Wednesday, November 4, 2009

Phishing campaign targeted to users of MS

Since they started to become popular websites that promise to provide contact information locked in the instant messaging client from Microsoft, the campaigns aimed at stealing users' private information, are in constant insistence.

The truth is that those who rely on this sort of cheating, they are victims no more or no less than a simple social engineering maneuver that in many cases, has a relatively unpalatable effectiveness and intended to carry out phishing attacks.

This situation makes complete evidence levels (im) maturity that still exists in prevention and the need to raise awareness about the true scope and safety implications of the concepts of confidentiality and privacy.

In this sense, a new phishing campaign is seeking to capture the attention of users who use popular instant messaging client from Microsoft, MSN. That is, almost 90% of people.

Behind a hedge under the slogan "Verify who blocked you on their msn contact list", a campaign that lies strategically and with patience is getting usernames and their passwords for all those interested in finding out who of your contacts have blocked ... I still don't understand it :(

From a technical standpoint, under the IP address 121.54.174.85 (Hong Kong Hong Kong Sun Network Limited) are housed a significant number of domains that redirect to the same fraudulent. These domains are:

ahem-they-blocked-me.com
cindrella-blocked-me.com

damnn-they-blocked-me.com
did-they-block-you.com

face-blocked-truth.com
find-reason-of-being-blocked.com

finding-who-blocks.com

friends-block-buddies.com

grab-block-status.com

grab-my-block-status.com
have-they-blocked-you.com

heroes-never-block.com

how-come-they-block-me.com

im-fedup-of-being-blocked.com

im-sad-im-blocked.com

ima-checking-block-status.com

jesus-he-blocked-us.com

kephsa.why-do-they-block.com

lame-friends-block-you.com
leme-check-block-status.com

mean-friends-block.com

mjzfx0.why-do-they-block.com

notice-they-blocked-u.com

oh-i-was-blocked.com

omg-they-blocked-me.com

phew-they-blocked-me.com

phewww-seems-i-am-blocked.com
puff-im-blocked.com

pwdgds.grab-my-block-status.com

sad-i-was-blocked.com

see-they-blocked-me.com

tchv9l.find-reason-of-being-blocked.com

they-were-haha.com

ufff-i-was-blocked.com

urr-he-blocked-us.com

weird-i-was-blocked.com

who-let-me-block.com
why-do-they-block.com

why-my-friends-block.com

wooh-im-blocked.com

It's extremely important to take precautionary and preventive measures necessary to avoid being victims of such techniques, extremely simple to implement and extremely effective for those who aren't aware of them.

In this case, it isn't implementing a security solution at full speed but common sense. To access information on the website only legitimate and verify the existence of security measures that ensure the encryption of data.

Above all, don't ask him how to get lots of information on different authentication credentials for web services and publish them on the Internet without restriction :)

Related information
Nivel de (in)madurez en materia de prevención
Phishing Kit. Creador automático de sitios fraudulentos
Phishing Kit In-the-Wild para clonación de sitios web, versión 2
Phishing Kit In-the-Wild para clonación de sitios web
Estado de la seguridad según Microsoft
Phishing y "cuentos" en navidad
Phishing para American Express y consejos

Jorge Mieres

No comments: