Phishers Build Deceptive Links with DNS Wildcards 245
1sockchuck writes "In the continuing evolution of the phisher, the latest scams are crafting deceptive email links that include a bank's URL, but send victims to a phishing spoof site. The phishers are combining wildcard DNS, URL encoding and redirection services to construct the URLs. Netcraft has examples of emails that presented barclays.co.uk in the URL but sent clicks to a spoofed page at a server in Moscow. A DNS cache poisoning attack over the weekend also highlights the potential use of DNS tricks in 'pharming' (phishing using redirection rather than bait emails)."
Help on the horizon for Windows users! (Score:5, Funny)
Re:Help on the horizon for Windows users! (Score:5, Funny)
</homestar>
Re:Help on the horizon for Windows users! (Score:5, Interesting)
Re:FYI: (Score:2, Funny)
Just don't read emails from the bank (Score:5, Interesting)
Just don't read emails from the bank-Digital Faith (Score:2, Insightful)
Were's a technical solution when you need it?
Re:Just don't read emails from the bank-Digital Fa (Score:4, Insightful)
Re:Just don't read emails from the bank-Digital Fa (Score:5, Insightful)
This is an autmated letter from Bank of America. We need you to confirm your information. Please log in here by copying and pasting the link below:
http://bankofamerica.com|index.cfm|sid=1 00201952820932.slashdot.org/article.pl?sid=05/03/
Thank you for your time,
Bank of America.
Re:Just don't read emails from the bank-Digital Fa (Score:2, Interesting)
http://bankofamerica.com|index.cfm|sid=1%200020
Re:Just don't read emails from the bank-Digital Fa (Score:3, Insightful)
Re:Just don't read emails from the bank-Digital Fa (Score:4, Insightful)
The easiest thing is to turn off html, turn off display of inline images, and turn on display of full headers.
People (and companies) send way too much garbage as html or attachments that would be just fine as text. I got into the habit of using text as much as possible when working on a proposal with a bunch of astronomers who don't use MSOffice except at gunpoint. It works great, especially if you use things like sentences, paragraphs, and punctuation.
Re:Just don't read emails from the bank-Digital Fa (Score:5, Funny)
Check the evil bit [faqs.org] in the TCP/IP header.
Re:Just don't read emails from the bank-Digital Fa (Score:3)
* Have scripting
* Expose all links as their real address, with the link name in parens
* No embedded objects
* Remote images wouldn't load unless toggled
HTML isn't that much more complex than text. Why don't we just revert back to gopher? It's way more simple than HTTP and more secure. And text could conceivably be insecure also... For instance, a naive user who would even cut an paste a bogus URL, or some buffer overflow from a finely crafted text file (a la Micros
Re:Flash-forward. (Score:4, Interesting)
Going from Text to HTML is switching technologys.
If you rename a text file from hello.txt to hello.html and pull it up in your web browser you will lose all the formating as HTML expects you to do formating with HTML commands.
32 bits to 64 bits just means your computer can hold more information in one registar.
Also there is nothing stopping a kernel hacker from modifying Linux to store the time/date in two 32 bit regestars instead of one.
Text to HTML is like the diffrence between walking and riding a bike. To edit HTML you still need text. So if an issue were to crop up with Text (like the 32 bit time bug) not only could we not switch to HTML to fix it HTML would be screwed as well.
HTML is a good technology that (IMAO) has been been pushed too far too fast.
But it's not a replacement to text only a better choice when text won't do the job.
Kind of like how a desktop PC dosen't replace a pocket calculator.
And on that note I've been writing my documents mostly in HTML for 10 years now and using a PDA for the last 3.
And I still have a solar powered calculator and get all my e-mail in text.
Re:Just don't read emails from the bank (Score:4, Insightful)
I think most banks do what you are saying its just that there are so many STUPID people out there who fall for these OBVIOUS (to us at least) scams.
It is very frustrating that people fall for things like this and those dodgy African "lottery" wins that you didn't even enter.
Re:Just don't read emails from the bank (Score:2)
How are you supposed to log in without giving your password?
Advice that doesn't make sense is worse than useless.
Re:Just don't read emails from the bank (Score:3, Funny)
- 1. Lift tab to rim.
- 2. Pull back slowly.
- Do not use if tab is lifted.
D'oh!Re:Just don't read emails from the bank (Score:3, Interesting)
They are not stupid at all. DNS wildcards are a bitch and many banks use long obfuscated urls because they are applet based websites.
Re:Just don't read emails from the bank (Score:5, Interesting)
Simple. Effective. Can be defeated, but it would take orders of magnitude more effort.
No you can get e-mails and not worry (Score:4, Insightful)
Thus you don't need to worry about getting phished, but you don't need to exclude a convienent method of communication.
My bank actually doesn't do e-mail, they call me if they want my attentino, security reasons, however Paypal and eBay are both pretty much e-mail only. Not supprisingly, the phishes I do get are usually for those, not my bank.
Very confusing (Score:5, Informative)
Paypal got it right (Score:5, Interesting)
Paypal got this right. When the Phishers started going after them in earnest, they sent a bunch of e-mails to registered users saying "Paypal will never ask you to click on a link in e-mail". And all their e-mails about transactions or special offers say "If you would like to do this, enter www.paypal.com in your browser, and then click on tab $foo and then link $bar". It's a bit more effort for the consumer, but it eliminates the "Is this a real or fake e-mail" problem - if it contains any hyperlink at all, it's fake.
My credit card does the same thing. I get automated notifications that say "Your new statement is available online. To access it, go to www..com, and click on "My Statement".
Re:Paypal got it right (Score:3, Funny)
Re:Paypal got it right (Score:3, Interesting)
What I am waiting for is for these own3d PCs to get their hosts file edited to bypass what you are talkig about.
www.paypal.com [evil ip address]
www.bankone.com [evil ip address]
www.wamu.com [evil ip address]
and so on. The owned PCs are a much smaller population but I won't be suprised if the spammers/phishers resort to this tactic. Once they have access to your PC they can just keep corrupting your hosts file with "
and I got a WAMU phi
Re:Very confusing (Score:5, Informative)
This says that http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89g i8z.dvdlinKs.at/pgcgc3p/
goes to the kickme.to web site. THis applies to anything replacing the *.
Internet Explorer misreads the | as a network redirect (from NT4) and ignores the rest in URL so people think that they are going to Barclays Bank since that is what shows up in information windows.
Its very simple... (Score:4, Informative)
Re:Its very simple... (Score:5, Interesting)
Re:Its very simple... (Score:3, Funny)
I wonder how that affects https connection. Even if they steal the DNS, they shouldn't be able to get their certificate.
Well, verisign.com could be poisoned, too, you know...
Re:Its very simple... (Score:2)
Re:Its very simple... (Score:2, Informative)
Common Name: ibank.barclays.co.uk
Organization: Barclays Bank Plc
OU: Enable
And was issued by Verisign, expires on 03/08/2005 (UK format).
Which all looks OK, but as I have never had a bank account at Barclays I went there and let them have some crap data.
That's it (Score:5, Funny)
Re:That's it (Score:5, Funny)
Re:That's it (Score:2)
Re:That's it (Score:3, Interesting)
How long til your ARP packet includes a public key proving you are who you say you are?
Re:That's it (Score:2)
Dunno mate, but I bet the crack for it is out within 2 days.
Can't we just get together and agree that the internet isn't safe enough for banking, credit card details or personal information yet?
How about Banks start opening their own ISPs? That way they will be able to check their own records to see if transactions were fraudulent. You trust Banks with your house/CC details/wills/valuables already, why not trust the
Re:That's it (Score:2)
The thing is, it's plenty safe. This is a solved problem - the solution is cryptographically signed e-mail. The problem is, no one uses the solution.
Re:That's it (Score:2)
No, not really (Score:2)
ARPAnet was designed assuming that everyone on it would be government/research. There wasn't any worry about jackasses, if you were, you'd just get your access yanked. The Internet is open to all, thus lots and lots of assholes (espically anonymity beings out the worst in assholes). So some assumptions that were orignally made aren't val
Slashdotting "name" change? (Score:2, Funny)
That took too long (Score:2)
It's a rather obvious way in if you think about it.
I suspect it has happened before, but what the public doesn't know won't hurt them? Up until now anywya.
What about BGP poisoning! Oh the humanity.
Remember when... (Score:4, Interesting)
Remember when ICANN even thought of listening to Network Solutions?
Hope you do. Mental Bookmark.
Who has money any more? (Score:5, Funny)
The problem with simple rules to avoid Phisers (Score:5, Interesting)
If this isn't solved definitively, it could destroy e-commerce.
Re:The problem with simple rules to avoid Phisers (Score:3, Interesting)
I believe that the real solution to this is to make YOUR MONEY more secure, the weak link IMO is that credit cards fraud and identity theft are far to easy to get away with. Lets put in place a secure money system that does not rely on the secu
Trojan? (Score:2)
If a trojan is installed on your box, it could be keylogging or any number of other things anyways. At that point I think you're past worry about being phished, you've already been landed.
Re:The problem with simple rules to avoid Phisers (Score:2)
If you do this, you will not be taken in by a phishing exploit, ever.
Re:Faith in a higher-managment. (Score:2)
Re:The problem with simple rules to avoid Phisers (Score:2)
And the internet is certainly perfect now, what with all the spam, pop-ups, pop-unders, kick-throughs, doubleclick cookies, spam-dexing, spyware, etc, etc, etc. Frankly, it's all the marketers' fault in the first place for acclimating general users to this sort of communication and abuse. If you had never received a spam email or pop-up from a 'legitimate' business, wouldn't this kind of attack seem just a little bit
DNS cache poison can be stopped (Score:5, Informative)
To the extent of my knowledge, only two recursive DNS servers have this level of DNS poison protection: DjbDNS' dnscache [cr.yp.to] and MaraDNS [maradns.org].
It is also important to have bailwick protection. Basically, the recursive DNS server needs to look at a DNS reply, and filter out any answers not in the bailwick. Older DNS servers (and possibly poorly written embedded DNS caches and recursive servers) will get a reply like "www.paypal.com has the ip 10.1.2.3" to the question "what is the ip for www.phisherscum.com?", and incorrectly cache the data for www.paypal.com instead of saying "I didn't ask for paypal.com's ip, so I'll ignore this data as being out of bailwick".
Additionally, it improves security to restrict which IP addresses are allowed to make remote DNS queries. This is best done at the firewall level (don't allow any UDP connections to port 53 from the internet at large unless you have some domains hosted by the machine in question). This stops malicious servers sending a large number of requests to your dns server for www.paypal.com, and a number of bogus answers "www.paypal.com has the IP of some phishing site in China; remember this until 2007", until one of the answers looks valid and fools your DNS server.
In summary, by using a secuirty aware DNS resolver, you can minimize, if not eliminate the chances of being vulnerable to bogus DNS data.
Passwords should work both ways (Score:5, Interesting)
I usually ask them to give me some info from my file to prove that they actually are the credit card company they appear to be, or I call them back using the number in the official documentation.
I think passwords/authentication have to work in both directions. Perhaps e-banking would be more secure if the banking site had to show you proof of authenticity (for example, you ask the system a question about your file, and see if it responds correctly). In practice, this might involve some additional headaches, but I think it could work.
Perhaps the simplest scheme is that you enter your login info, but if you then complete a transaction without getting back the "correct" authentication answer, you call your bank immediately... they block the transaction, you change your password, and it is flagged immediately as a scam.
Thoughts?
Re:Passwords should work both ways (Score:4, Interesting)
Don't know why the US online banks don't have a similar system.
Re:Passwords should work both ways (Score:4, Informative)
Re:Passwords should work both ways (Score:2, Interesting)
And still they use checks... I have not used those for 17 years, used debit/credit cards or online banking since then.
My back has single use 4-digit code that are sent in bactches of 80 codes. You use your user id (that was not sent you by mail, you got it personaly from bank) and that single-use number to log in system. That was in 1980s when you used modem to connect online bank. When internet banking started, they add another security measu
Re:Passwords should work both ways (Score:2, Interesting)
Re:Passwords should work both ways (Score:2, Interesting)
Do you just need a regular password to login and make transactions on american banks? That sounds really weird in that case.
The ambiguities of trust (Score:3, Insightful)
I think this is already in place and widely used, although the present implementation seems quite hypocritical to me.
Supposedly at least, and someone might correct me on this, my understanding is that this is what protocols such as https are s
Re:The ambiguities of trust (Score:2)
If you knew how lax gui browsers really are with certs you'd shit yourself.
