Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Compromised phishing host notification

From: xyberpix <xyberpix () xyberpix com>
Date: Fri, 28 Apr 2006 19:56:32 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd suggest going the castlecops route, as you don't want anything coming back to you. Also if you're not too fussed about getting credit for finding this one, then castecops would be perfect you.
I'd be careful about notifying the site directly, unless you set up a fake gmail account or something like that. Either way, they will be able to trace you if they really want/need to, but the better the anonymity the safer you are. Maybe go through an anonymous proxy and then set up a gmail/hotmail/ yahoo account, and then notify them from that account.
Personally any way you notify them, I'd use an anonymous proxy to be safe, but that's just me. 

xyberpix

Blog: http://blogs.securiteam.com



On 27 Apr 2006, at 17:37, Colin Bean wrote:


Hi all,

I had a question about notifying the owners of a site that appears to
be compromised and hosting a phishing page.  For instance, I received
a phishing mail today which linked to something like
http://www.domain.com/.www.creditunion.com/login.php
where www.domain.com was a small business here in the US.

Are there any common guidelines to notify the domain owners in a
situation like this, assuming I wanted to send them a friendly notice
and have no further involvement?  Would there be any possible legal
issues from a casual email, and would this be an effective way to deal
with the site?
What about a service like CastleCorps PIRT? (http:// www.castlecops.com/pirt) 
Is this more effective?

Thanks,
Colin
---------------------------------------------------------------------- --- 
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un- protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
---------------------------------------------------------------------- ---- 



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEUmVg2VKEoIQBZwkRAiPgAJ403U53VxQ37PpLMOWX0V3TiTYyvwCgiV+9
i8Dg2d0M5MKp8SDzlbggFtA=
=s4iu
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. 
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: