Re: [nznog] Bankdirect phish
"Craig Box" <Craig(a)itpartners.co.nz> 30/09/2005 08:52 >>> Just got a phish for BankDirect. The telling part: "<a
It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them. It would certainly make it much harder for the phisher. cheers, Richard href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for <craig(a)itpartners.co.nz>; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts <accounts(a)bankdirect.co.nz> X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig <craig(a)itpartners.co.nz> Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include <standard-disclaimer.h> _________________________________________________________________ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
"Craig Box" <Craig(a)itpartners.co.nz> 30/09/2005 08:52 >>> Just got a phish for BankDirect. The telling part: "<a
Anyone know what the rights of the Registrar are in this case? Are discountdomains able to just undelegate the domain from the zone? It would solve all the problems within 60 mins. Or is that kind of action only at the DNC's discretion? Mark. -----Original Message----- From: Webmaster [mailto:Webmaster(a)radionz.co.nz] Sent: Friday, 30 September 2005 9:05 a.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Bankdirect phish It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them. It would certainly make it much harder for the phisher. cheers, Richard href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for <craig(a)itpartners.co.nz>; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts <accounts(a)bankdirect.co.nz> X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig <craig(a)itpartners.co.nz> Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include <standard-disclaimer.h> _________________________________________________________________ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Mark Karena wrote:
Anyone know what the rights of the Registrar are in this case? Are discountdomains able to just undelegate the domain from the zone? It would solve all the problems within 60 mins. Or is that kind of action only at the DNC's discretion?
Mark.
Discountdomains can set delegated to 0, that'd take the site down at the next zone build. James.
On Fri, 30 Sep 2005, James Clark wrote:
Mark Karena wrote:
Anyone know what the rights of the Registrar are in this case? Are discountdomains able to just undelegate the domain from the zone? It would solve all the problems within 60 mins. Or is that kind of action only at the DNC's discretion?
Discountdomains can set delegated to 0, that'd take the site down at the next zone build.
Domain appears to have been cancelled. I guess that's an indication of the responsiveness of the registrar to the number of calls they received regarding this domain? query_datetime: 2005-09-30T09:39:16+12:00 domain_name: bankdlrect.co.nz query_status: 210 PendingRelease domain_dateregistered: 2005-09-23T12:04:12+12:00 domain_datebilleduntil: 2006-09-23T12:04:12+12:00 domain_datelastmodified: 2005-09-30T09:30:45+12:00 domain_datecancelled: 2005-09-30T09:30:45+12:00 domain_delegaterequested: yes Has anyone informed bankdirect of the phish? regards lin
"Craig Box" <Craig(a)itpartners.co.nz> 30/09/2005 08:52 >>> Just got a phish for BankDirect. The telling part: "<a
Hi, That's really not a bad idea at all. That's basically how the RIAA shut down Kazaa. Also, if the phishers did later try to hit the banks with the usernames and passwords, the banks would immediately notice a vast number of wrong user/passes, and take action (you would hope). Anyone want to donate a large chunk of bandwidth to the cause? :) Erin Salmon Managing Director Unleash Computers Ltd Mobile: 021 877 913 Landline: 03 365 1273 www.unleash.co.nz -----Original Message----- From: Webmaster [mailto:Webmaster(a)radionz.co.nz] Sent: 30 September 2005 9:05 a.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Bankdirect phish It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them. It would certainly make it much harder for the phisher. cheers, Richard href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for <craig(a)itpartners.co.nz>; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts <accounts(a)bankdirect.co.nz> X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig <craig(a)itpartners.co.nz> Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include <standard-disclaimer.h> _________________________________________________________________ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On 09/30/05 09:11, Erin Salmon - Unleash Computers Ltd wrote:
Anyone want to donate a large chunk of bandwidth to the cause?
Presumably if they've gone to the trouble of replicating the bank interface, they are also logging client IP addresses along with the u/p and can then ignore obvious flooders. I do suggest everyone throw ONE random login at the site though - much harder to spot.
Already way ahead of you :) - Richard On 30/09/2005, at 9:30 AM, Zach Bagnall wrote:
On 09/30/05 09:11, Erin Salmon - Unleash Computers Ltd wrote:
Anyone want to donate a large chunk of bandwidth to the cause?
Presumably if they've gone to the trouble of replicating the bank interface, they are also logging client IP addresses along with the u/p and can then ignore obvious flooders. I do suggest everyone throw ONE random login at the site though - much harder to spot. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Webmaster wrote:
It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them.
It would certainly make it much harder for the phisher.
I do this (although not automated), I login a few times with random details, hopefully so when the phisher trys to use the usernames/passwords they end up triggering some alert at the bank.
Hi, It wouldn't be hard to hit these guys with a million bogus logins over a few days with a little script and a 10Mbit connection. Any sponsors? :) Erin Salmon Managing Director Unleash Computers Ltd Mobile: 021 877 913 Landline: 03 365 1273 www.unleash.co.nz -----Original Message----- From: Perry Lorier [mailto:perry(a)coders.net] Sent: 30 September 2005 9:11 a.m. Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Bankdirect phish Webmaster wrote:
It has just occured to me that a good way to 'deal' with phishing sites prior to them being shut down might be to have a script that submits random usernames and passwords. Thousands of them.
It would certainly make it much harder for the phisher.
I do this (although not automated), I login a few times with random details, hopefully so when the phisher trys to use the usernames/passwords they end up triggering some alert at the bank. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
participants (9)
-
Erin Salmon - Unleash Computers Ltd -
James Clark -
Jamie Finnigan -
Lin Nah -
Mark Karena -
Perry Lorier -
Richard Dingwall -
Webmaster -
Zach Bagnall