Home > Phishing > Phish Facebook, Phish Myspace too!

Phish Facebook, Phish Myspace too!

Investigating the recent Facebook phishing attack has resulted more information including Myspace phising sites and Gambling Casino spams.

Let’s start with this screenshot below.


Let’s perform DNS lookup with the FQDN – 371233.cn.

As you can see, this phising domain runs in a double fast flux DNS service, which means both NS and A records are dynamic and constantly changing. Observing further the activity, there are 10 round robin addresses that changes every minute and this rogue network host thousands of domain. So, shutting down these fakes sites are not that easy!

The screenshot below is a Myspace phising site.


more links …

login.myspace.com.cfm.fuseaction.splash.mytoken.76701a26.0j643z.com
profile.myspace.com.fuseaction.user.viewprofile.9w.11523822.cn
profile.myspace.com.fuseaction.id.0ed37i8xdd.378d38.cn
profile.myspace.com.fuseaction.id.user.viewprofile.1878800.cn
Aside from phising sites, this node (particularly, myluludns.com) is also responsible for Gambling Casino spams (found 6 active mail domains) and even marijuana scam (like thebudshop.net and crazybuds.com).

In summary, phising and scam spams are cross-platform web base attack. It aims to steal your identity and your money!

Mac and iphone users are not exempted.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: