MSN Credentials Theft nustuff4u.com

December 6, 2008

Hi,

My MSN-honeypot catched in these moments another classical MSN Credentials theft.

The system used is the classical Offline Message sent by an already compromised contact.

Here the message:

___________________________

Xxx scrive:
Xxx check out these awesome pics from the awesome party LOL   http://Yyy.nustuff4u.com

__________________________

nustuff4u.com presents a classical form that asks for

MSN E-Mail

MSN Password

and as usual the already see (please refer to my previous MSN releated blog posts) a disclaimer..

Now let’s investigate a bit on this domain..

ICANN Registrar: ENOM, INC.
Created: 2008-12-04
Expires: 2009-12-04
Updated: 2008-12-04
Registrar Status: clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM (has 151,962 domains)

IP Address: 202.64.61.208 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location Hong Kong – Hong Kong (sar) – Hong Kong – Ta_kung_pao

And finally we can see that is Whois Protected
Domain name: nustuff4u.com

Registrant Contact:
WhoisGuard
WhoisGuard Protected ()