Hackers attempt to dupe NetRegistry customers

Powered by SC Magazine

Attackers try to open new accounts.

Scammers using a Brazilian domain name have targeted customers of large Australian domain name and hosting company NetRegistry, seeking usernames and passwords in order to launch new malware attacks.

NetRegistry, which lays claim to being Australia's largest domain name registrar and second largest web host, today warned its customers to ignore emails being sent from the domain coras.com.br with the subject line Please Update.

The offending message asks that NetRegistry subscribers provide their username and password in order to "verify a subscriber's profile" - and warns that failure to do so would "render your email address deactivated" [see full message below].

NetRegistry CEO Larry Bloch told iTnews he was not aware of any customers being affected as yet, but has his technical team monitoring services for any abnormal behaviour.

"There has been a little bit of an uptick in phishing scams targeting non-financial accounts," he said. "By that I mean that giving over your username and password won't necessarily give the hacker any financial gain, but they may use that account to upload malware on existing accounts or use it in conjunction with stolen credit card details to set up new accounts and spawn other nefarious scams," he said.

The challenge for NetRegistry is to identify compromised accounts, he said. This may become apparent, he said, should a single source (IP address) attempt to log-in to multiple accounts, which is unusual behaviour.

Bloch said NetRegistry won't be asking subscribers to update their security credentials until it is sure such a measure is absolutely necessary. "In all cases we have to find that balance between customer security and convenience," he said.

"In this case the best defence is the common sense of customers."

The phishing scam:

Subject: Please Update
From: Netregistry Account Billing support <fjbortolim@coras.com.br>
Date: Sun, 14 Mar 2010 23:18:16 +1100

Dear Netregistry  Subscriber, We are currently verifying our subscribers Profile in order to increase the Efficiency of our mail features.

Due to the congestion in all Profile users and removal of all unused Account, Netregistry  Will be shutting down all unused Profile,

To Join in the Recent Upgrade Taking Place at Netregistry ,You must Reply to this email by Confirming your account details below,



Failure to do this will immediately render your email address deactivated from our database.

Thanks for using Netregistry !

We are sorry for any inconvenience.

Netregistry  Customer Care Team.

Hackers attempt to dupe NetRegistry customers
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats