[Dshield] Fake Yahoo Email - Too good looking
Johannes B. Ullrich
jullrich at sans.org
Tue Jan 20 05:04:43 GMT 2004
Site is now shut down. Thanks Mark!
We got a bunch of replies from anti virus software
to the prior message. I removed the offending character
from this message.
While it is good that Anit-Virus software catches these
URLs, please DO NOT configure your software to reply to
email that appears to be infected.
> I pulled an ARIN lookup on the IP and found it to be
> in Korea : KIDC-INFRA-SERVERHOSTING-INEMPIRE
> I have reported this to Yahoo's Security Team. I've
> seen many fakes, but this one I'm sure will catch many
> non-experienced users off-gaurd.
> Happy hunting
> Actual Email
> Dear Yahoo! User,
> We encountered a billing error when attempting to
> renew your Yahoo! service. This type of error usually
> indicates that either the credit card you have on file
> has expired or that the billing address we have is not
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040120/e1078806/attachment.bin
More information about the list