ViddyHo GTalk Phishing Site- Part of a Phishing Network

I just got a message on GTalk from someone I almost never talk with on IM. The message:

Check out this funny video- http://tinyurl.com/something

Upon clicking, I was redirected to viddyho.com, which asked for my GTalk login:

Of course, I didn’t enter my gmail credentials, as I can’t think of a reason why I should add my email/IM credentials to check out a video on someone else’s site. But I’m guessing quite a few people did. Looking at the whois information

ICANN Registrar: GODADDY.COM, INC.
Created: 2009-02-17
Expires: 2011-02-17
Updated: 2009-02-17
Registrar Status: clientDeleteProhibited
Registrar Status: clientRenewProhibited
Registrar Status: clientTransferProhibited
Registrar Status: clientUpdateProhibited
Name Server: NS1.AFRAID.ORG (has 34,014 domains)
Name Server: NS2.AFRAID.ORG
Whois Server: whois.godaddy.com

Administrative Contact:
Ton-That, Cam-Hoan
HappyAppy Inc
25 Stillman St
San Francisco, California 94107
United States
(415) 627-8634 Fax –

Technical Contact:
Ton-That, Cam-Hoan
HappyAppy Inc
25 Stillman St
San Francisco, California 94107
United States
(415) 627-8634 Fax –

Domain servers in listed order:
NS1.AFRAID.ORG
NS2.AFRAID.ORG

You can see that the site has only been around for a couple of days. Also, if you go to the root, you’ll see that ViddyHo is “Coming Soon”, but if you go to /videos.php, you can see the full list of sites that they’re trying to capture credentials from:

  • MSN Messenger
  • AIM
  • ICQ
  • Yahoo!
  • Google Talk
  • Myspace

Another thing: all the images on the ViddyHo site are being served up from a photobucket account, which has a few other albums aside from one called viddyho:

1. Twitquizzes- Featuring photos of twitter users like Shaq, Hammer, and other celebrities.

2. HaveYou- Which seems kind of random.

3. Yourather- Which has a lot of random images.

So, it looks like someone has created a bunch of sites aimed at hijacking usernames and passwords, and likely are holding them for ransom or paying them.

8 Responses to “ViddyHo GTalk Phishing Site- Part of a Phishing Network”

  1. Seems to me that the HaveYou photobucket album is pics or peoples avatars/display pics that have fallen foul of the scam

  2. Uggggh. I just received an IM from a friend and was skeptical about entering my Gmail info into the form at Viddyho.com as well. But I stupidly typed in my account username and password and the site froze. I’m not sure that anything happened but I changed my Gmail password just now — just in case. What a pain!

  3. [...] My small VPS was not able to handle so many concurrent users. Sorry for any downtime. Blogstring confirms that Viddyho is indeed part of a phishing network with similar phishing hooks for Myspace, [...]

  4. You want to know the source – look up RBN…..

  5. Pete- good point.

  6. MaryJ- yes, definitely change your password.

  7. [...] El Blogger Nathan Burke buscó la información de ese nombre de dominio viddyho.com y descubrió que el sitio Web existe solo desde la semana pasada. También observó que viddyho.com está dirigido a varios protocolos distintos de chat más allá de Gmail, incluyendo AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger y MySpace. [...]

  8. Can’t believe bastards! Thanks for the heads up Nathan!

Leave a Reply

You must be logged in to post a comment.