Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 26 February 2010

Sun Network: MSN/AIM/Gtalk/Yahoo phishing - again

It would seem, dear readers, that the folks at Sun Network have decided booting our friendly phishers, isn't a good idea after all, as they're now back yet again, spamming via MSN and whatnot, with links that lead to phishing scams such as the one in the screenshot to the left, that steal your MSN, Yahoo, AIM and GTalk credentials.

Once stolen, you're then once again, redirected to ishowclips.com. Sites I've currently identified are;

cant-stop-laughin-hehe.com
com.crazily-laughed-on-u.com
crazily-laughed-on-u.com
forbidden-pics-of-you.com
omg-funny-i-gotcha.com
our-truth-is-here-hehe.com
smiles-on-your-faces.com
super-liars-are-crazy.com
www.cant-stop-laughin-hehe.com
www.crazily-laughed-on-u.com
www.forbidden-pics-of-you.com
www.omg-funny-i-gotcha.com
www.our-truth-is-here-hehe.com
www.smiles-on-your-faces.com
www.super-liars-are-crazy.com
www.your-damn-secrets-revealed.com
your-damn-secrets-revealed.com


The above are presently at 121.54.171.30 and 121.54.171.44, but the entire /24 has seen it's share of phishing and malware, and on that, I'd suggest blackholing them, seems they aren't going to learn.

4 comments:

Paleton Jr. said...

I just woke up and saw the supposedly my brother through MSN messenger told me" oh my God, i chant believe you are so cheap lol
And a website.
I opened believing it was my bro, but all the website had was a "Hello!" on the top.
What should I do? What just happened, since it never happened to me...

MysteryFCM said...

Can you e-mail me the URL you were pointed to please?

hphosts @ it-mate.co.uk

Manfred said...

A phony URL is something like:

http://your-damn-secrets-revealed.com/?pic=john.smith.jpg&invite=tayw49irrtq8pq7Ip6ie4LCVZrTRhHiTyYaO2qwyeGy4z5vpwr675ajbrdKSpbKb

I am sure what harm this site does.

MysteryFCM said...

Cheers Manfred. The domain doesn't seem to be resolving at present, but so far, I've only seen phishing activity on these (some previous incarnations led to malware after stealing your details).