Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread Graham Reed
pagvac writes: What I mean is that the average user will trust more an URL when seeing the word "paypal" in it as a domain name, rather than some dodgy-looking numerical IP address, with a sub-directory called "paypal". Most users won't even see or notice where the link goes, that's why it wor

Re[2]: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread phased
yeah this is definitly nothing new -Original Message- From: pagvac <[EMAIL PROTECTED]> To: full-disclosure@lists.grok.org.uk Date: Mon, 12 Dec 2005 15:43:36 + Subject: Re: [Full-disclosure] Phishers now abusing dynamic DNS services > On 12/12/05, Florian Weimer <[EMA

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread pagvac
On 12/12/05, Florian Weimer <[EMAIL PROTECTED]> wrote: > * pagvac: > > > The interesting thing about this attempt is that the phisher seems to > > be using a dynamic DNS service to gain the trust from the victim. > > "to gain trust"? Hm? Yes. What I mean is that the average user will trust more a

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread Florian Weimer
* pagvac: > The interesting thing about this attempt is that the phisher seems to > be using a dynamic DNS service to gain the trust from the victim. "to gain trust"? Hm? This is not really a new thing: 2005-04-19 08:24:49 ebayfraud.dyndns.org A 220.110.65.252 ___

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread Barrie Dempster
On Mon, 2005-12-12 at 11:38 +, pagvac wrote: > I don't know how new this is to be honest. It's quite old and quite common. It's a very popular method for botnets to contact their controlling servers for example. > I just made a comment to the list because it was the first phishing > email I r

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread pagvac
I don't know how new this is to be honest. I just made a comment to the list because it was the first phishing email I received that uses dynamic DNS and thought it was interesting. On 12/12/05, Barrie Dempster <[EMAIL PROTECTED]> wrote: > On Mon, 2005-12-12 at 10:22 +, pagvac wrote: > > I go

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread Barrie Dempster
On Mon, 2005-12-12 at 10:22 +, pagvac wrote: > I got another Paypal phishing attempt today (I get about one every week :-) ). > > The interesting thing about this attempt is that the phisher seems to > be using a dynamic DNS service to gain the trust from the victim. > > In this case the html

Re: [Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread Nick FitzGerald
pagvac wrote: > [Full-disclosure] Phishers now abusing dynamic DNS services ^^^ ||| "now" -- you don't think this is news do you??? I guess if you only get one (PayPal) phish per week your sampling is so disproportion

[Full-disclosure] Phishers now abusing dynamic DNS services

2005-12-12 Thread pagvac
I got another Paypal phishing attempt today (I get about one every week :-) ). The interesting thing about this attempt is that the phisher seems to be using a dynamic DNS service to gain the trust from the victim. In this case the html link was pointing to http://www.paypal.25u.com which doesn't