Aug 11 2010

CDT: ISP Level Gmail Phishing

Published by at 10:47 pm under Censorship,China internet

Via @torproject comes a link to a China Digital TImes (a site run at Berkeley) that gives just a brief notice that some users behind the GFW are having their gmail login attempts redirected to hxxp:// where they are asked to enter their password. Chinese users reporting this redirect believe that the redirects are being performed by the ISP. Interestingly, is a CNC host in Xinjiang.

At the time of this post the hxxp:// site is not operating (from the US or the PRC according to webpulse).

The original info apparently came from ntdtv:
中国ISP騙取gmail密码 被現場抓獲

UPDATE: I was looking closely at the screen cap that shows the source and it appears that part of the phishing app is hosted on, which doesn’t presently have an IP address assigned although the DNS record was updated on August 10.

Comments Off

Comments are closed at this time.