Phishers Use Wildcard DNS to Build Convincing Bait URLs - Spamfo 3/7/2005 - 839 views,
|
Previous Article « VOIP + Net Smart Devices = Voipullar Phones
Read Next Article » T-Mobile Sidekick in no Danger as Network Outage Frustrates Customers
From Across the Pond, written by Andrew Robinson over at Spamfo: Phishing operations have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, but send victims to spoof sites designed to steal their login details. This may sound familiar as it is not unlike the eBay phishing bug on which Aunty reported just yesterday. A wildcard DNS record (*.example.com) will resolve all requests that are not matched by any other record. Wildcards are typically used to manage errant or mistyped e-mail addresses, but have been routinely abused by spammers. In recent weeks wildcard DNS settings have been used in a wave of phishing attacks on Barclays Bank, in which the “bait” email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols. Several examples: http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/ The phishers use… Read more at Phishers Use Wildcard DNS to Build Convincing Bait URLs - Spamfo
http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2
http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/
|
|
Email the link for this page to a friend! |
Read more:
» Spamalot Exposes Mailing List - Spamfo
» Man Jailed Over Sick Tsunami Email Hoax
» Phishing at Blackpool: Man Arrested
» New Phishing Tactic Uses Real URLs, Fake Pages
For additional similar stories check out our archives on Phishing
