Re: Phishers now abusing dynamic DNS services

[Barrie Dempster <barrie () reboot-robot net>]

On Mon, 2005-12-12 at 10:22 +0000, pagvac wrote:
> I got another Paypal phishing attempt today (I get about one every week :-) ).
>
> The interesting thing about this attempt is that the phisher seems to
> be using a dynamic DNS service to gain the trust from the victim.
>
> In this case the html link was pointing to http://www.paypal.25u.com
> which doesn't seem to resolve at this moment.
>
> www.paypal.25u.com does of course look more legitimate than some
> random IP address in which the word "paypal" is not included.

They are new to phishing and didn't have the carding facilities to get
themselves a registered domain that looks similar enough to Paypal. ;-)

When this phishing attempt reaps them some required information they
will graduate to investing a few pennies in a domain.

This isn't terribly interesting or innovative, malware have been using
this sort of technique for quite some time.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/