unflappable-isomorphic-deez
Welcome, Guest. Please login or register.

Author Topic: Phish flood  (Read 1004 times)

0 Members and 1 Guest are viewing this topic.

Stock Spam

  • Global Moderator
  • Full Member
  • *****
  • Posts: 103
  • Karma: 0
    • View Profile
Phish flood
« on: February 22, 2010, 12:01:07 AM »
Phish flood
         


<p>There's a fairly substantial phishing run going on at the moment, aimed at capturing Blogger or Google account credentials. The messages have the subject line 'Your Blogger Account' and a brief message urging recipients to click a link to 'update' their account. Recipients who click the link will be prompted to enter their Blogger or Google credentials.</p>

<p>An interesting feature of the run is that the phishers seem to have mass-registered a block of domains in the '.kr', 'or.kr', '.co.kr' and '.ne,kr' spaces. The actual domains registered all begin with the letters 'esu', followed by a single character, and then the top-level or second-level extensions. The phishers then create subdomains of those domains that are designed to look superficially like Google domains. Some examples include:</p>

<ul>
<li>www.google.com.esub.kr</li>
<li>www.google.com.esuk.or.kr</li>
<li>www.google.com.esut.co.kr </li>
<li>www.blogger.com.esut.kr</li>
<li>www.blogger.com.esug.or.kr</li>
</ul>

<p>These domains are hosted on what appear to be botnet hosts: a host lookup for any of the domains returns a list of 15 or 16 IP addresses, scattered all over the Internet.</p>

<p>It isn't clear why the phishers have chosen to generate names that follow such a predictable pattern, making filtering the abusive messages trivial. Moreover, most of the domains used are now flagged by Google as probable phishing sites.</p>
         

http://www.spamnation.info/blog/archives/2010/02/blogger-phishing-run.html
         

Tags:
 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 350 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name: Email:
Verification:
What color is the Qwoter logo?:

What year was Qwoter founded in?
(hint: look at copyright below):

Related Topics

  Subject / Started by Replies Last post
0 Replies
1607 Views
Last post August 03, 2007, 03:00:52 AM
by Deez
0 Replies
982 Views
Last post August 09, 2007, 12:01:21 PM
by Deez
0 Replies
866 Views
Last post August 14, 2007, 12:01:06 PM
by Deez
0 Replies
4690 Views
Last post August 20, 2007, 11:01:28 AM
by Deez
0 Replies
966 Views
Last post August 20, 2007, 07:00:57 PM
by Deez
0 Replies
977 Views
Last post August 21, 2007, 05:01:40 AM
by Deez
0 Replies
3481 Views
Last post April 02, 2009, 02:01:05 PM
by Stock Spam
0 Replies
1231 Views
Last post July 02, 2010, 12:00:17 AM
by Stock Spam