So here is a new attack vector I have not seen before. Just received an unsolicited txtmsg from message text was:
Madeline said you would really want to see that site.
The problem here is that I do not know anyone from nor do I personally know anyone named Madeline. What if I did? I still probably would not rush on over to the listed site, but some of us unwary victims might. What I did do is pull out and to do some investigation on the domains listed. whois lookup results for

This lead to a quick whois for which follows:
Interesting non response from Network Solutions but not much else. Well before we move on to DNS searches lets check for Uh-oh we either have something phishy going on here or is flaking out. Let's check another whois provider ""
Hmm... more non-results wonder why is refusing our requests, probably not a reputable operator at any rate. Let's move on to NetCraft and see what we can findout there.
Neither nor had hits under, did have two hits as seen below:
So what do we know about our target domains at present. We know there is likely something up that is not reputable, why?
First, a reputable company or friend wouldn't send an unsolicited txtmsg to your phone. Second, basic whois lookups did not provide us with any of the normal information that we would expect to find from a reputable company. Finally, our basic DNS search queries at similarly found little to no results.
Curiosity is now killing the cat and that is what a malicious phishing scam is preying on.
Fortunately I have an Isolated, Security Hardened, VM partition to use for just this sort of research and I can with reasonable safety navigate to these domains.
(Note: do not try this at home if you value your personally identifiable information, leave research to knowledgeable, experienced professionals).
So just what is to be found at
Oh Noes, you've been pwned! Looks like may have had himself or herself a bad day. Someone has used his/her email account to send some mischief it appears. Why do I think this to be true - because on the surface (and that is as deep as I am going with this), appears to be a home users website with pictures of their children that are fortunately not pornographic in nature - otherwise I would immediately be reporting this to authorities.
OK so far so good, now what about this, what is going on there?
Held my breath when I hit to go button on this one, phew looks like a phishing scheme based on Viagra and other such drug sales. I have had enough and wasted enough time with this little ditty - my curiosity got the better of me and even though I did a bit more research that most of you would have done - I still clicked the link knowing it was not going to take me to anything of value.
That is the basic point of this post - when it comes to the Internet being curious is a good thing for ferreting out research with reputable websites and corporations, but if you have never heard of it before, it probably doesn't lead down the yellow brick road and might just land you in the witch's tower.
-- Aurora Report says Be safe out there.
No comments:
Post a Comment