Jonathan sent me an e-mail earlier, refering a domain involved in phishing. This particular one however, contains several interesting aspects.Most notably, it not only asks for your Facebook credentials, it also leads to what claims to be a legit software developer, and this "legit" developer, is offering a Conduit toolbar, claiming it to be a "Facebook toolbar". msbitsoftware.com is an Israel based firm, and had it not been for this, I'd have likely considered them legit.
Anyway, getting back to it, the first page you see, is veramigos.com, shown top left. This is the page that asks for your Facebook credentials. The "Free Download" for the Facebook toolbar, leads through Google/DoubleClick adverts;
http://googleads.g.doubleclick.net/aclk?sa=l&ai=Bm8b2LU0JS73VDMXcjQeuwqmiDvS7wI0B4u-HyA3AjbcBkIMZEAEYAyDVvtsVOABQ9rTDuAdgu66yg9AKoAGWgMvwA7IBDXZlcmFtaWdvcy5jb226AQozMzZ4MjgwX2FzyAED2gEVaHR0cDovL3ZlcmFtaWdvcy5jb20v4AEDqQK-36UwP6KRPqgDAcgDBegDigPoA-IF9QMAAACE&num=3&sig=AGiWqtzIYQnyLFpaOzrNSxwz4iJgAH1ayg&client=ca-pub-4179032962662895&adurl=http://www.msbitsoftware.com/FacebookToolbar/Google-UK-DownloadToolbar.htm%3Fdp%3D40011120068_33a_add%2520msn%2520toolbar_veramigos.com&nm=11
Which leads you to;
http://www.msbitsoftware.com/FacebookToolbar/Google-UK-DownloadToolbar.htm?dp=40011120069_72a_msn%20messenger%20toolbar_veramigos.com
This page leads to;
http://facebooktbtoolbar.ourtoolbar.com/exe
VirusTotal Analysis
http://www.virustotal.com/analisis/ff43cc83b428708fca9698025ce9ec40f370071a8513830aecd5a3e511a22b31-1258901559
Stats:
Host: veramigos.com
Current IP*: 69.175.60.242
IP PTR: server.veramigos.com
ASN: 32475 69.175.0.0/17 SINGLEHOP-INC - SingleHop
Host: msbitsoftware.com
Current IP*: 208.112.108.80
IP PTR: trunghocpleiku.com
ASN: 20021 208.112.0.0/17 LNH-INC - HostMySite
Referred to: whois.dattatec.com
By: whois.internic.net
Datttatec.com - Registration Service Provided By: Dattatec.com
Contact: +54 341 599000
Email: dominios@dattatec.com
Website: http://www.dattatec.com
Domain name: veramigos.com
Creation Date: 2009-10-14
Expiration Date: 2010-10-14
Status(es):
OK
Domain Name servers(es):
ns1.veramigos.com
ns2.veramigos.com
Registrant conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Admin conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Billing conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Tech conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
By: whois.internic.net
Datttatec.com - Registration Service Provided By: Dattatec.com
Contact: +54 341 599000
Email: dominios@dattatec.com
Website: http://www.dattatec.com
Domain name: veramigos.com
Creation Date: 2009-10-14
Expiration Date: 2010-10-14
Status(es):
OK
Domain Name servers(es):
ns1.veramigos.com
ns2.veramigos.com
Registrant conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Admin conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Billing conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Tech conatct:
Name: Ezequiel Martinez
Company: Ezequiel Martinez
Email: ezekiel.anibal.martinez@gmail.com
Address: Billingurst 1039
AR - Capital Federal ( zip: 1175 )
Phone : 54 - 1147776537
Referred to: whois.tucows.com
By: whois.internic.net
Registrant:
MSBit Ltd.
7 Ha'Sadna St. P.O.B 2416
Ra'anana, NA 43650
IL
Domain name: MSBITSOFTWARE.COM
Administrative Contact:
Comfort, Ofer info@msbitsoftware.com
7 Ha'Sadna St. P.O.B 2416
Ra'anana, NA 43650
IL
+972.97486785 Fax: +972.97486786
Technical Contact:
Support, Technical support@hostmysite.com
260 Chapman Road
Suite 205
Newark, DE 19702
US
+1.3027314948 Fax: +1.0
Registrar of Record: TUCOWS, INC.
Record last updated on 24-Oct-2009.
Record expires on 23-Oct-2010.
Record created on 23-Oct-2006.
Registrar Domain Name Help Center:
http://domainhelp.tucows.com
Domain servers in listed order:
NS3.LNHI.NET
NS1.LNHI.NET
NS2.LNHI.NET
Domain status: ok
By: whois.internic.net
Registrant:
MSBit Ltd.
7 Ha'Sadna St. P.O.B 2416
Ra'anana, NA 43650
IL
Domain name: MSBITSOFTWARE.COM
Administrative Contact:
Comfort, Ofer info@msbitsoftware.com
7 Ha'Sadna St. P.O.B 2416
Ra'anana, NA 43650
IL
+972.97486785 Fax: +972.97486786
Technical Contact:
Support, Technical support@hostmysite.com
260 Chapman Road
Suite 205
Newark, DE 19702
US
+1.3027314948 Fax: +1.0
Registrar of Record: TUCOWS, INC.
Record last updated on 24-Oct-2009.
Record expires on 23-Oct-2010.
Record created on 23-Oct-2006.
Registrar Domain Name Help Center:
http://domainhelp.tucows.com
Domain servers in listed order:
NS3.LNHI.NET
NS1.LNHI.NET
NS2.LNHI.NET
Domain status: ok
Posts
1 comment:
M.S.Bit Ltd. Official response:
M.S.Bit Ltd. is a legit software development company, located and registered legally in Israel, http://www.msbitsoftware.com and in no way, directly and indirectly, has something to do with phishing of any kind.
The ad in issue, was indeed advertised under the veramigos.com domain, but seems to be mistakenly merged with internal veramigos.com advertising, which requires personal details in Spanish (as shown in the screen shot).
M.S.Bit Ltd. has developed a legit toolbar for all Facebook fans, based on world leader toolbar framework provider, Conduit Ltd.
The toolbar is totally legit and registered as a valid Facebook application: Facebook Fans Toolbar (All-In-One Toolbar).
Other then Facebook credentials, which are obligatory for any interaction with Facebook API (and are only stored locally on the client machine, as any other browser cookie), the toolbar does not require any personal information.
In addition, in order to avoid any misunderstandings, we have decided to permanently remove all advertizing material from veramigos.com domain.
Please feel free to contact us at any time for further information regarding Facebook Fans Toolbar: Email – info@msbitsoftware.com, Phone – 972 9 7486785
Post a Comment