#31
|
|||
|
|||
Has this issue been resolved, or is it still an issue?
|
#32
|
||||
|
||||
Don't know, Tye. It's been brought to her attention, that's all I know.
__________________
Même si tu es au loin, mon coeur sait que tu es avec moi The Stairway To Nowhere (FREE): http://www.smashwords.com/books/view/8357 The Child of Paradox: http://www.smashwords.com/books/view/27019 The Golden Game: http://www.smashwords.com/books/view/56716 |
#33
|
|||
|
|||
Quote:
|
#34
|
||||
|
||||
Yeah I saw that bulletin awhile back as well I figured maybe someone hacked into her account, really don't see her advertising free ringtones or who ever runs her myspace page. Really don't see what people gain hacking into myspace pages, mines been hacked into like 3 times already, I practically change my password daily now. I guess theres not much we can do until myspace ups its security.
__________________
|
#35
|
|||
|
|||
Thanks for the update.
|
#36
|
|||
|
|||
This has affected many myspaces of my friends, who unfortunately didn't follow my directions and change their passwords. I've done a little research into the roots of this attack, and it involves several websites and several hundred zombie computers in a botnet. This is the architecture of the scheme, as far as I am able to determine through nslookup and whois:
Main domain names for the scam are: fe70ffb.com ringbash.com bonusringer.net ring4free.net ca0dcbe.com (used for phished login page) ns1.2349e44075.com (domain name server for the above) There are a whole lot of other domain names used for name servers also. As best as I can gather, name servers distribute the load by resolving the domain names to any of hundreds of residential broadband addresses, all running Apache httpd to serve the websites. I hypothesize that the servers are all compromised boxes ,since they are dispersed over a wide geographical area. I have port scanned them however, and they're not using any standard back orifice/subseven port. This is a pretty sophisticated and new architecture kind of attack, and I know I've only barely scratched the surface with this. If this helps any network security professionals, awesome. If you come away from this post with absolutely no understanding of the methods whatsoever, then at least understand it's a phishing scam and it is certainly highly illegal. Regards, Chris
__________________
J'ai mangé le parapluie bleu. |
|
|