More Google Adwords Phish Pages

| | Comments (0)
We're noticing quite a lot of these appearing in mailboxes at the moment, all .cn and .kr domains. Here's a few more (that are currently confirmed as live) for your blocklists:

adwords.google.com.qsoil.cn/select/Login
adwords.google.com.apoim.cn/select/Login
adwords.google.com.kfion.cn/select/Login
adwords.google.com.tverdo.cn/select/Login
adwords.google.com.agrod.cn/select/Login

ottoggi.co.kr/bbs/data/schedule/1194604617/redirect.google.com
kilsangsa.or.kr/zero/data/buddha/1223246866/https/portal.google.com/www.adwords.google.com/select/Login.htm

Unsurprisingly, the .cn domains are all registered to "Mr Gfdthy", the same individual that owns the mehdo.cn domain. At least one of the Korean domains appears to be a legitimate website that's been hacked and had the phish page uploaded by the hacker, and so might not be part of the "main" campaign that's currently ongoing.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on October 11, 2008 6:20 PM.

Google AdWords Phish was the previous entry in this blog.

Large Collection Of Stolen EBay Logins is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.