RE: Amazon Phishing Scam - Tech Details

[S G Masood <sgmasood () yahoo com>]

--- Todd Towles <toddtowles () brookshires com> wrote:

> Dan wrote:
> > Oh, I don't know, maybe someone might want to
> block the IP 
> > addres or shun them, maybe someone might want to
> put it in 
> > their exchange server as a known bad IP, maybe
> someone might 
> > want to black hole them at some point, just little
> things 
> > like that, and that is why I posted this to this
> list.
> > Just a thought.
> > r/d
>
> Dan, you have a very valid idea and it works, but it
> will only work for
> the short temp. Static blocking of phishing sites
> doesn't work too well
> in the long run - but works well for the time the
> site is up. You put
> this one address into your block list to protect
> your users but what
> about the 10 other address you haven't put in there?
>
>
> Trying to run a manually updated content/security
> filtering system will
> crazy you insane in no time. Believe me ;)
>
> -Todd

Well Dan, in the context of phishing scams, you are
naive! :p

In the real world, hundreds of IPs get tainted and are
added to blocklists everyday and there is an avalanche
of new phishing scams in the wild. If people were to
post just one instance of each new scam to this list,
this list would be crippled for any other business.

IMO, unless a phishing scam uses a new and interesting
technique, it is not appropriate content for FD.

There are dedicated forums/databases/lists for
submissions of this kind. See www.millersmiles.co.uk
for instance. 

--
Cheers,
SG




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/