Re:Passwords should work both ways (Score:2)
Obviously, I'd prefer that the bank tell me something out of my personal file before I give them any information. However, if they dial the wrong number (or have been convinced to dial the wrong number), I certainly wouldn't want them to give out any secret information about me to strangers before I authenticate with them (along with the fact, that a lot of the "secret" information is given to so many places that breaking into any one of them would give you ac
Re:Passwords should work both ways (Score:2, Informative)
Re:Passwords should work both ways (Score:3, Insightful)
Then it doesn't matter who initiates future communication, because all messages can be authenticated against the sender's public key.
Re:Passwords should work both ways (Score:2)
Re:Passwords should work both ways (Score:2)
I'm setting myself up for a fall here, but I'm pretty secure that I'll never have a problem with phishers because a) I'm suspicious as hell, and b) there is fruit on the tree that's much lower hanging.
Two-way validation schemes (Score:2)
There are schemes which allow two parties to validate to one another (as opposed to one-way) without either revealing their secret. Effectively:
Re:Passwords should work both ways (Score:4, Insightful)
The SSL certificate that the bank's site presents to you when you connect is all the proof you need that your traffic is not being intercepted.
Unfortunatly, today's browsers hide the information about who the certificate was issued to away in a separate screen. IMO the subject of the certificate should be displayed in the status bar, where Firefox currently prints the hostname of the displayed site (needlessly, since that information is already in the address bar!)
But this isn't perfect. The certificate authorities treat the x509 dname as a unique block of text, rather than making sensible use of all the fields. Thus my bank presents a dname of "CN = www.ebank.hsbc.co.uk,OU = Terms of use at www.verisign.com/rpa (c)00,OU = Terms of use at www.verisign.com/rpa (c)00,O = HSBC Holdings plc,L = Sheffield,ST = South Yorkshire,C = GB".
IMHO our current CAs have buggered up the job, and deserve a good slapping. Instead of allowing a random company to buy its way into the CA market by paying off Netscape and Microsoft, we should ditch the present model for high-risk uses such as online banking.
Banks should issue their own (self-signed) certificates. When you open a bank account, you are supplied with the SHA1 and MD5 hashes of the certificate that the bank uses; the first time you visit the bank's web site, your browser throws up the "unidentified certificate" warning. You then eyeball the certificate, note that the hashes match those you have been provided with, and import the certificate into a store for future use.
The annoying thing is that we could do this *today*, if only people would start giving two shits about their security.
Maybe after a few thousand people get ripped off by identity thieves, people will start caring.
Re:Passwords should work both ways (Score:2)
That's pretty good. I'm not sure my elderly mother is gonna grok this though
In other news.. (Score:4, Funny)
I can sell you attractive hand made table of domain to IP mappings for the top 25 sites on the internet for just $5!
Re:In other news.. (Score:2, Funny)
Oh shoot, I hope IPv6 doesn't catch on soon, or I'll get carpal tunnel for sure.
Re:In other news.. (Score:2)
FireFence extension idea (Score:5, Interesting)
For this, it'd see they were in a similar range and not be too worried. If it suddenly noticed google was going to 192.168.1.100 (meh) then it would throw up alarms, "This site has a radically different address". Of course, that would be the defaults, there would be options to have it alert you for all ip changes and show you the list of past ips, optionally look it up on arin/ripe/apnic and see who owns the ip, all sortsa stuff.
Preferably it'd come with a list of known good sites, for paypal and a few banks or whatever.
I think a firefence would work a lot nicer than just the spoofstick, but I know NOTHING about coding one, just about what I'd want it to do.
Spoofstick (Score:5, Informative)
Re:Spoofstick (Score:2, Interesting)
Re:Spoofstick (Score:2)
Why get spoofstick for IE? The Netcraft Toolbar (used in TFA) shows the country that the server is located in even! That's much nicer.
Well, except for the fact it requires IE and Win2K or better. Kind of leaves out Mozilla/Firefox/Konqueror/Safari/Opera/Linux/Mac users. Frankly, I don't feel safe surfing with IE even with all the current security patches anyway. I do agree that showing the country the server is in is a nice feature, but it's not worth the price I'd have to pay (i.e. use IE [pun not inte
Re:Spoofstick (Score:2)
Of if a phisher gets the banks old IP...
In that sense it is more harmful that if it didn't exist. You're trusting the phisher, whose identity your scheme just confirmed the authenticty of.
It takes some evangelizing (Score:4, Insightful)
Re:It takes some evangelizing (Score:2, Informative)
Re:It takes some evangelizing (Score:2)
bankofamerica.com = phishers_ip_addy
So, even when you type in 'bankofamerica.com' in the browser's address bar, you still go to the bad guy's web server. ok?
Re:It takes some evangelizing (Score:2)
Of course, if you're going through all that trouble, just install a keylogger and be done with it.
Links (Score:5, Interesting)
My Anti-Phisher Scripts (attached) (Score:5, Interesting)
To do this, I use Acme Software's http_load [acme.com]. http_load takes, on its commandline, a filename containing a list of URLs to request. It then proceeds to send GET requests just as fast as the server can handle them. The trick is to use my Perl script to generate the http_load "loadfile".
First, my script. This could definitely be improved so that it fashions names and street addresses from dictionary words. For now, I just use random junk. To make this script work, you need to look at the phishing scam's HTML source. Find all INPUT tags. Any TYPE=HIDDEN name/value pairs must go in the url_base definition, since the server expects these to be static. The rest (all of the form fields) should go in the @inputs array.
I have another script that uses LWP::UserAgent to make the requests, which I wrote when a crafty phisher rejected submissions where HTTP_REFERER was not his phorm.
E-mail me with questions c-j-s-n-e-l-l_A-T_-_g-m-a-i-l_D-O-T_C-O-M
Chris
Re:My Anti-Phisher Scripts (attached) (Score:4, Informative)
Re:My Anti-Phisher Scripts (attached) (Score:2)
The cable and DSL companies could even loan the banks gigantic blocks of temporarily unused IP addresses, so that the phishers would have to throw out all of their real customers data along with the random noise.
Why is this still an issue? (Score:2, Insightful)
I suppose it's a bit much to ask for for the general internet populace to get a clue, however. Still, a warning hardly seems necessary here considering I'm pretty sure most Slashdot readers understand not to click banking links in their email for any r
Re:Why is this still an issue? (Score:2)
DNS cache poisoning? (Score:2)
Re:DNS cache poisoning? (Score:2)
You break into company X
You insert a dns record into their DNS records, eg barclays bank.
All hits on Barclays Bank then go to the IP address coded in the local DNS.
THe effects are localised but if you broke into a large ISP and did this it would catch a lot of people.
You missed the cache part (Score:5, Informative)
No. That is not cache poisoning, since it doesn't poison a cache. All DNS servers will cache records that they had to look up. It works like this: Someone queries a DNS server, asking what IP an address maps to. This DNS server doesn't know, and must query another server to find out. Our DNS server sends the query out to another DNS server that would know the answer (the authoritative server for that domain) and waits for a response. When it receives this response, it answers the original query and caches the response so the next time the same query is made it has the answer.
What the attacker does is sends out several (as in, a LOT of) queries to a DNS server for a name, say bank.com. Then, the same attacker sends out several (!) spoofed answers to this query, saying that bank.com maps to a certain address, which is actually some server the attacker controls. The goal is that your bogus response will beat the real response and be accepted by the target DNS server. If the attack is successful, this bogus answer is cached, so when someone else goes to look up bank.com from that particular DNS server, they get the IP of the attacker's server.
The trick is that a DNS server will pick a random number that it assigns to the query sent out to the next DNS server. The response must contain this number for it to be accepted as authentic. The attacker very rarely can know what that number is, hence the large amount of query and answer packets that must be sent out (you are essentially trying to get lucky and hope that one of your fake response packet's number matches one of the server's query packets). In a perfect world, these numbers would be truly random and an immense amount of bandwidth would be required to get enough packets to the server to have a shot at guessing correctly. However, many of the DNS servers pick random numbers out of a much smaller field than they should.
Re:DNS cache poisoning? (Score:4, Informative)
One example of a cache poisining attack is for a DNS server to provide 'extra answers' for a query.
eg: dns resolver (for an ISP) asks ns.network.net for the records for www.network.net, because some user wants to look at it. No problem it says, and gives back the address of www.network.net.
However, if ns.network.net was malicious, it might also give the address of www.bank.com. If the resolver then accepted this address of www.bank.com and entered it into its cache, well, www.network.net has just taken control of www.bank.com.
(This is why various DNS resolvers have features to ignore additional answers to queries, or ignore answers outside the 'bailiwick' of the server, or things like that. Glue records do make the situation more complex than I've described.)
