...

...

"Craig Box" 30/09/2005 08:52 >>> Just got a phish for BankDirect. The telling part: "

Anyone know what the rights of the Registrar are in this case? Are discountdomains able to just undelegate the domain from the zone? It would solve all the problems within 60 mins. Or is that kind of action only at the DNC's discretion? Mark. -----Original Message----- From: Webmaster [mailto:Webmaster(a)radionz.co.nz] Sent: Friday, 30 September 2005 9:05 a.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Bankdirect phish It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them. It would certainly make it much harder for the phisher. cheers, Richard href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for ; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include _________________________________________________________________ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Webmaster wrote:

It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them.

It would certainly make it much harder for the phisher.

I do this (although not automated), I login a few times with random details, hopefully so when the phisher trys to use the usernames/passwords they end up triggering some alert at the bank.

...

...

"Craig Box" 30/09/2005 08:52 >>> Just got a phish for BankDirect. The telling part: "

Hi, That's really not a bad idea at all. That's basically how the RIAA shut down Kazaa. Also, if the phishers did later try to hit the banks with the usernames and passwords, the banks would immediately notice a vast number of wrong user/passes, and take action (you would hope). Anyone want to donate a large chunk of bandwidth to the cause? :) Erin Salmon Managing Director Unleash Computers Ltd Mobile: 021 877 913 Landline: 03 365 1273 www.unleash.co.nz -----Original Message----- From: Webmaster [mailto:Webmaster(a)radionz.co.nz] Sent: 30 September 2005 9:05 a.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Bankdirect phish It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them. It would certainly make it much harder for the phisher. cheers, Richard href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for ; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include _________________________________________________________________ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog