Security Incidents: Re: Malware Site

[Robert Judy <rjudy () sfasu edu>]

Note the very important distinction:

stuuerhelath.org is a site registered out of Panama

sutterhealth.org is a site registered out of Canada

Pretty clearly an adaptation of the phishing type scheme using misspelling but they could have used the correct 
spelling and still put you to the haken site.

ALWAYS view the html code of the phisihing mail so you can see what the real IP or URL being referenced is not just the 
link text. There will be the "click this link" followed by the URL that link actually references.

A paradigm was a www.ncu.gov (National Credit Union, whatever the true address is) link text that referred to an 
address in Peru.

ALWAYS view the message as plain text/code BEFORE hauling off and starting to blame whoever's URL is being abused in 
the scheme.

Never click on a link at a web site or in an e-mail ALWAYS type the link in yourself or cut n' paste the link, 
otherwise you are begging to get hijacked.

rmj


> On Wed, Nov 23, 2005 at 11:41:44AM -0500, Joshua Ginsberg wrote:
> > RTFM-style answer:
> >
> > First, figure out a little about the site... like who owns the domain
> > and where is it hosted?
> >
> > $ whois sutterhealth.org
> It is sutterhelath.org, not sutterhealth.org.
>
> maybe it therefore also makes sense to inform sutterhealth.org,
> so they can also file complains as appropriate ;-)
>
> Regards,
> Holger Kipp

-- 
Robert M. Judy
Technical Specialist
College of Education
Stephen F. Austin State University
P.O. Box 6103
SFA Station
Nacogdoches, TX 75962
936-468-1424
KD5FEE