Web blog d'un ingénieur en sécurité informatique.
IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs...
Contact: philippe.vialle@wanadoo.fr
This time, one of the email addresses I use as 'honeypots' received a new email pretending to give me the opportuniy to check if some (former) MSN contacts had blocked me. Well, this is quite very known: at least, nobody knows what they guys will do with your MSN credentials after the "test" : - ID spoofing? - social engineering? - online purchase fraud (part of)?
Anyway. I however clicked on the link, to see if there was any malicious file I could analyse.
First of all, if you just click on "connexion" without providing any credentials, Google Chrome will alert you. Well then, but... a bit late! Why the hell Chrome does not warn at the very first access to this suspicious website?
I was astonished to notice the following link: document.write('<scr' + 'ipt language="javascript" type="text/javascript" src="http://www.kiblok.net.powered-by.zango.com/?a772aa7bfe/ga679ab72f4&g"></scr' + 'ipt> Wow ! powered by Zango!! Guess who was right suspecting it?