We've labelled this as a phishing scam, and have banned the originator. Please do not reply or click the helpful download link.
The PM goes something like this:
Originally Posted by hanabi
HI [member name]
My name is Piotr i represent hakin9 IT security magazine (for details, please, see below)
In the upcoming issue we are going to have consumers tests on routers.
Our goal would be to help readers to make a good choice when buying a
router.
Because You are router user i have request to You. Can You give us your opinion about special model of router that you're using? In return we'll publish your comment in our magazine and your name will definately appear as well. What do You think? Can You do it? We can cooperate in diffferent areas as well if You are able You can write short, introductory article about routers, because we need it and by that we can start our cooperation
let me know if You're interested. please do not leave me with no reply.
Best regards
Piotr Musial
Below You have questions:
1) Why have you / your company chosen this Router?
2) Have you used any other routers? What kind of router did you use before
and why did you decide to change it?
3) What other routers have you considered and why you haven't bought these
ones after all?
4) How is the router working with your computer? Does it meet your
expectations? What are the good and the weak points?
5) Did you have any breakdowns, problems, hang - ups? What was the reason?
6) 6) 2 notes (1 - 5)
-quality/price
-final, general note
7) Final conclusions, general impressions? Would you recommend it to other
users /companies?
------------------
About hakin9
hakin9 is a monthly magazine covering questions of breaking into computer
systems as well as defense and protection methods, yaniyathe latest security tools
and events.
Our magazine is published in 7 language versions in about 20 countries!
We have great readership in Europe and
in September we hit the USA (available in Barnes&Noble) and Australia.
England & South Africa are next.
I don't know if you are familiar with hakin9?
If not, here's the link to one of our archive issues:
http:// software.dt.pl / download.php? [unique ID string]
Here's how it works:
- You tell them your router model, so they can look up the factory admin/pass for your router.
- If you click the helpful download link for "a free issue" they get your router's IP address.
- If you haven't changed the admin pass AND have insecure security settings (you allow admin to login to your router from the internet side) then they can own your router.
- They check how many comps are on your LAN if they can, and start turning on DMZ for each comp in turn.
- If they hit a Windows box, they try to own it.
- Anyone using a router is likely to have a broadband connection, so these would make good zombie comps for sale.
The download could be a trojan, or could even be a faked-up magazine issue. The content doesn't matter, since what they really want is to associate an IP to your router model.
Note the bad spelling, grammar issues, and erratic capitalization. The domain for the link and the originator's IP address both map out to Poland, with no whois registration info available. You'd think a Polish magazine would cover router models available in Poland (in Euros) rather than hit random internet boards elsewhere.
They even sent a red herring PM to a staff member, asking for permission to set up a "discussion group" for their project. Then they started pumping out the PMs to regular members. The PM to staff was meant to slow us down, let more phish PMs get through.
All in all, a very slick phish. Some good thought went into it. Now if only they could address the incompetent language translation ... even the Nigerian Royal Family in exile might get more if they just fixed the language issues. You'd think they'd have figured that out after all these years.
Top
