Attn: Domain Notice – Atac de tip phishing

Se raspandeste un atac de tip phishing destul de interesant, desi nu este atat de nou. Email-ul are subiectul “Attn: Domain ****** Notice“. In locul stelutelor apare denumirea unui domeniu web pe care cel care primeste email-ul il detine cu adevarat.

Mesajul pretinde ca indexarea site-ului tau in motoarele de cautare este in pericol si trebuie sa platesti o suma de 75$ pentru a prelungi indexarea.
Bineinteles, pentru cei ce nu stiu deja, indexarea intr-un motor de cautare (Google, Bing etc) este absolut GRATUITA si nimeni nu-ti va cere bani pentru asta…nimeni, cu exceptia unor atacatori ca acestia.

Iata ce scrie in mesaj:

Expiration Notice

Don’t miss out on this offer which includes search engine submission for *****.BIZ for 12 months. There is no obligation to pay for this order unless you complete your payment by May 4, 2013. Our services provide submission and search engine ranking for domain owners. This offer for submission services is not required to renew your domain registration.
Failure to complete your search engine registration by May 4, 2013 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).

expiration notice

Dand click oriunde pe link-urile subliniate sunteti directionati spre http://securetrans20953.com/refund, unde scopul final al celor care propaga acest spam este sa-ti fure o suma de bani de pe card.

iglobal merchant service

Site-ul pretinde ca este alt domeniu de fapt si anume iglobalmerchantservice.com si pentru autenticitate afiseaza un log cu “Verified by VISA” si o descriere:

WELCOME TO IGLOBAL CONSUMER SUPPORT

iGlobal was created to serve the needs of consumers looking for a fast, safe and convenient way to purchase online services. iGlobal has been a trusted payment processor since 2004, processing millions of online transactions each year and earning its reputation as a leader in the industry.

If you have a transaction on your billing statement that refers to www.iglobalmerchantservice.com, you have purchased a subscription from a web site that uses iGlobal for its billing services.

Conform whois.net, numele si detaliile celui care au inregistrat acest domeniu fals sunt:
Moniker Privacy Services SECURETRANS20953.COM@monikerprivacy.net, Moniker Privacy Services, 1800 SW 1st Avenue, Suite 440, Portland, OR, 97201, US. Este foarte probabil ca informatia este falsa, insa cert este ca trebuie sa fiti atenti la cerintele email-urilor primite si NU dati nimanui bani sau datele cardului vostru de buna voie.
In cazul in care aveti dubii, trimiteti email-ul spre analiza catre faravirusicom@gmail.com.

Multumesc lui Farcas Gelu Danut pentru atentionare!

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

2 responses to “Attn: Domain Notice – Atac de tip phishing”

  1. C@t@lin C

    Site infectat blocad the Eset Nod 32 4/21/2013 9:42:11 PM http://d.addelive.com/widget/render/hash/eec4b47b89ed52d7957c383ca9382bfc Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home
    4/21/2013 9:42:10 PM http://d.addelive.com/widget/render/hash/50195490978b0466037aef5af0681265 Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home
    4/21/2013 9:40:20 PM http://d.addelive.com/widget/render/hash/eec4b47b89ed52d7957c383ca9382bfc Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home
    4/21/2013 9:40:20 PM http://d.addelive.com/widget/render/hash/50195490978b0466037aef5af0681265 Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home
    4/18/2013 9:02:03 PM http://d.addelive.com/widget/render/hash/eec4b47b89ed52d7957c383ca9382bfc Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home
    4/18/2013 9:02:03 PM http://d.addelive.com/widget/render/hash/50195490978b0466037aef5af0681265 Blocked by PUA blacklist C:\Program Files\Opera\opera.exe Home-PC\Home

  2. Iulian

    Cred ca se urmareste ceva la nivel global stiu ca prin vara -toamna si Goaddy a avut astfel de probleme, deci ceva,ceva este ma mjiloc.
    Ma indoiesc ca e un banal atac, nu stiu de ce dar parca in 2013 se pare ca fenomenul de hacking s-a accentuat, oare exagerez?

Leave a Reply