Re: [Phish] Ebay phishers are getting smarter

Author	All Replies
Snowy mIRC unix.ro UnderNet Premium join:2003-04-05 Kailua, HI kudos:6 Reviews: ·RoadRunner Cable ·Clearwire Wireless	reply to Worried Re: [Phish] Ebay phishers are getting smarter said by Worried : I do have up to date Webroot antivirus, but was wondering if I should get my computer checked out? The only way to be sure is to go through the motions at DSLR's Security Cleanup forum located here. »Security Cleanup My opinion is that the site was setup or hacked too act as a typical eBay phish, not a malware server. Everything points that way. A newly registered domain name with possibly fraudulent domain registration, eBay phish content, possible Romanian involvement all point towards just another eBay phish rather than malware installations. It was registered on Nov 20, 2012 with the following whois "Registrant: Valentin Mihai Foarcea Tacoescu #27 Dragasani, N/A 245700 RO Domain name: VALI-LEAKS.COM Administrative Contact: Mihai Foarcea, Valentin vali.foarcea@gmail.com Tacoescu #27 Dragasani, N/A 245700 RO +1.4073323605x1 Technical Contact: Administrator, System hostmaster@lunarpages.com 1360 N. Hancock St. Anaheim, CA 92807 US +1.7145218150 Registrar of Record: TUCOWS, INC. Record last updated on 20-Nov-2012. Record expires on 20-Nov-2013. Record created on 20-Nov-2012. Registrar Domain Name Help Center: »tucowsdomains.com Domain servers in listed order: NS1.VALI-LEAKS.COM 64.50.180.41 NS2.VALI-LEAKS.COM 64.50.180.42" said by Worried : What happened to you? Not really directed at me but I did visit the site while it was still up & didn't notice anything related to malware.
	to forum · permalink · 2012-11-30 23:49:31 ·
Worried @shawcable.net	So are most phishing sites not associated with key logger malware? Am I (hopefully) worrying over nothing?
Worried @shawcable.net	to forum · permalink · 2012-12-01 05:37:46 ·
Snowy mIRC unix.ro UnderNet Premium join:2003-04-05 Kailua, HI kudos:6 Reviews: ·RoadRunner Cable ·Clearwire Wireless	said by Worried : So are most phishing sites not associated with key logger malware? The short answer is yes, most phishing sites are not associated with malware. There’s a lot behind that but briefly, the miscreants behind phish sites & malware servers usually engage in one or the other type of activity with little crossover. Serving phish content & malware simultaneously on the same URL is something seen very rarely & when it is seen is the result of 2 unrelated miscreants hacking the same server around the same time with each doing their own thing independent of each other. I don't believe that happened here. The activity in this thread indicates this phish was well organized & executed by a professional engaged in phish activity. Toss in a probable Romanian connection & it becomes more convincing that phish was the order for the day because Romanians involved in cybercrime are overwhelmingly involved with phish content vs malware content although they do exist. said by Worried : Am I (hopefully) worrying over nothing? I wouldn't take it to the point of not worrying about anything but worrying about having a KL or some other driveby installed via this event are slim to nonexistent, IMO
	to forum · permalink · 2012-12-01 13:27:10 ·

Broadband Tech > Security > Scam and Phishbusters > [Phish] Ebay phishers are getting smarter