trimMail’s Email Battles · Wrongfully Accused As A Phisher? Maybe, Maybe Not.

On the first day of November, 2005, Email Battles exposed Yet Another eBay Phishing Attempt.

In this rendition, the sender claimed to have filed charges against the recipient, hoping s/he would respond by clicking the link embedded in the message.

We discussed the social engineering techniques used by the phisher, then took you to the actual phishing site (see the attached graphic).

Then we gave you the publicly available mailto: for Espen Otterstad, the listed owner of the website that hosted the eBay phishing scam.

Owner Disavows This Social Engineering Phishing Scam Discovered On His Server
[Norwegian-Spawned Phishing Technique, netted in trimMail honeypot]

[Norwegian-Spawned Phishing Technique, netted in trimMail honeypot]

After over four months of silence, Otterstad wrote to tell us:

This is completely wrong.

Yes there was someone who exploited an security breach in my web server and installed the software and sent out email from my server, but it was not me.

When my ISP notified me about the trouble my Internet connection was closed at once while I took the server offline.

As you can see you clearly as getting me in loads of trouble with having my mail address and name clearly on the page.

Of course it is my responsibility to have my servers secure, but mistakes do happen. On your page I am shown as the one who made the worm which is not correct at all.

But as you can see by Otterstad’s admissions, we were not completely wrong. At the very least, his website was in use as a phishing site.

Nevertheless, mistakes do happen.

We responded to Otterstad with a series of questions designed to help verify his claim of victim status. Questions like:

When did you discover that your server was hacked?
How did the hacker gain access?
What software did the attacker compromise?
Which of your services did the hacker use?
What did the hacker install on your server?
What have you done to prevent future attacks?

In addition, we asked, when did he find out that the server was compromised, and then, when did he clean it up?

Finally, for outside verification, we asked Otterstad to provide contact information for someone in-the-know at his ISP.

No word from Otterstad. While we understand that email takes much longer from Norway, our skepticism is growing by the minute.

And about that “worm…” Don’t ask. We don’t know what he’s talking about, either.

Something lost in translation, perhaps?

Email Battles Backgrounder:

eBay Legal Threat Hooks Angry Phish; Email Battles; 1 November 2005.

How Go Daddy Lost A Longtime Customer To A Phisher; Email Battles; 17 January 2006.

2 comments

Comments feed for this article

March 22nd, 2006 at 4:47 pm

nellie

Four months huh? I wonder why it took so long and why he’s contacting you now.

April 4th, 2006 at 6:46 am

Chris

Just cause he ignored you doesn’t mean he did it. Doesn’t mean he cared enough to fix the problem. It’s the internet. He may not even have been smart enough to do this. Servers are not difficult to setup. Stick in a live CD or something like that and your up and running in under 10 minuets.

Wrongfully Accused As A Phisher? Maybe, Maybe Not.

Network Tools

News Sections

Recent Comments

2 comments

About Email Battles

NewsBytes

Chase trashes Circuit City customers

Vista for 100 bucks?

Dropped iPod Leads to Terror Alert

Intel Wi-Fi update ate my CPU cycles

Email Battles down for the count

NewsWire

Log Buffer #71: a Carnival of the Vanities for DBAs

Zune 8-Gig Disassembled Live

Possible Hizbullah Mole Inside the FBI and CIA

US Mobile Operator Discounts for Developers, IT Pros and MSPP Partners

Computer Security Consultant Controlled 250,000 Compromised PCs

Other Resources