Hackers attempt to dupe NetRegistry customers

Powered by SC Magazine
 

Attackers try to open new accounts.

Scammers using a Brazilian domain name have targeted customers of large Australian domain name and hosting company NetRegistry, seeking usernames and passwords in order to launch new malware attacks.

NetRegistry, which lays claim to being Australia's largest domain name registrar and second largest web host, today warned its customers to ignore emails being sent from the domain coras.com.br with the subject line Please Update.

The offending message asks that NetRegistry subscribers provide their username and password in order to "verify a subscriber's profile" - and warns that failure to do so would "render your email address deactivated" [see full message below].

NetRegistry CEO Larry Bloch told iTnews he was not aware of any customers being affected as yet, but has his technical team monitoring services for any abnormal behaviour.

"There has been a little bit of an uptick in phishing scams targeting non-financial accounts," he said. "By that I mean that giving over your username and password won't necessarily give the hacker any financial gain, but they may use that account to upload malware on existing accounts or use it in conjunction with stolen credit card details to set up new accounts and spawn other nefarious scams," he said.

The challenge for NetRegistry is to identify compromised accounts, he said. This may become apparent, he said, should a single source (IP address) attempt to log-in to multiple accounts, which is unusual behaviour.

Bloch said NetRegistry won't be asking subscribers to update their security credentials until it is sure such a measure is absolutely necessary. "In all cases we have to find that balance between customer security and convenience," he said.

"In this case the best defence is the common sense of customers."

The phishing scam:

Subject: Please Update
From: Netregistry Account Billing support <fjbortolim@coras.com.br>
Date: Sun, 14 Mar 2010 23:18:16 +1100

Dear Netregistry  Subscriber, We are currently verifying our subscribers Profile in order to increase the Efficiency of our mail features.

Due to the congestion in all Profile users and removal of all unused Account, Netregistry  Will be shutting down all unused Profile,

To Join in the Recent Upgrade Taking Place at Netregistry ,You must Reply to this email by Confirming your account details below,

UserName:

Password:

Failure to do this will immediately render your email address deactivated from our database.

Thanks for using Netregistry !

We are sorry for any inconvenience.

Regards,
Netregistry  Customer Care Team.


Hackers attempt to dupe NetRegistry customers
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1766

Vote
Do you support the abolition of the Office of the Information Commissioner?