[nsp-sec] Follow-up Phishing site - AS32244 Liquid Web (attn Google as well, search results)
Carles Fragoso
cfragoso at cesicat.cat
Thu Mar 8 12:50:37 EST 2012
Is it really a phishing website or is just adding ads on the top through frames? Do you have users that have received any links?
<frameset rows="22,*" framespacing="0" >
<frame src="hxxp://www.peticiones.es/topframe.php" marginwidth="0" marginheight="0" noresize scrolling="no" frameborder="0" />
<frame src="http://www.saremail.net" marginwidth="0" marginheight="0" scrolling="auto" frameborder="0" />
Top frame doesn't seem to do anything nasty… just including a PNG image (logo) and google Ads:
"hxxp://www.peticiones.es/topframe.php
<a href="http://www.peticiones.es/" target="_top" class="icon"><img src="hxxp://www.peticiones.es/tpl/images/po.png" /
Regards! ;)
-- Carlos
El Mar 8, 2012, a les 4:31 PM, Borja Marcos va escriure:
----------- nsp-security Confidential --------
On 8 Mar 2012, at 16:17, Borja Marcos wrote:
----------- nsp-security Confidential --------
Hi
We have found a phishing site trying to impersonate www.saremail.com<http://www.saremail.com> (our customers webmail system).
The phishing site is here,
http://www.peticiones.es/externo/www.saremail.net/src/read_body.php?account=0&mailbox=INBOX&passed_id=14696&startMessage=1
Answering to myself... It's really curious. Seems to be some sort of proxy. One can put any URL after "/externo/". It could be a lame proxy configuration, but the appearance among the search results for a webmail login page makes me think it's malicious.
Maybe someone from Google should verify how many search results point to something like www.peticiones.es/externo/<http://www.peticiones.es/externo/>....
Borja.
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net<mailto:nsp-security at puck.nether.net>
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list