Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re[2]: Phishers now abusing dynamic DNS services

From: phased <phased () mail ru>
Date: Mon, 12 Dec 2005 20:15:00 +0300
yeah this is definitly nothing new

-----Original Message-----
From: pagvac <unknown.pentester () gmail com>
To: full-disclosure () lists grok org uk
Date: Mon, 12 Dec 2005 15:43:36 +0000
Subject: Re: [Full-disclosure] Phishers now abusing dynamic DNS services


On 12/12/05, Florian Weimer <fw () deneb enyo de> wrote:

* pagvac:


The interesting thing about this attempt is that the phisher seems to
be using a dynamic DNS service to gain the trust from the victim.


"to gain trust"? Hm?


Yes.

What I mean is that the average user will trust more an URL when
seeing the word "paypal" in it as a domain name, rather than some
dodgy-looking numerical IP address, with a sub-directory called
"paypal".

e.g.:

http://1.2.3.4/vulnerable_app/paypal

versus

http://www.paypal.25u.com


Personall I would think that more users would trust the second link.



This is not really a new thing:

2005-04-19 08:24:49  ebayfraud.dyndns.org  A  220.110.65.252




--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: