[nsp-sec] enom^Wnetsol security POC?

Scott A. McIntyre scott at xs4all.net
Tue Oct 28 16:56:40 EDT 2008 

Hi,


On Oct 27, 2008, at 22:32 , Chris Morrow wrote:

> ----------- nsp-security Confidential --------
>
>
> looks like enom is being phished :(
>
> <snip spam content>
> For access your account follow this link - http://www.enom.com.sys82.net
> </snip spam content>
>
> something about 'we are doing maintenence...' spam sample available  
> upon request.


Earlier tonight our abuse@ inbox started getting  rather full of  
people questioning the validity of a Network Solutions email -- people  
are so used to phishing attacks that requests to "verify account  
details" raise a lot of alerts.  Unfortunately, the email apparently  
is in HTML format with embedded links, but all of the customers  
reporting it are forwarding plain-text, so I'm not sure where the  
links actually point.

The text of the mail reads as below -- does anyone know if this is a  
"real" initiative from Netsol (and thus, a really really bad idea) or  
a phish?

I fear it's legit, which would be depressing.



 > Dear Domain Name Registrant,
 >
 > You are receiving this communication because when you registered a
 > domain name through your domain name registration service provider,
 > you became a Network Solutions® LLC customer. Network Solutions
 > provides support and services to companies that sell and/or provide
 > domain name registrations through a partner program. Domain names
 > registered through these partner companies are listed in our
 > database and managed by the partner companies.
 >
 > Network Solutions is accredited by ICANN, the non-profit corporation
 > who oversees the domain name registration system. A policy
 > established by ICANN requires that all registrars contact each
 > customer and request them to verify the accuracy of their WHOIS
 > information. (WHOIS is a publicly accessed database containing
 > contact information associated with every domain name registration.)
 >
 > To comply with the policy, we request that you confirm the accuracy
 > of your WHOIS contact information.  Please note: ICANN mandates that
 > inaccurate or out-of-date contact information in your WHOIS listing
 > may be grounds for domain name cancellation.
 >
 > Reviewing Your Domain Name Information
 >
 > Please take a moment to view the WHOIS listing for each of the
 > domain names you currently have registered through us. Please verify
 > your mailing address, e-mail address, and the administrative and
 > technical contacts assigned to each domain name are correct. If your
 > WHOIS information has changed or is inaccurate please follow the
 > instructions listed on the "WHOIS Review" page (you'll see this page
 > when you click the review link below) to update it. If your WHOIS
 > information is correct, you do not need to take any action.
 >
 > Click here to view the WHOIS information for the domain names
 > registered through Network Solutions:
 >
 > You may review the ICANN policy here.
 >
 > Thank you for your attention to this matter.
 >
 > Sincerely,
 > Network Solutions® Partner Program
 >
 >
 >
 >
 > This e-mail was sent from a notification-only address. Please do not
 > reply to this message.
 >
 > © 2008 Network Solutions, LLC. All Rights Reserved.
 > Network Solutions, 13861 Sunrise Valley Drive, Department CCD,
 > Herndon, VA 20171
 >
 >


Regards,

Scott A. McIntyre
XS4ALL Internet B.V.

More information about the nsp-security mailing list