Full Disclosure mailing list archives

Phishers now abusing dynamic DNS services

From: pagvac <unknown.pentester () gmail com>
Date: Mon, 12 Dec 2005 10:22:56 +0000

I got another Paypal phishing attempt today (I get about one every week :-) ).

The interesting thing about this attempt is that the phisher seems to
be using a dynamic DNS service to gain the trust from the victim.

In this case the html link was pointing to http://www.paypal.25u.com
which doesn't seem to resolve at this moment.

www.paypal.25u.com does of course look more legitimate than some
random IP address in which the word "paypal" is not included.


--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Nick FitzGerald (Dec 12)
- Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
  - Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
    - Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
- Re: Phishers now abusing dynamic DNS services Florian Weimer (Dec 12)
  - Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
    - Re[2]: Phishers now abusing dynamic DNS services phased (Dec 12)
    - Re: Phishers now abusing dynamic DNS services Graham Reed (Dec 12)