Hackers attempt to dupe NetRegistry customers

Powered by SC Magazine
 

Attackers try to open new accounts.

Scammers using a Brazilian domain name have targeted customers of large Australian domain name and hosting company NetRegistry, seeking usernames and passwords in order to launch new malware attacks.

NetRegistry, which lays claim to being Australia's largest domain name registrar and second largest web host, today warned its customers to ignore emails being sent from the domain coras.com.br with the subject line Please Update.

The offending message asks that NetRegistry subscribers provide their username and password in order to "verify a subscriber's profile" - and warns that failure to do so would "render your email address deactivated" [see full message below].

NetRegistry CEO Larry Bloch told iTnews he was not aware of any customers being affected as yet, but has his technical team monitoring services for any abnormal behaviour.

"There has been a little bit of an uptick in phishing scams targeting non-financial accounts," he said. "By that I mean that giving over your username and password won't necessarily give the hacker any financial gain, but they may use that account to upload malware on existing accounts or use it in conjunction with stolen credit card details to set up new accounts and spawn other nefarious scams," he said.

The challenge for NetRegistry is to identify compromised accounts, he said. This may become apparent, he said, should a single source (IP address) attempt to log-in to multiple accounts, which is unusual behaviour.

Bloch said NetRegistry won't be asking subscribers to update their security credentials until it is sure such a measure is absolutely necessary. "In all cases we have to find that balance between customer security and convenience," he said.

"In this case the best defence is the common sense of customers."

The phishing scam:

Subject: Please Update
From: Netregistry Account Billing support <fjbortolim@coras.com.br>
Date: Sun, 14 Mar 2010 23:18:16 +1100

Dear Netregistry  Subscriber, We are currently verifying our subscribers Profile in order to increase the Efficiency of our mail features.

Due to the congestion in all Profile users and removal of all unused Account, Netregistry  Will be shutting down all unused Profile,

To Join in the Recent Upgrade Taking Place at Netregistry ,You must Reply to this email by Confirming your account details below,

UserName:

Password:

Failure to do this will immediately render your email address deactivated from our database.

Thanks for using Netregistry !

We are sorry for any inconvenience.

Regards,
Netregistry  Customer Care Team.


Hackers attempt to dupe NetRegistry customers
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Telcos finally briefed on data retention details
Update: AGD offers list of data to be stored.
 
Qld Health hires short-term CIO, CTO
Ray Brown leaves after five years at IT helm.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 557

Vote