Re: Phishers now abusing dynamic DNS services

[pagvac <unknown.pentester () gmail com>]

I don't know how new this is to be honest.

I just made a comment to the list because it was the first phishing
email I received that uses dynamic DNS and thought it was interesting.

On 12/12/05, Barrie Dempster <barrie () reboot-robot net> wrote:
> On Mon, 2005-12-12 at 10:22 +0000, pagvac wrote:
> > I got another Paypal phishing attempt today (I get about one every week :-) ).
> >
> > The interesting thing about this attempt is that the phisher seems to
> > be using a dynamic DNS service to gain the trust from the victim.
> >
> > In this case the html link was pointing to http://www.paypal.25u.com
> > which doesn't seem to resolve at this moment.
> >
> > www.paypal.25u.com does of course look more legitimate than some
> > random IP address in which the word "paypal" is not included.
>
> They are new to phishing and didn't have the carding facilities to get
> themselves a registered domain that looks similar enough to Paypal. ;-)
>
> When this phishing attempt reaps them some required information they
> will graduate to investing a few pennies in a domain.
>
> This isn't terribly interesting or innovative, malware have been using
> this sort of technique for quite some time.
>
> --
> With Regards..
> Barrie Dempster (zeedo) - Fortiter et Strenue
>
> "He who hingeth aboot, geteth hee-haw" Victor - Still Game
>
> blog:  http://reboot-robot.net
> sites: http://www.bsrf.org.uk - http://www.security-forums.com
> ca:    https://www.cacert.org/index.php?id=3


--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/