[PLUG] A New (to me) phishing attack
Chris Roberts
linux at chrisroberts.org
Fri Feb 24 18:02:35 UTC 2006
This is just redirecting people to:
216.242.36.206
The IP has just been converted to a long. The actual link the browser
uses starts at the * so all the stuff before it, yahoo's stuff, is just
disregarded. It's actually not bad as once you get to the site, it tells
you to click a link which resizes the browser while removing the address
bar.
- Chris
Richard C. Steffens wrote:
> I've gotten a couple of e-mails claiming that I've successfully added
> a new e-mail address to my PayPal (or PayPa1, or PayPaI) account. All
> I have to do is click on this handy link. I have not done so, nor do I
> plan to. The link is as follows:
>
> http://rds.yahoo.com/S=44831148:D1/CS=44831148/SS=44831166/SIG=11v8331g7/*http:/3639747790:84/page/webscr/
>
>
> Am I correct in assuming that this link goes to someplace within
> Yahoo? I sent the entire e-mail off to abuse at yahoo.com, but they think
> I'm complaining about the e-mail coming from yahoo mail, I'm on my
> third exchange with them to get them to look at the link, and not the
> spoofed (is that the right term for it?) e-mail header.
>
> Anyway, can anyone take a guess as to what that http string is trying
> to do?
>
> And, just in case anyone wonders, no, I haven't tried to add an e-mail
> address to my PayPal account, nor done anything else with that account
> in the last couple of weeks!
>
More information about the PLUG
mailing list