[nsp-sec] FW: enom^Wnetsol security POC?

[Krista Hickey]

I also meant to mention that the page I was directed to actually says,

"WHOIS Information Verification 

Click the domain name below to view the WHOIS information for that
domain name. This information is current as of 10/1/08. If you need to
update your contact information, please contact your domain name service
provider to make the necessary changes."

So there's no online form to submit anything, just a reference to
contact your DNS provider if you need to update something so I guess
they're kinda sorta trying.

Krista
7992

-----Original Message-----
From: Krista Hickey 
Sent: Tuesday, October 28, 2008 9:19 PM
To: nsp-security at puck.nether.net
Subject: RE: [nsp-sec] enom^Wnetsol security POC?

On Oct 27, 2008, Scott A. McIntyre wrote:
>
>Earlier tonight our abuse@ inbox started getting  rather full of people

>questioning the validity of a Network Solutions email
>-- people
>are so used to phishing attacks that requests to "verify account 
>details" raise a lot of alerts.  Unfortunately, the email apparently is

>in HTML format with embedded links, but all of the customers reporting 
>it are forwarding plain-text, so I'm not sure where the links actually 
>point.
>
>The text of the mail reads as below -- does anyone know if this is a 
>"real" initiative from Netsol (and thus, a really really bad idea) or a

>phish?
>
>I fear it's legit, which would be depressing.

I can't comment on all the messages your users received but I did
receive that exact message today for several domains I admin and after
suspiciously investigating it and visiting the site I've determined it's
legitimate - headers show it's sent from my actual registrar and it
includes domain info I would be quite impressed to find had been
collected by miscreants.

That said, in this day and age it's not the smartest way to send such
messages, esp. messages blessed by ICANN. If anyone wants headers or
more info let me know.

Krista
7992