[nsp-sec] Follow-up Phishing site - AS32244 Liquid Web (attn Google as well, search results)
Borja Marcos
BORJAMAR at SARENET.ES
Thu Mar 8 10:31:06 EST 2012
On 8 Mar 2012, at 16:17, Borja Marcos wrote:
> ----------- nsp-security Confidential --------
>
>
> Hi
>
> We have found a phishing site trying to impersonate www.saremail.com (our customers webmail system).
>
> The phishing site is here,
> http://www.peticiones.es/externo/www.saremail.net/src/read_body.php?account=0&mailbox=INBOX&passed_id=14696&startMessage=1
Answering to myself... It's really curious. Seems to be some sort of proxy. One can put any URL after "/externo/". It could be a lame proxy configuration, but the appearance among the search results for a webmail login page makes me think it's malicious.
Maybe someone from Google should verify how many search results point to something like www.peticiones.es/externo/....
Borja.
More information about the nsp-security
mailing list