConsultants. com office (4th Floor Induyash 2, 186 Cement Road near Ram circle Nagpur 440010). Since then I don't have any know how of this person. I have come in contact with few more persons who are also an victim of this company or person...

Chrome Consultants , Nagpur (complaint)
 myworld2578 on Feb 10, 2015
   
Fraud / Fake Placement Company L1 / Green Card Process is Fraud
Rakesh Goel for L1 visa process in November 2014, till date he has NOT given me any Case ID or any kind of legal information. From past 2 weeks he has stopped replying back to my emails and also not picking up any calls. I just wish, no one else become victim of his fraud scheme. He told me that PCStech is hiring for its office in New Jersey and he will help me to get the visa...

Ganaraj Infotech (complaint)
 kich7a on Feb 3, 2015
   
fraud company
Rakesh Goel has caused huge loss to my company promising to give the data entry job and has taken money, they said they have tied up with US company Zenett Inc . the cheque given by them has bounced two time . They are Fraud plz donto invest with them...

Whirlpool (complaint)
 anjubhupesh2004
   
new refrigerator not working
2010 on name of Mr Rakesh Goel. Thereafter new refrigerator was sent to Panipat to my brother . When engineer from Whirlpool customer care came to install the refrigerator ,he found that heat metal plate was missing ,since the cooling coils at the rear were getting covered with ice and top section of the refrigerator was not getting cooled ...

 
Sony Ericsson (comment)
 sakshi
   
Service and repairs
/> thanks rakesh goel rakeshgoel_77@rediff. com...

Jain Realtors Private Limited (comment)
 jainrealtors on Sep 10, 2014
   
FRAUD BUILDER
Goel, Sureshchand, Rakesh Goel, Manish Jain Present: APP for the State. All accused on bail with respective counsels. Today the matter is fixed for arguments on charge. It is submitted on behalf of counsel for accused persons that matter has already been settled with all the complainants. Details of which are as follows...

ganesh , ganaraj sales (comment)
 hrtech on Jan 28, 2015
   
investment fraud , cheating
nagpur by the name of Mr Rakesh Goel (the fat guy), he has scammed nearly 50 people in the name of call centre process, so can u forward details regarding him or his associates. names numbers email or photos if any to hr. techwizz@gmail. com asap...

Ganaraj Infotech (comment)
 imu_22 on Feb 9, 2015
   
fraud company
I have also given money to Rakesh Goel for Job. Since then I have not heard any thing from him, his no. is also not working. My no. is 9820502601. Please contact me. So that we can decide what action we can take against them...

Chrome Consultants , Nagpur (comment)
 myworld2578 on Feb 13, 2015
   
Fraud / Fake Placement Company L1 / Green Card Process is Fraud
Rakesh Goel from Chrome Consultants, Nagpur. Will wait for your msg, mail or comment . thanks...

Ganaraj Infotech (comment)
 myworld2578 on Feb 21, 2015
   
fraud company
Yes NEVER EVER TRUST Rakesh Goel from Ganarajinfotech or Chrome Consultants, Nagpur. Please guys before making any payment, try to check that company or a person through all POSSIBLE SOURCES !!!...

Ganaraj Infotech (comment)
 Susmita_ghosh on Feb 25, 2015
   
fraud company
The owner Rakesh Goel said he is having a surgery, and is having cancer, how can people lie so much. Please stay away from this fraud Rakesh Goel. and Ganaraj Infotech. I have all the proofs if anyone needs any. my email id is susmitaghosh90@gmail. com. We need to take action against him...

Ganaraj Infotech (comment)
 Susmita_ghosh on Feb 25, 2015
   
fraud company
/> I paid 90000 to Rakesh Goel of Ganaraj Infotech. He promised to give a non voice project and which would be started before end of Jan. But eventually he vanished. His phone is directed to voicemail. I have sent 10-15 emails but he has stopped replying. We physically went to Nagpur to sign the contract...
 

 

More of his fraud action of Rajesh Bishambar Agarwal is found at 

 

LinkedIn Profile from Rakesh Goel (6.29 mb)

 

Over 50 fake call centres in Delhi-NCR duping job seekers

Call CenterThe article from The Indian Express shows, that the police is working there sometimes too and India is not above the law. Sometimes it can take a little bit longer only, but it is like everywhere in the world: The last are bitten by dogs.

In this case are the last ones the call center and the call center agents, which are doing this fraud job. The backers, the call center clients, will not be so easy to grasp.  

Call centers be aware and don’t support fraudster, you are the one, which are going into jail first!

Source: April 14, 2015 The Indian Express 

As Delhi and NCR has turned into a major educational hub, the region has also become the den of fraudsters duping job seekers of their hard-earned money on the pretext of getting them placed in multinational companies.

Investigations in this connection by Delhi Police and UPSTF reveal that at least 50 such call centers and job portals are running in the region. Similar frauds are being committed by some Nigerian nationals through phishing emails.

On March 25, UPSTF arrested two persons for allegedly running a fake call centre by taking data of job seekers from famous job portals, which unearthed the network of scamsters.

This case is just the tip of an iceberg and the police estimate that over 50 such fake call centers are operating in Delhi, Noida and Gurgaon.

Victims of such fraud are spread across India who are initially asked to make a payment of Rs 10,000 to Rs 25,000 for job in IT giants and MNCs.

Recently, an FIR was registered by the Delhi police against unidentified fraudsters after a complaint by Tata that several job seekers were duped on the pretext of getting them placed in it.

The youths were duped to the tune of Rs 8,000 to Rs 10,000 in the name of application and processing fee, police said.

While this case is being investigated by Economic Offence Wing of the Delhi Police, the wing formed to probe financial crimes had earlier unearthed a similar fraud in which gullible job seekers across the country were duped in the name of Maruti Suzuki India.

“Many of these gangs download resumes from job websites and then target people in faraway cities so that once duped they refrain from travelling to Delhi and registering complaints. We have also seen a case where people were duped in the name of getting them jobs in Delhi Metro Rail Corporation,” said a senior official in EOW.

Explaining the modus-operandi, UPSTF’s Additional Superintendent of Police Triveni Singh said, “Conmen first buy data of job seekers from famous job portals for Rs 25,000-Rs 40,000. Then they make a fake placement website which sounds similar to existing famous portals. They make calls to job seekers that their resume has been selected for a job in leading IT, banking and international companies and then demand money.”

Data of most of the job portals are compromised as they are not following stringent process to keep their data secured, a senior police officer said.