lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Dec 12 12:01:14 2005
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: Phishers now abusing dynamic DNS services

On Mon, 2005-12-12 at 11:38 +0000, pagvac wrote:
> I don't know how new this is to be honest.

It's quite old and quite common. It's a very popular method for botnets
to contact their controlling servers for example.

> I just made a comment to the list because it was the first phishing
> email I received that uses dynamic DNS and thought it was interesting.

Indeed and not a bad word to say about your efforts! just informing you
of the precedent already set and that it's a common occurrence.

There are a few other interesting things that have been going on with
DNS over the past few weeks, which are a bit less common than this and
you might find worth looking at and possibly more interesting than
dynamic DNS used in phising attempts. For example Dan Kaminskys efforts
to follow the footprints of the Sony rootkit and also the technique
employed by Sober in order to ensure predictable domain names for
updated payloads. These are slightly less obvious uses of technology
than this quite predictable use of dynamic DNS.


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051212/3598fc91/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