DNS wildcards used in new phishing attacks

Peter Russell pete at ENITECH.COM.AU
Wed Mar 9 01:09:23 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Forgive me if this is a silly question - phishing net is using the
latest mailscanner? Is this a name given to a feature of MS?

Pete

Julian Field wrote:
> As highlighted here on Slashdot:
>
> http://slashdot.org/articles/05/03/08/0052235.shtml
>
> which links to the full Netcraft article at
>
> http://news.netcraft.com/archives/2005/03/07/phishers_use_wildcard_dns_to_build_convincing_bait_urls.html
>
>
> I have just tested the examples given by Netcraft, and the current
> phishing net already traps these phishing attacks and needs no changes
> or improvements in this case.
>
> If you are running an old version of the phishing net, I strongly advise
> you to upgrade. You should at least test the 3 URLs given by Netcraft
> and ensure that you can catch them. Use an HTML segment like this:
>
> Barclays bank wildcard DNS attack here:
> <a
> href="http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/">barclays.co.uk</a>
>
> <a
> href="http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2">barclays.co.uk</a>
>
> <a
> href="http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/">barclays.co.uk</a>
>
>
> Beware that the above paragraph should have 4 lines in it, in case my
> mail client messes with it.
>
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                            Southampton SO17 1BJ
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list