Internet Domain Registry

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 21 February 2010

Phishers target Blogger.com accounts

Posted on 13:59 by Unknown
A new phishing campaign came out about two hours ago, this time targeting bloggers who use Google's "blogger.com" and "blogspot" services.

The emails are pretty straightforward:

Subject: Your Blogger Account

Dear Blogger account owner,
To update your Blogger account please click the following link:

http://www.blogger.com/update/VE.php?service=blogger&c=111111111111111111&email=youremail@yourdomain.com.

Thank you for using Blogger.

This is a post-only mailing. Replies to this message are not monitored or answered.


The webpages are of course not actually Blogger, but are phishing sites on ".kr" domains, which have been favored lately by the Avalanche/Zeus group.

http://www.blogger.com.esub.co.kr/update/VE.php?service=blogger
http://www.blogger.com.esub.kr/update/VE.php?service=blogger
http://www.blogger.com.esub.ne.kr/update/VE.php?service=blogger
http://www.blogger.com.esug.co.kr/update/VE.php?service=blogger
http://www.blogger.com.esug.kr/update/VE.php?service=blogger
http://www.blogger.com.esug.ne.kr/update/VE.php?service=blogger
http://www.blogger.com.esuk.kr/update/VE.php?service=blogger
http://www.blogger.com.esuk.ne.kr/update/VE.php?service=blogger
http://www.blogger.com.esuk.or.kr/update/VE.php?service=blogger
http://www.blogger.com.esus.co.kr/update/VE.php?service=blogger
http://www.blogger.com.esus.kr/update/VE.php?service=blogger
http://www.blogger.com.esus.ne.kr/update/VE.php?service=blogger
http://www.blogger.com.esut.co.kr/update/VE.php?service=blogger
http://www.blogger.com.esut.kr/update/VE.php?service=blogger
http://www.blogger.com.esut.ne.kr/update/VE.php?service=blogger


Updated: 22FEB2010 @ 9AM Central time

These are the sites we've seen spammed so far this morning . . .

www.blogger.com.dese.ne.kr
www.blogger.com.desr.co.kr
www.blogger.com.desr.kr
www.blogger.com.desr.or.kr
www.blogger.com.desv.co.kr
www.blogger.com.desv.or.kr
www.blogger.com.erdca.ne.kr
www.blogger.com.erdce.kr
www.blogger.com.erdcq.kr
www.blogger.com.erdcu.kr
www.blogger.com.erdcu.ne.kr
www.blogger.com.esuk.kr
www.blogger.com.zoba.co.kr
www.blogger.com.zoba.kr
www.blogger.com.zoba.or.kr
www.blogger.com.zobv.co.kr
www.blogger.com.zohy.kr
www.blogger.com.zohy.or.kr


The phishing site itself looks like this:



We've seen about 350 copies of this phishing campaign so far, but again, its just started up. Look for more URLs to follow.
Email ThisBlogThis!Share to XShare to Facebook
Posted in phishing | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • From Russia, With Love . . . new Postcard spam spies on your PC
    Isn't it nice to have friends who send you postcards? The UAB Spam Data Mine is especially fortunate in that way. Beginning the evenin...
  • Happy New Year! Here's a Virus! (New Year's Postcard malware)
    I've been busy this week looking at the various defacements (see ComputerWorld , and ABC News ) and other cyber attacks (see yesterday...
  • Top Brands Imitated by Malicious Spam
    WebSense recently released an InfoGraphic titled "Top Five Subject Lines in Phishing Emails." for January 1, 2013 through Septemb...
  • A Dark and STORMy Night
    Just in time for the spookiest night of the year, the Storm botnet recruitment spam switched to a Halloween flavor. On the evening of Octobe...
  • TJX Update: The San Diego Indictments
    As promised, here is the update regarding the eight individuals charged in San Diego in connection with "the TJX bust". There wer...
  • Help stop the Osama bin Laden Videos on Facebook
    If you have teenage friends, or friends with poor security practices, you will probably notice that your wall has recently filled up with in...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...
  • Facebook Safety & Million Member Facebook Groups
    Two of my friends today invited me to join "Million User" facebook groups. Not that it matters really, but the two groups were: P...
  • First 2008 Presidential Spam Campaign?
    Does Ron Paul suddenly have a strong support base among foreign computer owners with strange names and multiple personalities? or is it poss...
  • 70 Romanian Phishers & Fraudsters Arrested
    On March 4th, FBI Director Robert Mueller was given a speech on Cybercrime to the RSA conference where he mentioned that: And we have worke...

Categories

  • china
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • facebook
  • fake av
  • gumblar
  • koobface
  • law enforcement
  • malware
  • pharmaceuticals
  • phishing
  • public policy
  • spam
  • twitter
  • twitter malware
  • waledac
  • zbot

Blog Archive

  • ►  2013 (21)
    • ►  December (4)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ▼  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ▼  February (4)
      • Phishers target Blogger.com accounts
      • What the Bad Guys Know: We'll Click on ANYTHING!
      • Conficker.B Microsoft Warning spam rehashed
      • Minipost: Fake Photo Zeus
    • ►  January (7)
  • ►  2009 (92)
    • ►  December (12)
    • ►  November (11)
    • ►  October (16)
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (6)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ►  2008 (101)
    • ►  December (7)
    • ►  November (17)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (12)
    • ►  June (3)
    • ►  May (7)
    • ►  April (5)
    • ►  March (2)
    • ►  February (1)
    • ►  January (4)
  • ►  2007 (31)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile