Distributed Phishing

[byte_jump <bytejump () gmail com>]

I thought you folks would be interested in this new phishing tactic,
which is really quite clever.

I know of a company that is experiencing a phishing scam that is
organized in a way that I have never seen before. The hostname that is
hosting the phishing site is served up by five different name servers.
Those five name servers are on home computers residing on networks
such as Comcast, Charter, etc.

The name servers are using some sort of round-robin DNS to serve up
five different IP addresses for the phishing site, and the five IP
addresses used are changing every ten to fifteen minutes. The IP's
hosting the phishing site also are home machines on the Comcast,
Charter, etc. networks.

All of this seems to be a distributed phishing scam controlled by some
sort of bot network. I've spoken with a couple of the ISP's involved
and they have seen one other organization - just this weekend - that
has been attacked in a similar way.

This type of phishing site organization is virtually impossible to get
shut down, other than having the registrar of the domain deactivate
the domain. Anyone that has ever worked with a registrar on something
like this knows that it's like speaking to a wall, so if anyone that
works at a registrar reads this, know that this type of thing will
become more common and you must become easier to work with.

byte_jump
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave