Saturday, January 17, 2009

Unsolicited TXTMSG on my Phone

-

So here is a new attack vector I have not seen before. Just received an unsolicited txtmsg from rogers@ackisland.com. message text was:

rogers@ackisland.com
(favecute.com)
Madeline said you would really want to see that site.

The problem here is that I do not know anyone from ackisland.com nor do I personally know anyone named Madeline. What if I did? I still probably would not rush on over to the listed site, but some of us unwary victims might. What I did do is pull out Samspade.org and Netcraft.com to do some investigation on the domains listed.

Samspade.org whois lookup results for ackisland.com


This lead to a quick Samspade.com whois for computerassistanceservices.com which follows:

Interesting non response from Network Solutions but not much else. Well before we move on to NetCraft.com DNS searches lets check SamSpade.org for favecute.com. Uh-oh we either have something phishy going on here or SamSpade.org is flaking out. Let's check another whois provider "whois.org"

Hmm... more non-results wonder why whois.paycenter.com.cn is refusing our requests, probably not a reputable operator at any rate. Let's move on to NetCraft and see what we can findout there.
Neither ackisland.com nor favecute.com had hits under SearchDNS.NetCraft.com, paycenter.com.cn did have two hits as seen below:
So what do we know about our target domains at present. We know there is likely something up that is not reputable, why?
First, a reputable company or friend wouldn't send an unsolicited txtmsg to your phone. Second, basic whois lookups did not provide us with any of the normal information that we would expect to find from a reputable company. Finally, our basic DNS search queries at NetCraft.com similarly found little to no results.
Curiosity is now killing the cat and that is what a malicious phishing scam is preying on.
Fortunately I have an Isolated, Security Hardened, VM partition to use for just this sort of research and I can with reasonable safety navigate to these domains.
(Note: do not try this at home if you value your personally identifiable information, leave research to knowledgeable, experienced professionals).
So just what is to be found at http://ackisland.com/
Oh Noes, you've been pwned! Looks like rogers@ackisland.com may have had himself or herself a bad day. Someone has used his/her email account to send some mischief it appears. Why do I think this to be true - because on the surface (and that is as deep as I am going with this), ackisland.com appears to be a home users website with pictures of their children that are fortunately not pornographic in nature - otherwise I would immediately be reporting this to authorities.

OK so far so good, now what about this favecute.com, what is going on there?
Held my breath when I hit to go button on this one, phew looks like a phishing scheme based on Viagra and other such drug sales. I have had enough and wasted enough time with this little ditty - my curiosity got the better of me and even though I did a bit more research that most of you would have done - I still clicked the link knowing it was not going to take me to anything of value.

That is the basic point of this post - when it comes to the Internet being curious is a good thing for ferreting out research with reputable websites and corporations, but if you have never heard of it before, it probably doesn't lead down the yellow brick road and might just land you in the witch's tower.

-- Aurora Report says Be safe out there.

No comments:

Post a Comment

My Blog List