Educause Security Discussion mailing list archives
Re: Interesting spear phising attempt against IT
From: "Hunt,Keith A" <keith () UAKRON EDU>
Date: Wed, 6 Feb 2008 09:19:23 -0500
We also received one of these just as you described it, nonsensical google search links and all. It is quite odd. I wonder if perhaps it was not sent by this Tudor Burden fellow at all, but came from one of his competitors. -- Keith Hunt 330.972.7968 keith () uakron edu Internet & Server Systems The University of Akron
-----Original Message----- From: Basgen, Brian [mailto:bbasgen () PIMA EDU] Sent: Tuesday, February 05, 2008 2:46 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Interesting spear phising attempt against IT Today we received an email from someone who graciously informed us that some of our student web pages had been hacked. Of course, this happens on occasion for the usual reasons (php, brute force, etc). In this case, the webpages were converted into online Canadian pharmacies, and any transaction would simply redirect to another domain name. The interesting thing is the fellow who told us about the hack. His email included links to the hacked web pages. It was an html email, and the embedded html had a few hidden links -- but many of them didn't make sense (case.edu and google searches against berkley.edu and hollywood.com). The most interesting thing is the domain name the email came from: tudorburden.com, which turns out to be registered to a "Tudor Burden" living in Canada. Apparently, he has lost quite a few lawsuits regarding fraudulent domain names: http://www.wipo.int/amc/en/domains/decisions/html/2005/d2005-0313.html Has anyone heard of fraudsters hacking a web page and then informing you about the hack? We are diving into logs to try to discern what his greater goal is: we've been looking for trojans and/or spyware but haven't found any yet. It is a bit strange, so I'm wondering if anyone has had experience with this kind of thing in the past? ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Interesting spear phising attempt against IT Basgen, Brian (Feb 05)
- <Possible follow-ups>
- Re: Interesting spear phising attempt against IT Hunt,Keith A (Feb 06)
- Re: Interesting spear phising attempt against IT Brian Allen (Feb 06)
- Re: Interesting spear phising attempt against IT Joel Rosenblatt (Feb 06)
- Re: Interesting spear phising attempt against IT Ozzie Paez (Feb 06)
- Re: Interesting spear phising attempt against IT Basgen, Brian (Feb 08)