Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Phishing attack. Basic encoding

From: Peter Harvey <peter.harvey () gmail com>
Date: Mon, 14 Nov 2005 10:56:18 +1000
I have had a number of reports of messages targetting users on domains
for their credentials.
The interesting part of this message is the very basic but effective
encoding of the message. It appears that there are a couple of
characters that instruct the mail program to display the characters in
the reverse order.

An example is attached. This appears to be random in the characters
reversed based on a number of examples forwarded. I would say this is
a simple yet effective way of bypassing signature based filters.

They also appear to be bouncing through Google to the compromised
website for phishing credentials. I am guessing it is phishing as the
websites that I have seen were unavailable at the time.

--
Peter
--

Attachment: domain.txt
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: