At 4:06 PM +1300 2/21/07, Nick FitzGerald wrote: >Steve Pirk wrote: > >> Another site that puts up a warning instead of just taking >> down a phishing site: >> >> http://www.bh2day.net/medialoader/midi2/Flagstar.html.3gp > >By the time you posted, the target site had been "defaced". > >I was looking at it about an hour earlier and it had already been >defaced then. I'm guessing that either the phisher installed and left >an open "PHP shell" (or similar) as part of his compromise/hack/phish >kit or the site had some other obvious access method which someone >p*ssed at the phish attempt took upon themselves to use to "fix" the >phishing site. Not common, but not entirely uncommon either...
Well as of 0700 EST it was phishing Flagstar Bank. What is interesting is that the server is configured to serve up .3gp files as text/html. The site currently frames the real phishing site at: http://ambalalfamily.info/forum/images/admine/e/.htacces/index.htm Tom _______________________________________________ phishing mailing list [email protected] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
