More Google Adwords Phish Pages

October 12, 2008 - Comment

We’re noticing quite a lot of these appearing in mailboxes at the moment, all .cn and .kr domains. Here’s a few more (that are currently confirmed as live) for your blocklists: adwords.google.com.qsoil.cn/select/Login adwords.google.com.apoim.cn/select/Loginadwords.google.com.kfion.cn/select/Loginadwords.google.com.tverdo.cn/select/Loginadwords.google.com.agrod.cn/select/Login ottoggi.co.kr/bbs/data/schedule/1194604617/redirect.google.comkilsangsa.or.kr/zero/data/buddha/1223246866/https/portal.google.com/www.adwords.google.com/select/Login.htm Unsurprisingly, the .cn domains are all registered to “Mr Gfdthy”, the same individual that owns the mehdo.cn domain. At least one

We’re noticing quite a lot of these appearing in mailboxes at the moment, all .cn and .kr domains. Here’s a few more (that are currently confirmed as live) for your blocklists:

adwords.google.com.qsoil.cn/select/Login
adwords.google.com.apoim.cn/select/Login
adwords.google.com.kfion.cn/select/Login
adwords.google.com.tverdo.cn/select/Login
adwords.google.com.agrod.cn/select/Login

ottoggi.co.kr/bbs/data/schedule/1194604617/redirect.google.com
kilsangsa.or.kr/zero/data/buddha/1223246866/https/portal.google.com/www.adwords.google.com/select/Login.htm

Unsurprisingly, the .cn domains are all registered to “Mr Gfdthy”, the same individual that owns the mehdo.cn domain. At least one of the Korean domains appears to be a legitimate website that’s been hacked and had the phish page uploaded by the hacker, and so might not be part of the “main” campaign that’s currently ongoing.

* Click Here For Link To Original Article Source

If you enjoyed this post, make sure you subscribe to my RSS feed!

Comments

Write a comment

*

This blog is kept spam free by WP-SpamFree.