Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 3 February 2009

Phishing: .gif not just for graphics

I've seen millions of phishing scams, and they've almost always had one thing in common - they pointed to or /phish/file.html etc. Today however, I saw something new (to me at least), the phishing link pointed to a .gif file;

a.gif however, isn't what it actually appears to be. All the phisher has done is configure the server to serve .gif files as it would a .html;

vURL Desktop Edition v0.3.7 Results
Source code for:
Server IP: [ ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: TeMerc Internet Countermeasures (US)
Date: 03 February 2009
Time: 15:52:23:52
<meta http-equiv="REFRESH"

This phish is also valid as;

The headers for this e-mail show it was sent through either an open, or compromised mail server at; (IP:

Both and have been notified.

No comments: