Websense.com / Security Labs / Blogs / Multi-hack...defaced site hosting Phish.

Blog

Multi-hack...defaced site hosting Phish.

01.04.2007 - 10:27 AM

SEARCH BLOG

Subscribe to this feed »

January 2007

01/26/2007	Company Information Leakage and Web Search »
01/23/2007	What's In A Link »
01/12/2007	New MySpace Phish using CSS. »
01/04/2007	Multi-hack...defaced site hosting Phish. »
01/02/2007	MOTW: "Skype" Trojan Analysis »

Archive
+ December 2006
+ November 2006
+ October 2006
+ September 2006
+ August 2006

Today we received the below email in one of our mail honeypots. The mail basically informs the user they have one "secure message" and that they need to click on the URL in order to access the message. Upon accessing the site they are redirected to a Phishing page that requests information for their bank. Nothing really interesting there. What is somewhat interesting is that the main page of the site was defaced by a well-known Turkish hacking group. Although there is a chance that Phishers are tracking defaced sites and using them for their own purposes, more likely they simply used a similar tool to detect a vulnerable site and uploaded their content there.

We sometimes have people ask what the harm is in classifying defaced websites as potentially malicious and this qualifies the reason to prevent access to sites that have been defaced.

Email Lure:

Phishing Site:

Main sites front landing page:

Bookmark This Post:

Post a Comment:

Security Labs

STAY ALERT!

Blog

SEARCH BLOG