Full Disclosure mailing list archives
Re: Phishers now abusing dynamic DNS services
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 12 Dec 2005 11:02:59 +0000
On Mon, 2005-12-12 at 10:22 +0000, pagvac wrote:
I got another Paypal phishing attempt today (I get about one every week :-) ). The interesting thing about this attempt is that the phisher seems to be using a dynamic DNS service to gain the trust from the victim. In this case the html link was pointing to http://www.paypal.25u.com which doesn't seem to resolve at this moment. www.paypal.25u.com does of course look more legitimate than some random IP address in which the word "paypal" is not included.
They are new to phishing and didn't have the carding facilities to get themselves a registered domain that looks similar enough to Paypal. ;-) When this phishing attempt reaps them some required information they will graduate to investing a few pennies in a domain. This isn't terribly interesting or innovative, malware have been using this sort of technique for quite some time. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Nick FitzGerald (Dec 12)
- Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Florian Weimer (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re[2]: Phishers now abusing dynamic DNS services phased (Dec 12)
- Re: Phishers now abusing dynamic DNS services Graham Reed (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)