[77965] in North American Network Operators' Group
Phishing Name Server?
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Tue Feb 15 15:39:46 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Tue, 15 Feb 2005 20:38:27 GMT
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
The Internet Storm Center [http://isc.sans.org/diary.php] is
reporting that:
"The DNS server 'NS1.SPX2K.com' currently hosts the following
domains CITIFINANCUPDATE.com, SAFE-KEYNET.com, WAMU4U.com,
WAMUCORP.com which appear to be phishing related. The use
of actual 'valid' domains like this opens up the possibility
that they are used with SSL certificates. The whois info for
these domains appears to be fake."
Does anyone have any further information into this?
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or
fergdawg@sbcglobal.net
