Dailydave mailing list archives
Re: Distributed Phishing
From: "Thor Larholm" <thor () pivx com>
Date: Mon, 2 May 2005 10:54:50 -0700
This is not unlike some of the spam runs from 2003/2004 where compromised home computers were used for everything from sending out emails to handling everchanging DNS requests to hosting the websites. Scott Richter had a whole forest of subcontractors employed in true organized crime style to separate the Don from the layman on the street and I see no apparent reason why spammers and phishers would not come from the same small group of people; and by small I am thinking of the Spamhaus documentation which showed more than 95% of all spam worldwide came from less than 200 people. Thor - Blackberry typist -------------------------- Sent from my BlackBerry Wireless Handheld -----Original Message----- From: dailydave-bounces () lists immunitysec com <dailydave-bounces () lists immunitysec com> To: dailydave () lists immunitysec com <dailydave () lists immunitysec com> Sent: Mon May 02 10:29:00 2005 Subject: [Dailydave] Distributed Phishing I thought you folks would be interested in this new phishing tactic, which is really quite clever. I know of a company that is experiencing a phishing scam that is organized in a way that I have never seen before. The hostname that is hosting the phishing site is served up by five different name servers. Those five name servers are on home computers residing on networks such as Comcast, Charter, etc. The name servers are using some sort of round-robin DNS to serve up five different IP addresses for the phishing site, and the five IP addresses used are changing every ten to fifteen minutes. The IP's hosting the phishing site also are home machines on the Comcast, Charter, etc. networks. All of this seems to be a distributed phishing scam controlled by some sort of bot network. I've spoken with a couple of the ISP's involved and they have seen one other organization - just this weekend - that has been attacked in a similar way. This type of phishing site organization is virtually impossible to get shut down, other than having the registrar of the domain deactivate the domain. Anyone that has ever worked with a registrar on something like this knows that it's like speaking to a wall, so if anyone that works at a registrar reads this, know that this type of thing will become more common and you must become easier to work with. byte_jump _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Distributed Phishing byte_jump (May 02)
- Re: Distributed Phishing Joe Stewart (May 02)
- Re: Distributed Phishing Gadi Evron (May 02)
- Re: Distributed Phishing byte_jump (May 02)
- <Possible follow-ups>
- Re: Distributed Phishing Thor Larholm (May 02)