Even the Smartest Phishers Make Mistakes

By admin 10 years agoNo Comments
Home  /  Blog  /  Even the Smartest Phishers Make Mistakes

The most problematic phishers are those that use rock-style tactics to implement their scams. By using a combination of fast-flux botnets, reverse proxies, and registering a myriad number of domain names, their scams are likely to stay alive 50% longer or more than regular phishing attacks. Clearly they’re more advanced that the ankle-biters that use free phishing kits and free web space like geocities.

Today I started seeing reports of a PayPal phishing attack using using the URL (line wrapped for readability):

http://secure.paypal.com.session

-id99464376173882452045040350355179058532566734394749600500
117946024993835998207694.ssl89.ru

The only problem is that it’s impossible to resolve this hostname. If you look carefully, you’ll see the label that starts ‘session-’ followed by a bunch of numbers is 91 characters long. That is longer than the maximum of 63 allowed by RFC 2181.

The phishers never notice this themselves because their nameservers have wild-card entries that allow any hostnames and sub-domains to resolve (assuming the query get to their servers).

Category:
  Blog

Leave a Reply

Your email address will not be published.

})(jQuery);