Phishing & BotNets
Bausch & Lomb Phishing attack? May 17 2006 08:40PM
Jigme Thubten (jigme thubten gmail com) (1 replies)
Re: Bausch & Lomb Phishing attack? May 17 2006 10:43PM
Carl Jongsma (info skiifwrald com)
Hi all,

The B&L possible phish actually looks more like a case of mistaken
identity, or at least is something which might be coming down the
line from B&L. The text of the email certainly sounds 'phishy' and
'spammy':

'...probably hate buying over priced solution too...'

Although the site provided is a little more interesting:

http://64.34.176.24/mp/form.php

Looking at the actual HTML, the page seems fairly well written
(something that many phishes still can't grasp), and all images are
stored locally - not dragged from B&L's site. The page also posts
back to itself, rather than an offsite location. Thus far, the only
odd thing about it is the IP address and that it asks for personal
information.

When a reverse DNS lookup is conducted on the IP address, it shows
that it belongs to bl.digitalpulp.com. The bl.*.com is an
interesting sign - I would suggest that bl represents B&L. Looking
at Digital Pulp's main site, it appears that B&L are clients of the
marketing firm. Bingo! I would suggest that the site forwarded in
the email is actually a mockup that has been created for B&L to
review, prior to establishing a page on their main site for a future
offer to help rebuild public confidence and their image. It is also
a possibility that Digital Pulp have been compromised and are
unwilling participants, but I will give them the benefit of the doubt
in this case.

I think this addresses what is most likely the case here. Why the
mockup is open for the world to view is another question, but it
certainly does not appear malicious.

Sincerely,

Carl Jongsma
info (at) beskerming (dot) com [email concealed]
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: 0410 707 444 / 08 8283 1154

Jongsma & Jongsma Pty. Ltd.

Established in mid 2004, Jongsma & Jongsma Pty. Ltd. is a pure
Research and Development company focussing on advanced software and
hardware concepts. Since inception, Jongsma & Jongsma Pty. Ltd. has
already developed software tools for advanced user and security
management in web applications, complete data protection, and
effective phishing defences for financial companies.

Sûnnet Beskerming Pty. Ltd.

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus