Recently I found two Chinese phishing/scam sites: a site about stocks from Shanghai Huaer Securities, and a government lottery. These two types of sites use a large number of pages with an IFRAME displaying the main site, and both follow a similar layout. The domain names are registered to different people, so the phishers may not be affiliated.
Shanghai Huaer Securities
This site claims to be a stock trading company for the Shanghai Securities market.
 |
| Shanghai Securities trading site. |
The main sites is hosted on huaerzq.com. The "Add to Favorite" links do not use the same domain, rather they leverage short links (http://www.goo.gl/YebPW) which redirect to huaer88997766.now.to, which is simply an IFRAME to huaerzq.com.
There are many now.to sub-domains which display this website:
soso112233.now.to huaer88997766.now.to hua123567000.now.to hua88899900.now.to gugu99889988.now.to gugu001122.now.to lang123123.now.to gugu6677.now.to 168.hua8899.now.to soso9988.now.to gugu8899.now.to 33223388.now.to
Government lottery
The second type of site claims to be a Government lottery. Proceeds are purported to help the kids you see on the right side. I found two slightly different versions of this site.
 |
| Fake government lottery |
www.330069.com 55882.co.cc 55571.co.cc
And the following domains contain an IFRAME to one of the sites above:
797.feels3.de 90.ezpagez.com www.66797.co.cc
These sites are not blocked by any popular phishing blacklist that I am aware of, and will therefore likely stay up for some time.
-- Julien
Posts
1 comments:
I absolutely adore reading your blog posts, the variety of writing is smashing.This blog as usual was educational, I have had to bookmark your site and subscribe to your feed in ifeed. Your theme looks lovely.Thanks for sharing.
regards:
Stock Tips
Post a Comment