MSN Privacy Threat – passionzz.com

Hi,

Here another Privacy threat similar to the previous already seenĀ  the malicious domain is spreaded by offline MSN contacts in form of

http://_mail_address.passionzz.com

Here the classical source html already seen:

<html>
<head>
<title></title>
</head>
<frameset rows=”*,30,1″ frameborder=0>
<frame src=”indexx.php” name=”">
<frame src=”abuse.html” name= frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame>
<frame src=”body.php” name= frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame>
</frameset>
</html>

-> abuse.html

<center><b>Send Abuses to <a href=”mailto:abuse@cpashield.com”>abuse@cpashield.com</a></b>

-> body.php

<img src=”http://www.ipcounter.de/count.php?u=53083499&amp;color=pink&#8221; alt=”" border=”0″ width=0 height=0></a></noscript><img src=”http://www.ipcounter.de/count.php?u=54136814&amp;color=pink&#8221; alt=”" border=”0″ width=0 height=0></a></noscript>

-> indexx.php

Redirection to http://www.incentaclick.com/nclick.php?id=16550&cid=3915&sub=newadx_passion

<html><head><title>Incentaclick Media</title><meta http-equiv=’refresh’ content=”0;url=http://banners.passion.com/go/page/25647_landing_passion_01b?pid=p497792.sub16550-newadx_passion&ip=auto”></head><body></body></html>

Tracking Cookie Installation

Set-Cookie: IncentaclickUC391516550=391516550newadx_passion; expires=Wed, 24-Sep-2008 17:08:59 GMT; path=/; domain=.incentaclick.com
Set-Cookie: IncentaclickUC391516550=391516550newadx_passion; expires=Wed, 24-Sep-2008 17:08:59 GMT; path=/; domain=www.incentaclick.com
Set-Cookie: IncentaclickTrackCookie3915=16550-newadx_passion; expires=Sun, 23-Nov-2008 17:08:59 GMT; path=/; domain=.incentaclick.com
Set-Cookie: IncentaclickTrackCookie3915=16550-newadx_passion; expires=Sun, 23-Nov-2008 17:08:59 GMT; path=/; domain=www.incentaclick.com

After that Incentaclick trasparently installs its tracking cookies you’re redirected to

http://banners.passion.com/go/page/25647_landing_passion_01b?pid=p497792.sub16550-newadx_passion&ip=auto

Registry Data

ICANN Registrar: ENOM, INC.
Created: 2008-08-24
Expires: 2009-08-24
Updated: 2008-08-24
Registrar Status: clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM (has 99,883 domains)
Name Server: DNS2.REGISTRAR-SERVERS.COM
Name Server: DNS3.REGISTRAR-SERVERS.COM
Whois Server: whois.enom.com

jQuery(‘#registryDataContainer’).show();

Server Data

IP Address: 127.0.0.1
IP Location – Loopback
Response Code: 200
Domain Status: Registered And Active Website

Remove Instructions

Remove Cookie and Change your MSN Passwords!!!!

See you to the next Post… :)

About these ads

This entry was posted on Monday, August 25th, 2008 at 5:39 pm and is filed under (In)Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to MSN Privacy Threat – passionzz.com

  1. TeMerc says:
    August 25, 2008 at 5:49 pm

    I just posted this site and another with related sites got over at hpHosts:
    http://forum.hosts-file.net/viewtopic.php?p=4848&sid=76b60902e46e02ce192dd42717a1986c#p4848

    Reply
  2. evilcodecave says:
    August 26, 2008 at 5:07 am

    Hi,

    The fake Legal Advice is only for Social Engineering scopes, is not really Legal, I’ll talk about that problemin another post

    Reply
  3. jennyBold says:
    January 5, 2009 at 4:39 am

    just
    2 empty lines

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: