Monday, June 27, 2016

Fasterized Phishing Fail

Hi all, so this a quick and short post about an epic fail involving a bank, AV vendors and SaaS provider.

So, im minding my own business, thinking to go phishing some new shizzle, and all of the sudden le wild credit-agricole phish appears


checking VT and a whopping 10/67 results say this a phish! hide yo kids, hide yo pass
so me, as kind of n00b, thought, hey those people at those vendors have more experience, they must know what they talking about.
so i started to snoop around as that domain shadowing seemed quite interesting.
apparently the AV vendors dont know what they are doing, its either the horde detection, or bad detection algorithm, because as soon as i checked what it is i immediately found those funny domains belong to fasterize a service that act as a smart proxy for your site to reduce bandwidth and reduce load times of the pages, apparently it also the fast track to get your site blacklisted for "phishing" because the url mimic the real credit-agricole site.

conclusion, blacklisting is crap, there always will be another bad domain, but whitelisting would save the embarrassment here, i think fasterize is a new service and they should communicate with AV vendors with aggressive blacklists if they want to offer their service to banks.

bonus: they need to update their certificate



No comments:

Post a Comment