Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
Powered by Disqus
Malware

Hackers attempt to dupe NetRegistry customers

  • Email a Friend
  • Print Page
Hackers attempt to dupe NetRegistry customers
Related Articles
By Brett Winterford
Mar 15, 2010 12:31 PM | 4 Comments
Tags: NetRegistry | phishing | malware | Brazil | social | engineering
Attackers try to open new accounts.

Scammers using a Brazilian domain name have targeted customers of large Australian domain name and hosting company NetRegistry, seeking usernames and passwords in order to launch new malware attacks.

NetRegistry, which lays claim to being Australia's largest domain name registrar and second largest web host, today warned its customers to ignore emails being sent from the domain coras.com.br with the subject line Please Update.

The offending message asks that NetRegistry subscribers provide their username and password in order to "verify a subscriber's profile" - and warns that failure to do so would "render your email address deactivated" [see full message below].

NetRegistry CEO Larry Bloch told iTnews he was not aware of any customers being affected as yet, but has his technical team monitoring services for any abnormal behaviour.

"There has been a little bit of an uptick in phishing scams targeting non-financial accounts," he said. "By that I mean that giving over your username and password won't necessarily give the hacker any financial gain, but they may use that account to upload malware on existing accounts or use it in conjunction with stolen credit card details to set up new accounts and spawn other nefarious scams," he said.

The challenge for NetRegistry is to identify compromised accounts, he said. This may become apparent, he said, should a single source (IP address) attempt to log-in to multiple accounts, which is unusual behaviour.

Bloch said NetRegistry won't be asking subscribers to update their security credentials until it is sure such a measure is absolutely necessary. "In all cases we have to find that balance between customer security and convenience," he said.

"In this case the best defence is the common sense of customers."

The phishing scam:

Subject: Please Update
From: Netregistry Account Billing support <fjbortolim@coras.com.br>
Date: Sun, 14 Mar 2010 23:18:16 +1100

Dear Netregistry  Subscriber, We are currently verifying our subscribers Profile in order to increase the Efficiency of our mail features.

Due to the congestion in all Profile users and removal of all unused Account, Netregistry  Will be shutting down all unused Profile,

To Join in the Recent Upgrade Taking Place at Netregistry ,You must Reply to this email by Confirming your account details below,

UserName:

Password:

Failure to do this will immediately render your email address deactivated from our database.

Thanks for using Netregistry !

We are sorry for any inconvenience.

Regards,
Netregistry  Customer Care Team.

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 4
We should have a public flogging of hackers every day they will soon get the message, the problem is the authorities don't care and don't take this stuff seriously.
SC Magazine - comments icon Posted by DavidMar 15, 2010 12:54 PM
Public floggings? Really? Drunk drivers kill thousands of people every year. Drug dealers cause deaths. Rapists torment and emotionally scar little girls on a daily basis, and you think the authorities should be focusing on hackers in Brazil who can't use proper grammar in their phishing attacks? Are you on crack? These kind of scams originated long before the advent of the Internet. This is typical stuff. If people would realize that the Internet is not a playground there strictly for their personal amusement we wouldn't have these problems. You can't be bothered to learn practical security measures so your only recourse is to suggest the public beatings of people you don't know and will never meet. And, by the way, get your terminology straight. The term you are looking for is cracker, otherwise known as a computer coder with malicious intent. Hackers are the people keeping your uninformed rear safe while you traverse the "interwebs". You know.. the ones who made that little antivirus product you're so proud of. So next time, think before you post this kind of filth. Ok? Thanks.
SC Magazine - comments icon Posted by EndlessNamelessMar 15, 2010 6:55 PM
EndlessNameless <-- w00t!!
SC Magazine - comments icon Posted by FairyTailMar 17, 2010 6:52 AM
The claim listed above that NetRegistry CEO Larry Bloch said - and I quote "giving over your username and password won't necessarily give the hacker any financial gain". dah ???? The man has no idea what he's talking about. Once a hacker has password access to the domain interface at NetRegistry it would be a simple process to take over the DNS - redirect the banks users to a proxy server the then forwarded all transactions to the real financial institutions website. You could collect a lot of useful financial information - and if you were a malicious kid you could empty out all their customers banks accounts or transfer monies between customers. A real mess and customer service nightmare. A crook would quickly figure out a way to take advantage of that and empty out some bank accounts in the crooks favor. The actual collection of data required to cause havoc or steal money could be done in a few hours. The bank would probably not even notice it had happened. It's pretty serious when someone has the username and password to your DNS.
SC Magazine - comments icon Posted by Joe BaptistaMar 18, 2010 12:39 PM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Comments have been disabled on this article.
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
aisa android anti apple art of war bank botnet credentials cybersecurity development dominated google gumblar hacker injections ios malware microsoft phishing social