Related methods (Score:5, Insightful)
It would be trivial for the spyware which is rampant on the average user's wintel PC to alter their network settings to point the user at custom DNS servers run by the spyware companies. These could act as dns caching proxies for the most part, but then selectively fail to resolve sites the spyware companies don't want you to see, selectively redirect your queries to the webservers they do want you to see, and in the hands of the nefarious, spoof your bank site too. Until the massive gaping holes in the average user's wintel PC are closed, complex infrastructure exploits are really a waste of time. It's so much easier just to seize their PC and have your way with it.
First time (Score:2, Interesting)
Just had a seriously troubling thought.... (Score:3, Interesting)
They could then design a login page that doesn't even have to be encrypted (I'm sure most people wouldn't bother to notice) which mimics the real bank's login page. They give one or two "failed" login attempts before redirecting the browser to the real site.
Instead of hijacking dns in some weird way, it simply instructs the local computer to resolve certain DNS entries to something defined locally. After the user thinks they got their password wrong, the phisher's web server redirects the user to the real bank's login page.
This would be something that is entirely possible (virus spread by active x, email, whatnot) and monitors the web browser history for recent activity for a list of known banks, and once that user does their online banking, spoofs the local machine to go elsewhere for subsequent banking. The user doesn't know what happened, and in the meantime types in their banking information that would reveal bank accounts, etc.
Once successfully mined, the bad guys might send an 'abort' sequence to remove all evidence of what happened and move on to the next guy, thus making it hard to track what really happened. Since that entry would be removed from the HOSTS file when that happens, most people would assume they got a string of bad luck for a few login attempts and all seems to be well again (only it's not, since that personal information is now made not quite so personal anymore).
Just suppose this virus created keeps a low enough profile for long enough, even having a firewall antispyware and virus scanner might not help you out.And DNS wildcards are totally sidestepped.
DNS is the achilles heel (Score:4, Insightful)
DNS is the achilles heel of the web. Take down/redirect/spoof/molest DNS, and it doesn't matter how many redundant whatevers and caching whothingies you have.
Nobody's getting to you.
And they may be getting to somebody else.
But DNS isn't glorious, so we'll keep spending the time/money on other things...
Call me sick and sadistic, but...... (Score:3, Interesting)
Not only that but when I hover the mouse on the link, it shows the target URL at the bottom and resolved to a fixed IP address (e.g. http://219.44.99.123/ as an example. I just made this address up) rather than point to their respective DNS names.
So (this is the sick and sadistic part comes in), I figured I'd fill out their forms with my "personal" information which is entirely made up. Everything on the form was invented. The name, the address, everything, including the credit card number. After doing that, I sent a copy to abuse@ebay.com, etc.
On one occasion, I got a response email stating there was a problem with my credit card information and I needed to reenter it.
The probem here was that I use the first 4 legitimate digits for visa, but the other 12 digits were entirely fictional and the checksum digit did not match.
I've been toying with the idea of using a credit card number generator and getting past that specific problem, but what if the number that the cc generator picks happens to be a legitimate credit card number and some poor shmuck gets charged? I'm not quite that sadistic.
I wonder if my bank would be gracious enough to issue me a defunct credit card that I could use specifically for this purpose. Failing that, what we need is a list of banned credit card numbers, so when these scammers try to use them, there's a trail that leads the authorities right to their door to haul them away and give them what they deserve.
The way I see it, they took the time to write me for my information which they'd use to screw me, and the least I should do is to return the favor and give them just enough to make them think they got away with it but in fact they expose themselves to getting caught.
Re: (Score:2)
Gmail helps stop this (Score:2)
I'm not sure if anyone will read this warning, but it seems like a step in the right direction. And one interesting way in which webmail can provide a feature that's not feasible for normal e-mail clients.
Re:Gmail helps stop this (Score:2)
As nifty as gmail is and all, most of the their "new" features have been available for years in mail clients like mutt. It's mostly a case of people not knowing to turn on the functionality that gmail is now giving everyone
Re:dns? links? (Score:4, Funny)
Re:dns? links? (Score:2)
0102.043.0372.0226
Does not seem to be mozilla friendly, but seems to work with IE and Konquror
Re:dns? links? (Score:2)
Re:Phishing? Pharming? (Score:5, Funny)
Re:Phishing? Pharming? (Score:2)