[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon Dec 12 11:03:09 2005
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: Phishers now abusing dynamic DNS services
On Mon, 2005-12-12 at 10:22 +0000, pagvac wrote:
> I got another Paypal phishing attempt today (I get about one every week :-) ).
>
> The interesting thing about this attempt is that the phisher seems to
> be using a dynamic DNS service to gain the trust from the victim.
>
> In this case the html link was pointing to http://www.paypal.25u.com
> which doesn't seem to resolve at this moment.
>
> www.paypal.25u.com does of course look more legitimate than some
> random IP address in which the word "paypal" is not included.
They are new to phishing and didn't have the carding facilities to get
themselves a registered domain that looks similar enough to Paypal. ;-)
When this phishing attempt reaps them some required information they
will graduate to investing a few pennies in a domain.
This isn't terribly interesting or innovative, malware have been using
this sort of technique for quite some time.
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog: http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051212/260ec244/smime.bin
Powered by blists - more mailing lists