[CLUE-Talk] Red Hat phish
Charles Oriez
coriez at oriez.org
Mon Oct 25 11:12:17 MDT 2004
Just in case someone hasn't heard about this already. I got the alert from
SANS this morning. Details are presumably available on /.
<http://news.netcraft.com/archives/2004/10/25/deceptive_domain_attacks_launched_against_customers_of_wells_fargo_paypal_aol_even_red_hat.html>Deceptive
domain attacks launched against customers of Wells Fargo, Paypal, AOL, ...
even Red Hat <http://news.netcraft.com/archives/security.html>Security
A second fraudulent electronic mail targeting Red Hat Linux users has
emerged, this time using a deceptive domain, fedora-redhat.com The new
wrinkle reflects a common trend in phishing scans, in which an initial
attack is refined over time, becoming more convincing and plausible with
each enhancement.
Detail oriented Red Hat users on /. have
<http://it.slashdot.org/article.pl?sid=04/10/24/2352234&tid=172&tid=110&tid=218&tid=106>had
a field day ridiculing the grammar and spelling mistakes in the mail (Red
Hat was spelled as one word) and listing numerous inconsistencies between
the attack code and standard Red Hat update practices.
However, the Red Hat and /. communities are progressively diverging, and
the mail will have reached some people with Red Hat systems who are much
less cautious and observent than the traditional Linux community.
The new scam, which follows on a
<http://news.netcraft.com/archives/2004/10/25/red_hat_users_targeted_by_bogus_advisory.html>similar
attack over the weekend uses a domain fedora-redhat.com which might
plausibly belong to Red Hat. While many phishing attacks rely on obfuscated
URLs to deceive recipients, a growing number of scams are
<http://news.netcraft.com/archives/2004/10/08/cardholders_targetted_by_phishing_attack_using_visasecurecom.html>registering
look alike domains to snare users. The fedora-redhat.com domain was
registered on Saturday through Yahoo, which offers domains for $9.95.
Similarly, over the weekend Wells Fargo customers were targetted with a
mail leading to a site in the domain wellzfargo.com, while other recent
attacks have involved the domains my-paypal.com, and errorbillingaol.com.
The trend illustrates the importance of defending domain names with
business value, through avoiding using multiple domains for bona fide
business, and monitoring the status of derivations of those names.
Symmetrically, the registration or deployment of a domain can be a useful
early warning of a fraud attack to targets of phishing scams, whereby
prompt action can pre-empt such frauds.
--
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
Lamport's Law: "A distributed system is one in which the failure of a
computer you didn't even know existed can render your own computer unusable."
More information about the clue-talk
mailing list