[Dshield] Amazon phish site.

Chris Ramsden chris at ramsden.org.uk
Mon Apr 24 12:19:27 GMT 2006


IT wrote:
> Hi All,
> 
> I work for an ISP. Recently we had an issue with an customer's machine. The customer's system was running a site as http://x.x.x.x/amazon/amazon/index.html and we had mails coming from folks in other ISP complaining about this IP address saying as there is a 'phish' site hosted on your network...
> 
> I did some googling and found that there are similar cases repoprted. I'm just trying to understand whether it is a worm/virus activity which plants a 'phish' site on the victim's machine or a hacker systematically compromising systems and putting webservers/spam mail server on the same?
> 
> Has anyone seen similar incidents or has any other info about this?
> 
> thnx
> 
> theetz.  
> 
You may find castlecops' PIRT effort of interest (I'm one of their
handlers). Our mission is to trace reported phish sites and notify the
responsible parties so as to close these sites down. We (PIRT) would be
grateful for the "phish kit", i.e. the set of files used to create the
phish site, as this may help trace the culprits, or at least improve our
understanding of what techniques are being used.

http://castlecops.com/pirt

Chris Ramsden


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.0.385 / Virus Database: 268.4.5/322 - Release Date: 22/04/2006



More information about the list mailing list