« Home | A New MSN Phishing ( Identity Theft ) Attack » | My Blog Is 2yrs Old » | Google Analytics Cookie Jar » | Google's Latest "Get Faster Gmail" Notes » | Your Partner Or Your Problem » | Security Assets Interoperability » | אלגברה להמונים - בחסות "לרדת בגדול". » | Google Chrome - My New Browser » | משתמשים מגנים על משתמשים » | ImperViews »

A New MSN Phishing ( Identity Theft ) Worm - ENG

[ A Rewrite of this post in english , due to the importance ]

 

A few days back , I received a nice gift via my Msn IM account, i got the following link :

http://myparties.piclooks.com/?<user> ( where <user> is the infected sender ). in that case i got it through MSN , so i dont tknow if any other IM is compromised.

when clicking on that link you would get the following web window -

SNAG-0044

That screen immediately raised my suspicion that there is something wrong here. an unknown site is asking for my MSN / Hotmail credentials in order to provide me a service which natively could be provided via a normal API... so i started checking.

Viewing the client side source code was very nice , cause it shows a very simple - almost child-like html code that is generated via simple tools.

An IP address (  64.34.154.82 ) was embedded in, which is not something that you would expect from a service, very unusual.

When disecting the URL to its basics and just going to piclooks.com , you would get the following output ( meaning , there is no actual homepage behind this application )

piclooks-com

The summary is very simple , this is most probably a phising site , and not a very sophisticated one , which its whole purpose is to steal the online identities of those who are naive enough to play along.

be careful of this hoax.

Labels: , , , , , , , ,

Syndication : Digg It  Add to Technorati Favorites  Stumble It  Worth Reading 

does this mean that the sender (?user> is somehow compromised? I received this from someone I chat with and they said that their AV (Norton) is not currently reporting anything after a full scan.
thoughts?
Eric

bHi Eric,

yes , it means that the host is compromised. i am still not sure how yet.

Barry.

YES, a variant good

This very valuable message


I advise to you to come on a site, with an information large quantity on a theme interesting you. There you by all means will find all. Hot Health

Post a Comment

About

    My Name is Barry Shteiman, im a devoted tech junkie, and this is my blog.
    E: barry.shteiman -at- gmail.com
    Twitter : bshteiman

Tags & Categories

Mailing List & RSS

Stay Updated  
Add to Technorati Favorites