Server too busy on some kind of phishing sites?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Someone sent me a few links of suspicious links, but all I get is
'server too busy' so cannot figure out if they are trying to
distribute malware or just trying to gather personal intel.

One uses a Skype hook: hxxp://www.skype-2011-support.net

The other Adobe:  hxxp://www.adobe-2011-downloads.net


Re: Server too busy on some kind of phishing sites?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 2 Dec 2010 06:08:10 -0800 (PST), Duh_OZ
Quoted text here. Click to load it

Forgive me for stating the obvious, but if they're "suspicious links"
why do you want to click on them?

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBTPexw6RseRzHUwOaEQIFbwCgwpVG+tMzlzuf0xfLBmSlkAA8NeYAoKBS
BUpDHeWeyqbtEJYIH2/iJe+p
=6Cnl
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

usenet flamewars:
http://www.queenofcyberspace.com/usenet /

Remove CLOTHES to reply.

Re: Server too busy on some kind of phishing sites?

Quoted text here. Click to load it

To obtain the suspicious content.

Because he ...



Re: Server too busy on some kind of phishing sites?

Quoted text here. Click to load it

Wanted to see what the hook was!

Assuming it was malware, first to see if Kaspersky would catch it
(before a download attempt I use a "view-source:link" ) and then if
not flagged by 'K, download it and submit it to VT.

Moot of course since I could not access either.

Re: Server too busy on some kind of phishing sites?

Quoted text here. Click to load it

Wanted to see what the hook was!

Assuming it was malware, first to see if Kaspersky would catch it
(before a download attempt I use a "view-source:link" ) and then if
not flagged by 'K, download it and submit it to VT.

Moot of course since I could not access either.

***
Probably just "ThinkPoint" scareware.
***



Re: Server too busy on some kind of phishing sites?

On Thu, 02 Dec 2010 09:48:46 -0500, Laura Fredericks

Quoted text here. Click to load it

Possibly hoping that  some kind clown
will click on them for her?

Griffin

Re: Server too busy on some kind of phishing sites?

"Duh_OZ" wrote:

Quoted text here. Click to load it

I can connect but both servers take ages to respond.

Quoted text here. Click to load it

Could be either/both, a way of adding you to spam lists, or a scam to
lighten your wallet but they want you to "join" to find out.

Quoted text here. Click to load it

Redirects to:
h**p://www.voip-2010-instant-download.net/index.asp?aff=13340
Following a "join" link:
h**p://www.voip-2010-instant-download.net/join.asp
redirects to:
h**ps://secureonline.ru/p05/join.aspx?siteid=5686&product=152&cli=7&descriptionid=skype1&lng=en
redirects to:
h**ps://secureonline.ru/p05/(S(ar5t01jusdlnzm45l4nhzc55))/join.aspx?siteid=5686&product=152&cli=7&descriptionid=skype1&lng=en

- - -
Step 1

Create your login

 Make worldwide calls to anyone now! Get instant access by filling in
 the information below:

 Your E-mail: [ ]
 Confirm E-mail: [ ]

 Download Instructions will be sent to this email. Your personal info
 is kept confidential.

Contact information

 First Name: [ ]
 Last Name: [ ]
 Country/Region: [ ]

[ ] Yes, I wish to receive discount coupons, special offers or promotions
 about other products  [Proceed to Next Step]
- - -

Quoted text here. Click to load it

Redirects to:
h**p://www.new-2011-pdf-download.com/1/
Following a "join" link:
h**p://www.new-2011-pdf-download.com/join.asp
redirects to:
h**ps://secureonline.ru/p05/join.aspx?siteid=5704&product=pdf&cli=7&descriptionid=pdf1&lng=en
redirects to:
h**ps://secureonline.ru/p05/(S(ijuzky55o55p3tunvd1ri5bo))/join.aspx?siteid=5704&product=pdf&cli=7&descriptionid=pdf1&lng=en

Gives the same login creation page as before but the first sentence is:
"Get the best PDF Manager available today!"



*OT* Re: Server too busy on some kind of phishing sites?

Quoted text here. Click to load it

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Thanks:  i was finally able to get to one of the pages but took 5
minutes to load.

I did find this write-up about it:
http://blog.mxlab.eu/2010/09/14/malicious-spam-campaign-regarding-adobe-acr =
obat-2010-pdf-reader-and-voip-addons-for-skype/
http://tinyurl.com/2ep7p5j

I changed the subject to add an *OT* as it is just a spoof site to
collect intel and not deliver any malicious code (or so it seems).


Site Timeline