Re: Phishers now abusing dynamic DNS services

["Graham Reed" <greed () pobox com>]

pagvac writes:
> What I mean is that the average user will trust more an URL when
> seeing the word "paypal" in it as a domain name, rather than some
> dodgy-looking numerical IP address, with a sub-directory called
> "paypal".

Most users won't even see or notice where the link goes, that's why it 
works. 

What you do need the hostname for is, to bypass the alarms on webmail 
services like Yahoo!, which will display a scary pop-up if you click on a 
link that's got a numeric IP address for the hostname. 

It won't alarm on most other types of names.  At least, I was able to make 
up a name and point something in my domain at an arbitrary IP and Yahoo! 
stopped showing the warning. 

They may have a blacklist, which would catch phish sites once people know 
about the hostname. 

Of course, without HTML mail, they wouldn't be able to show one thing and 
mean another.... 

And eBay doesn't help the whole situation: if you read the HTML version of 
eBay "favorite search" mail, the links take you to some site other than 
eBay.  (Actually, a doubleclick.net address--which is not resolvable on my 
network.)  Fortunately, the plain-text version has right-to-ebay.com links. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/