No worries - the URLs have been disabled by both tinyurl and is.gd respectively.
What you would've seen had you clicked those URLs is what looks exactly like a Twitter login page. And apparently there are enough people who gawk at the login and automatically both salivate and type at the same time to see if that's them or if somebody wrote about them ...on a blog ...on Twitter :s
The Result
Luckily, it doesn't appear to be anything horribly malicious on the surface. You login to the fake site, they have an auto programming running in the back that logs on to your account and sends everyone following you a DM linking back to the site so they can do it to all of that person's followers. Perhaps there's something hiding under the surface there, but it's more of an annoyance right now.
The Source
When you click those phishing links, you end up on a page with the root domain as kevanshome.org (going there now gives you a Phishing MySpace account.
Figuring this person was at least a little savvy, I wasn't expecting much when I grabbed the WhoIs info, maybe a blocker program at the least. Nope. Here's what I found:
Domain ID:D157042268-LROR
Domain Name:KEVANSHOME.ORG
Created On:06-Sep-2009 07:34:50 UTC
Last Updated On:10-Nov-2009 14:03:03 UTC
Expiration Date:06-Sep-2010 07:34:50 UTC
Sponsoring Registrar:Xin Net Technology Corporation (R118-LROR)
Status:OK
Registrant ID:7kkxo6fmgfrrz7
Registrant Name:Ken Evans
Registrant Organization:Ken Evans
Registrant Street1:Star Street
Registrant Street2:
Registrant Street3:
Registrant City:Shang Hai
Registrant State/Province:Shanghai
Registrant Postal Code:100000
Registrant Country:CN
Registrant Phone:+86.02142552594
Registrant Phone Ext.:
Registrant FAX:+86.02142552594
Registrant FAX Ext.:
Registrant Email:lixing688@gmail.com
Admin ID:7kkxo6fmgfrrz7a
Admin Name:Ken Evans
Admin Organization:Ken Evans
Admin Street1:Star Street
Admin Street2:
Admin Street3:
Admin City:Shang Hai
Admin State/Province:Shanghai
Admin Postal Code:100000
Admin Country:CN
Admin Phone:+86.02142552594
Admin Phone Ext.:
Admin FAX:+86.02142552594
Admin FAX Ext.:
Admin Email:lixing688@gmail.com
Tech ID:7kkxo6fmgfrrz7a
Tech Name:Ken Evans
Tech Organization:Ken Evans
Tech Street1:Star Street
Tech Street2:
Tech Street3:
Tech City:Shang Hai
Tech State/Province:Shanghai
Tech Postal Code:100000
Tech Country:CN
Tech Phone:+86.02142552594
Tech Phone Ext.:
Tech FAX:+86.02142552594
Tech FAX Ext.:
Tech Email:lixing688@gmail.com
Name Server:NS.XINNETDNS.COM
Name Server:NS.XINNET.CN
Name Server:
DNSSEC:Unsigned
So I know about enough to do some minor internet detectiving, but this one's a little out of my depth.
So instead of a full-on expose, this is more of a first-step fact-finding report. I might do something with it, but I know there are people out there much better equipped to dig into the information. Let me know if you find anything!
Posts
No comments:
Post a Comment