viernes, 4 de septiembre de 2015

Threat Target: Security Researchers

Several of our researchers received these LinkedIn invitations themselves with a fake recruiter profiles, someone is doing a mapping about Security researchers; I wondered who would want to attack these people, some days ago I received a fake email from fake accounts he pointed to phishing sites, ask me: this will be related, I said sure if someone is mapping overall security researchers accounts then let them phishing, but it is strange this must be analyzed more thoroughly, I did that deep down there is something that smells worse.


Jennifer White Fake Profile


Lea David Fake Invitation


List Fake Profiles


Fake Customer Message

Fake Customer Message for do Phishing

Phishing Site

The WhoIs about this Phishing host:

Domain Name: TNCPKHARGONE.COM
Registry Domain ID: 1832762529_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-10-28T06:56:32Z
Creation Date: 2013-10-28T06:55:31Z
Registrar Registration Expiration Date: 2015-10-28T06:55:31Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited

Registry Registrant ID: 
Registrant Name: Mayank Shah
Registrant Street: hemkunt colony
Registrant City: Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 10027
Registrant Country: India
Registrant Phone: 011462011
Registrant Email: mayankshah1986@hotmail.com

Registry Admin ID: 
Admin Name: Mayank Shah
Admin Street: hemkunt colony
Admin City: Delhi
Admin State/Province: Delhi
Admin Postal Code: 10027
Admin Country: India
Admin Phone: 011462011
Admin Email: mayankshah1986@hotmail.com

Registry Tech ID: 
Tech Name: Mayank Shah
Tech Street: hemkunt colony
Tech City: Delhi
Tech State/Province: Delhi
Tech Postal Code: 10027
Tech Country: India
Tech Phone: 011462011
Tech Email: mayankshah1986@hotmail.com

Well ask to Google: https://goo.gl/MV0yHr 

And google shows an list online pharmacy and Hindu things = Phishing

And do a reverse WhoIs: http://goo.gl/P4Rvkx and this say me, this guy buy other 17 domains, maybe for phishing too.

Google Plus Profile

Facebook Profile

LinkedIn Profile

Phishing Site Scan Report

The next step, puts on contact with GoDaddy.com Abuse email abuse@godaddy.com and catch this stupid guy, good luck idiot ;)

Virus Total Report: https://goo.gl/NnJN3E

Source Article: https://labsblog.f-secure.com

2 comentarios: