Full Disclosure mailing list archives
Re: Phishers now abusing dynamic DNS services
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 12 Dec 2005 12:01:03 +0000
On Mon, 2005-12-12 at 11:38 +0000, pagvac wrote:
I don't know how new this is to be honest.
It's quite old and quite common. It's a very popular method for botnets to contact their controlling servers for example.
I just made a comment to the list because it was the first phishing email I received that uses dynamic DNS and thought it was interesting.
Indeed and not a bad word to say about your efforts! just informing you of the precedent already set and that it's a common occurrence. There are a few other interesting things that have been going on with DNS over the past few weeks, which are a bit less common than this and you might find worth looking at and possibly more interesting than dynamic DNS used in phising attempts. For example Dan Kaminskys efforts to follow the footprints of the Sony rootkit and also the technique employed by Sober in order to ensure predictable domain names for updated payloads. These are slightly less obvious uses of technology than this quite predictable use of dynamic DNS. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Nick FitzGerald (Dec 12)
- Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Barrie Dempster (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re: Phishers now abusing dynamic DNS services Florian Weimer (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)
- Re[2]: Phishers now abusing dynamic DNS services phased (Dec 12)
- Re: Phishers now abusing dynamic DNS services Graham Reed (Dec 12)
- Re: Phishers now abusing dynamic DNS services pagvac (Dec 12)