Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Gattling Gun Approach to Infecting Windows PCs | Main | Small Company Drowning in Spam—For Years »

June 08, 2007

What's Worse: The Disease or Cure?

A few days ago I received a typical PayPal phishing message. It may be a case of the way my email client software displayed the content of this particular message, but the actual link URL was plainly visible in the message. Like a majority of phishing sites these days, this one was on a hijacked web site owned by someone else. Unfortunately for the phisher, the domain name—which was clear as day in my email reader—not only had nothing to do with PayPal, but was without a doubt an adult site. How do I know? The domain name (composed of three run-together words) included the word "porno" and the F-bomb. Dot com.

To the actual site's credit, the front page includes sufficient warnings about the content within the site. There is nothing on the home page (other than the domain name) that would offend anyone.

Per my usual modus operandi, I sent an email to the site owner to advise of the hacking. I heard back within an hour or so that the phishing directory had been removed. The next day, however, I saw that the phishing page was still in operation. Another quick email exchange revealed that the site owner had removed the directory three times and was trying to find out how the site continued to be compromised.

I checked back today to see if he had been successful. Thankfully, the phishing page was gone. Not-so-thankfully, rather than just "404" ("not found") the page, the destination redirected my browser to a different adult site—one not too concerned about an accidental visitors' sensibilities. Lots o' pics of female anatomical features.

Adult web sites have a nasty habit of performing drive-by installs of malware and putting visitors into popup hell. I'm glad my accidental visit was done on a Macintosh, but that won't always be a guard against who-knows-what.

My real concern here is how others who follow such a phishing message link might react to seeing the adult site page out of the—um—blue. For a home user, the content might not be a big deal. But if this happens to someone at work, that porno site visit is probably being logged by the corporate IT department. Moreover, the browser cache is now loaded with dozens of bare-chested (and other regions) photo files. That can't be good.

The bottom lin...I mean end resul...I mean.... Let me start over. I'm glad the hacked site owner took responsible action to deactivate the phishing site; it's the way he did it that gives me pause.

Posted on June 08, 2007 at 10:01 AM