1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing Attempt To Watch Out For...

Discussion in 'BlackHat Lounge' started by Diabolik, Aug 15, 2008.

  1. Diabolik

    Diabolik Newbie

    Joined:
    Apr 11, 2011
    Messages:
    4
    Likes Received:
    0
    I was sent a link on my MSN from one of my chat contacts that had my MSN ID included in the url and I'm trying to figure out how this scam works...

    The site is imglists.com and all that's on the front is CPA offer that rotates.

    The link I was sent looked like this...

    hXXp://yourmsnhandle.imglists.com

    It's a landing page that has a login and at the top it says "Pics For MSN Friends" and you're supposed to use your MSN password to gain access.

    My friend said he didn't send anything, but he got a similar link from one of his contacts with his MSN ID included...and he logged in thinking it was real.

    So what's happening here behind the scenes? Does it steal your password and contact your friends from the server or does it infect your computer somehow and send to all your friends?

    How does it make money?
     
  2. bhnoobz

    bhnoobz BANNED BANNED

    Joined:
    Jul 26, 2008
    Messages:
    395
    Likes Received:
    107
    lol.
    it doesn't steal your password, it relies on you to enter it. if you're dumb enough to enter it , it probably logs in with your msn ID to the chat servers and spams your contacts.. since msn ids = hotmail/msn addresses, there's lots of reasons for them to grab it. they could be spamming, they could be harvesting contact emails to spam, or they could be looking for all kinds of infoz.
     
  3. Entrepreneur

    Entrepreneur Regular Member

    Joined:
    Oct 12, 2007
    Messages:
    438
    Likes Received:
    379
    There's a similar one doing the rounds on Facebook at the moment. It's hosted on imagehost as an swf which redirects to a fake Facebook looking URL. Here's the link.

    http://img232.imageshack.us/img232/909/fbdr4.swf

    I quite admired this one, as it's super viral. Once they get your details, by being an idiot and entering login details, it logs into your account and posts a message to all your friends saying, "I just found this blog with some really horrible pictures about you. You gotta check this out." then it shows the above link.

    The rest is self explanatory.
     
  4. bhnoobz

    bhnoobz BANNED BANNED

    Joined:
    Jul 26, 2008
    Messages:
    395
    Likes Received:
    107
    why not report that to imageshack? heh.