Re: New depths in phishing

[Lucy E. Lynch]

On Fri, 24 Mar 2006, Suresh Ramasubramanian wrote:

> On 3/24/06, Lucy E. Lynch <llynch@darkwing.uoregon.edu> wrote:
> > edu skimming - try http://umich.edu.com/
> edu.com is quite old as far as domains go... but its not really a
> phisher as far as i can see - its a purveyor of "online diplomas" from
> assorted universities, and some obvious  diploma mills (including
> those of the spamming variety, such as the University of Phoenix)
and collecting information from students interested in enrolling
at umich...

> www.imamoron.edu.com works as well .. by the way
>
>
> Registrant:
>   Vantage Media Corporation
>   1350 Abbot Kinney Blvd #203
>   Venice, California 90291
>   United States
>
>   Registered through: GoDaddy.com
>   Domain Name: EDU.COM
>      Created on: 24-Nov-98
>      Expires on: 23-Nov-10
>      Last Updated on: 14-Jun-05
>
>   Administrative Contact:
>      Administrator, Domain  domainadmin@vantagemedia.com
>      Vantage Media Corporation
>      1350 Abbot Kinney Blvd #203
>      Venice, California 90291
>      United States
>      3104823737      Fax --
>
>   Technical Contact:
>      Administrator, Domain  domainadmin@vantagemedia.com
>      Vantage Media Corporation
>      1350 Abbot Kinney Blvd #203
>      Venice, California 90291
>      United States
>      3104823737      Fax --
>
>   Domain servers in listed order:
>      PDNS1.ULTRADNS.NET
>      PDNS2.ULTRADNS.NET
>      PDNS3.ULTRADNS.ORG
>      PDNS4.ULTRADNS.ORG
>      PDNS5.ULTRADNS.INFO
>      PDNS6.ULTRADNS.CO.UK
>
>
> > nice!
> >
> > --
> > Lucy E. Lynch                           Academic User Services
> > Computing Center                        University of Oregon
> > llynch  @darkwing.uoregon.edu           (541) 346-1774
> >
> > ---------- Forwarded message ----------
> > Date: Thu, 23 Mar 2006 12:37:24 -0800
> > From: David Lundy <dlundy@pacific.edu>
> > Reply-To: UNIversity Security Operations Group <unisog@lists.sans.org>
> > To: unisog@lists.sans.org
> > Subject: Re: [unisog] Problems with EDU.COM domain
> >
> > It looks like a wild card.  Things like zzz.edu.com resolve.
> >
> > David Lundy
> > Acting IT Security Officer
> > University of the Pacific
> >
> > > > > YorkJ@brcc.edu 03/23/06 11:09 AM >>>
> > Wow, even lowly community colleges are listed in the phishing sites
> > edu.com.  They must have copied the entire .edu domain.  I just called
> > Educause (.edu registrar) to let them know about it--the lady I talked
> > to hadn't seen it yet, but promised to send the info to their
> > management.
> > Thanks
> > John
> >
> > John York
> > Network Engineer
> > Blue Ridge Community College
> >
> >
> > _______________________________________________
> > unisog mailing list
> > unisog@lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> > _______________________________________________
> > unisog mailing list
> > unisog@lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> --
> Suresh Ramasubramanian (ops.lists@gmail.com)
--
Lucy E. Lynch 				Academic User Services
Computing Center			University of Oregon
llynch  @darkwing.uoregon.edu		(541) 346-1774