[SGVLUG] Social engineering done right...
Jeff Keys
jskeys at gmail.com
Thu Mar 16 12:13:29 PST 2006
www2.postcards.org has the same IP address, 64.151.106.108, as
marty.netand a number of other domains. Looking a little further, the
"Marty
McKolskey Incident", at
http://www.everything2.com/index.pl?node_id=1468275may shed a ray of
light.
On 3/16/06, matti <mathew_2000 at yahoo.com> wrote:
>
> Hi,
>
> > Seems to me that there are probably three possibilities, in order of
> > probability:
> >
> > 1) The owner of postcards.org is doing this scam
> > 2) The system that hosts postcards.org is compromised and someone
> > thought it'd be a good way to scam people
> > 3) An insider @ ServePath configured the domain/system this way with
> > or without permission.
>
> 4) Adjacent system compromised (tom pointed this possibility out iirc)
>
> fyi - there also are various ways to attack DNS servers
> and host tables...
>
> google search brings up a few interesting notes:
> (searched on: postcards.org spyware)
> http://www.dynamoo.com/diary/postcards-org.htm
>
> spammuseum.co.uk had what appeared to be your
> exact server name "www2" but unfortunately
> the original page isnt available (google
> cache however does show it.)
>
> in fact postcards themselves explain a bit:
> http://www.postcards.org/postcards/special/aunt_edna_virus.html
>
> looks like postcards.org are really pissed off:
> "And if you happen to hit him with a fast-moving car,
> we'll won't be displeased."
>
> best
> matti
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20060316/f2c008c5/attachment.html
More information about the SGVLUG
mailing list