illurity-logo
Log in

Site menu:

Categories

Tags

Site search

November 2018
M T W T F S S
« Dec    
 1234
567891011
12131415161718
19202122232425
2627282930  

Links:

Archives

Domain Hijacking Made Easy

Apologies in advance for randomly picking on Yahoo…

The domain (illurity.com) on which this site lives was registered with Yahoo Small Business (YSB). In addition to registration, YSB also provides DNS services through a convenient web-interface. Logging in to the YSB admin portal uses the same credentials as other Yahoo services, such as Yahoo IM and Yahoo Mail. Simple. Convenient. Of course, this sort of service is commonly available through many other providers, so what is described here is in no way unique to YSB.

Looking at the whois information for illurity.com, you will see that my Yahoo email address appears under the “Admin Email” field. Under the “Tech Email” field, you will see the Yahoo account domain.tech@YAHOO-INC.COM. According to the available whois report, there are some 2.7 million records registered to that email address. Lots of folks seemed to have registered their domains with YSB.

So let’s say someone procures a list of all the domains whose “Tech Email” field is domain.tech@YAHOO-INC.COM, effectively providing a list of all the domains registered through YSB. A simple whois on those domains would then provide the end-user/registrant email address via the “Admin Email” email field. Simple address harvesting of a focused target.

Now assume that this someone then registers a similarly named phishing domain, something like yahoo-smallbusiness.com (and rather than registering it through YBS in a twisted recursive gesture, registers it for use in a fast-flux fashion). And then they start sending targeted form-driven emails to the harvested addresses, something like:

Dear [harvested real name],

As the registrant of the [harvested domain name] with Yahoo! Small Business Solutions, you are invited to enroll in our new Strong Authentication service at no charge, and under no obligation. Strong Authentication will help to protect you against identity theft by requiring a secondary proof-of-identity, beyond your Yahoo! ID and Password, in order to login to your Yahoo! services. This second-factor of authentication will help to protect the confidentiality of your account even in the event of credential theft.

Get started now!

To learn more about the service, click the “Get Started Now!” button above, or type the URL http://login.yahoo-smallbusiness.com/login.html into your web-browser if your mail reader does not support embedded links.

Thanks again for choosing Yahoo! Domains!

Best regards,
The Yahoo! Small Business team

So if an unrealistically modest 1% of 1% (.0001%) of the 2.7 million targets falls for that (where the form submissions are caught and redirected with something simple like this), it will net 270 people, or 270 hijackable domains. Of those domains, some set of them will likely provide services of a sort, which could then easily become targets (through redone DNS records and site replication) for further phishing attacks.

Seems a pretty good reason for these sorts of services to really offer two-factor authentication.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.