We’re noticing quite a lot of these appearing in mailboxes at the moment, all .cn and .kr domains. Here’s a few more (that are currently confirmed as live) for your blocklists:
adwords.google.com.qsoil.cn/select/Login
adwords.google.com.apoim.cn/select/Login
adwords.google.com.kfion.cn/select/Login
adwords.google.com.tverdo.cn/select/Login
adwords.google.com.agrod.cn/select/Login
ottoggi.co.kr/bbs/data/schedule/1194604617/redirect.google.com
kilsangsa.or.kr/zero/data/buddha/1223246866/https/portal.google.com/www.adwords.google.com/select/Login.htm
Unsurprisingly, the .cn domains are all registered to “Mr Gfdthy”, the same individual that owns the mehdo.cn domain. At least one of the Korean domains appears to be a legitimate website that’s been hacked and had the phish page uploaded by the hacker, and so might not be part of the “main” campaign that’s currently ongoing.
* Click Here For Link To Original Article Source
Time to clear out the mailbox – wait, what’s this?
That’s interesting, considering I don’t have an AdWords account.
Click to Enlarge
Of course, if I did have an account I might be tempted by their fake website:
Click to Enlarge
As fake websites go, it’s quite pretty (but that’s more down to Google than the scammers).
Steer clear of this website:
adwords.google.com.mehdo.cn/select/Login/
The Whois details are unsurprisingly useless:
The Administrative EMail is apparently used for another 320 domains, which is probably not a good sign…
* Click Here For Link To Original Article Source
Ever wondered how people put together huge wordlists made up of things like Usernames from forums as part of their cracking arsenal? Here’s a program that does just that. Simply select the kind of forum you want to leech from (vBulletin, IPB or phpBB), enter the details of the target forum and fire up this thing:
The program will take the required amount of usernames from the forum, and the hacker is then able to integrate those usernames into an increasingly large dictionary for their cracking tools.
Anyone remember when this sort of thing used to take a while?
No, me neither…
* Click Here For Link To Original Article Source
Here’s a fake “Habbo Hotel” Login frontend, designed to be combined with an infection file of choice then sent to an unsuspecting user:
If you’re a Habbo Hotel user and see this appear in your mailbox (or a “friend” offers you it on a forum), just say no. It’s highly likely it’ll come with an unpleasant surprise…
* Click Here For Link To Original Article Source
