Dailydave mailing list archives
Distributed Phishing
From: byte_jump <bytejump () gmail com>
Date: Mon, 2 May 2005 11:29:00 -0600
I thought you folks would be interested in this new phishing tactic, which is really quite clever. I know of a company that is experiencing a phishing scam that is organized in a way that I have never seen before. The hostname that is hosting the phishing site is served up by five different name servers. Those five name servers are on home computers residing on networks such as Comcast, Charter, etc. The name servers are using some sort of round-robin DNS to serve up five different IP addresses for the phishing site, and the five IP addresses used are changing every ten to fifteen minutes. The IP's hosting the phishing site also are home machines on the Comcast, Charter, etc. networks. All of this seems to be a distributed phishing scam controlled by some sort of bot network. I've spoken with a couple of the ISP's involved and they have seen one other organization - just this weekend - that has been attacked in a similar way. This type of phishing site organization is virtually impossible to get shut down, other than having the registrar of the domain deactivate the domain. Anyone that has ever worked with a registrar on something like this knows that it's like speaking to a wall, so if anyone that works at a registrar reads this, know that this type of thing will become more common and you must become easier to work with. byte_jump _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Distributed Phishing byte_jump (May 02)
- Re: Distributed Phishing Joe Stewart (May 02)
- Re: Distributed Phishing Gadi Evron (May 02)
- Re: Distributed Phishing byte_jump (May 02)
- <Possible follow-ups>
- Re: Distributed Phishing Thor Larholm (May 02)