Jump to content

Recommended Posts

Posted

This is the first scam/phish topic that I've posted -- I normally wouldn't post something like this because they often suck. But this one is different, it's pretty slick. Following is a description and some screen shots.

 

As the norm, I get an email telling me I needed to update my PayPal account, well I don't have an account -- that tipped me off right there, but I decided to follow the link anyway.

 

Here's a screenshot showing the fake website:

 

fakeux9.jpg

 

Here's a screenshot of the real website for comparison:

 

realsc7.jpg

 

 

Note the strange URL on the fake website.

 

I didn't link the page because I don't know if the site contains spyware/viruses.. be careful if you decide to look at it for yourself. All the links on the fake page redirect to the official Paypal pages except the "Log In" button. The "Log In" takes you to a page asking you to fill out some information (credit cards, etc..) no matter what is typed in the email/password fields.

Posted

Uh... yeah. Always check the url. This happens with a lot of password-protected sites. I believe Myspace has had a lot of problems with this.

 

I don't really understand why you would willingly explore the email if you knew it was malicious. It could be loaded with teh warez! :(

Posted

As watchful as ever Darque :">

 

I browse with a lot of software designed to block the bad things.. I really should have done it in a VM though. I'm surprised that they made it look so good, but not quite perfect... it's like putting a lot of effort into something and then stopping near the end.

Posted

When these first started going around I knew they were fake right off the bat from the bad URLs and sending the emails to the wrong email addresses and such(I got the phishing site emails in one address, while my account is registered with another) and wondered how anyone could fall for them. Then lots of people started falling for them.

The area between the balls and the butt is a hotbed of terrorist activity.

Devastatorsig.jpg

Posted

Hmmm, interesting. The site is in Brasil, Montevideo.

 

It is a rooted linux server. If you go to .../icons/, directory index is available, and PHP Shell Offender is installed (php.cgi) so anyone can execute remote commands in the web shell. I think the owners of the server have to be notified that their server is owned.

Posted
But ... Montevideo is the capital of Uruguay.

It was also blown to pieces by Vandal Savage during JLA 1 million.

Victor of the 5 year fan fic competition!

 

Kevin Butler will awesome your face off.

Posted (edited)
But ... Montevideo is the capital of Uruguay.

OK, I've got it wrong somewhere.

 

Edit: the site has a Brazilian domain name and IP address is registered in Brazil, but IP address registry is in Uruguay.

 

 

Good news: phishing site is down, but the shell is still there.

Edited by Diamond

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...