Bitcoin Forum
December 13, 2017, 04:47:37 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: *** WARNING **** Liberty reserve phishing attack  (Read 1783 times)
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 18, 2013, 10:49:30 AM
 #1

Anyway, there's a very serious fishing attack ongoing:

If you google for 'liberty reserve', the first add you get says:

Quote
Annonse relatert til liberty reserve

    libertyreserve.com - Liberty Reserve
    www.libertyreserve.com/
    largest payment processor and money transfer, Login now!

Then, when you click that link, you're forwarded to http://llbertyreserv.com/en/login/

This is a phishing site, inputting credentials there means you'll lose all liberty reserve funds that you have.


And it seems like the criminals are raking in:

http://www.talkgold.com/forum/r384797-.html

From an academic viewpoint, this phishing attempt is quite clever..

The real bad thing here is that adsense is getting exploited, leading users that google for Liberty Reserve to click on that link. You should be rather alert not to click on it. Seasoned users would not do it, but for beginners and for anyone tired it's easy to do a mistake.

I can't phantom why Liberty Reserve doesn't have mandatory two-factor authentication ?

The thieves probably are using fake id and fake visa towards google/adsense and probably multiple Liberty Reserve accounts, and most likely trying to withdraw from there as quickly as possible, but coupled with Liberty Reserve in general being very poor at customer service, this is a disaster.
1513140457
Hero Member
*
Offline Offline

Posts: 1513140457

View Profile Personal Message (Offline)

Ignore
1513140457
Reply with quote  #2

1513140457
Report to moderator
1513140457
Hero Member
*
Offline Offline

Posts: 1513140457

View Profile Personal Message (Offline)

Ignore
1513140457
Reply with quote  #2

1513140457
Report to moderator
1513140457
Hero Member
*
Offline Offline

Posts: 1513140457

View Profile Personal Message (Offline)

Ignore
1513140457
Reply with quote  #2

1513140457
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513140457
Hero Member
*
Offline Offline

Posts: 1513140457

View Profile Personal Message (Offline)

Ignore
1513140457
Reply with quote  #2

1513140457
Report to moderator
chmod755
Legendary
*
Offline Offline

Activity: 1148


View Profile WWW
March 18, 2013, 11:10:00 AM
 #2

Reported to Google & others!
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 18, 2013, 11:19:14 AM
 #3

Reported to Google & others!

I sent a PM to one google employe on this forum, usually whenever I want to tell Google something it's really frustrating because I don't have any e-mails to send to, and there doesn't seem to be any reporting mechanism directly connected to the ad.

DAMN: That was fast, it seems to have gone already!
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 18, 2013, 11:21:14 AM
 #4

Seems like the domain is registered through GoDaddy, I'll give them notice.

Quote
  Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: LLBERTYRESERV.COM
      Created on: 17-Mar-13
      Expires on: 17-Mar-14
      Last Updated on: 17-Mar-13

   Registrant:
   asad asdad
   asdad
   delhi, Delhi 1100091
   India

   Administrative Contact:
      asdad, asad  dunncwhu@hotmail.com
      asdad
      delhi, Delhi 1100091
      India
      2188075364

   Technical Contact:
      asdad, asad  dunncwhu@hotmail.com
      asdad
      delhi, Delhi 1100091
      India
      2188075364

   Domain servers in listed order:
      NS75.DOMAINCONTROL.COM
      NS76.DOMAINCONTROL.COM
Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196


Another block in the wall


View Profile
March 18, 2013, 11:24:56 AM
 #5


From an academic viewpoint, this phishing attempt is quite clever..

The real bad thing here is that adsense is getting exploited, leading users that google for Liberty Reserve to click on that link. You should be rather alert not to click on it. Seasoned users would not do it, but for beginners and for anyone tired it's easy to do a mistake.


"quite clever"? You make it seem like a new exploit. That's why we have AdblockPlus, NoScript, Sandbox, etc.......


In Cryptography we trust.
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 18, 2013, 11:30:23 AM
 #6


From an academic viewpoint, this phishing attempt is quite clever..

The real bad thing here is that adsense is getting exploited, leading users that google for Liberty Reserve to click on that link. You should be rather alert not to click on it. Seasoned users would not do it, but for beginners and for anyone tired it's easy to do a mistake.


"quite clever"? You make it seem like a new exploit. That's why we have AdblockPlus, NoScript, Sandbox, etc.......

As opposed to the spam e-mails that you receive with phishing attempts, where it says: "Log in to your account within 24 hours or else you will lose your account", this is more clever, absolutely. It's blatantly criminal, so I'm not applauding it, but you gotta give the crooks some credit for their ingenuity.

Personally I do not know how this could go undetected for 5 days according to the TalkGold thread I linked to in the first post. And yes, it's the first time I've seen this kind of phishing. I would think both Liberty Reserve and Google/Adsense would have a bigger interest of avoiding stuff like this in the first place, but I guess profit is more important for them than adding lots of measures to prevent stuff like this. Still with good routines, I guess some ads may slip through the cracks anyway if it's manually verified, and probably ads are not verified before put online at all.
chmod755
Legendary
*
Offline Offline

Activity: 1148


View Profile WWW
March 18, 2013, 11:37:51 AM
 #7

Quote
Nmap scan report for llbertyreserv.com (203.124.116.1)
Host is up (0.38s latency).
rDNS record for 203.124.116.1: sg2nlhg558c1558.shr.prod.sin2.secureserver.net
Not shown: 986 filtered ports
PORT      STATE  SERVICE VERSION
21/tcp    open   ftp     PureFTPd
22/tcp    open   ssh     OpenSSH 5.1 (protocol 2.0)
|_ssh-hostkey: 1024 62:5e:b9:fd:3a:70:eb:37:99:e9:12:e3:d9:3f:4e:6c (DSA)
80/tcp    open   http    Apache httpd
|_html-title: Liberty Reserve \xE2\x80\x93 largest payment processor and money transf...
443/tcp   open   http    Apache httpd
|_html-title: 403 Forbidden
50000/tcp closed iiimsf
50001/tcp closed unknown
50002/tcp closed iiimsf
50003/tcp closed unknown
50006/tcp closed unknown
50300/tcp closed unknown
50389/tcp closed unknown
50500/tcp closed unknown
50636/tcp closed unknown
50800/tcp closed unknown

btw.: I made a little bookmarklet to report phishing to several services:
Quote
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!