ViddyHo GTalk Phishing Site- Part of a Phishing Network
I just got a message on GTalk from someone I almost never talk with on IM. The message:
Check out this funny video- http://tinyurl.com/something
Upon clicking, I was redirected to viddyho.com, which asked for my GTalk login:
Of course, I didn’t enter my gmail credentials, as I can’t think of a reason why I should add my email/IM credentials to check out a video on someone else’s site. But I’m guessing quite a few people did. Looking at the whois information
ICANN Registrar: GODADDY.COM, INC.
Created: 2009-02-17
Expires: 2011-02-17
Updated: 2009-02-17
Registrar Status: clientDeleteProhibited
Registrar Status: clientRenewProhibited
Registrar Status: clientTransferProhibited
Registrar Status: clientUpdateProhibited
Name Server: NS1.AFRAID.ORG (has 34,014 domains)
Name Server: NS2.AFRAID.ORG
Whois Server: whois.godaddy.comAdministrative Contact:
Ton-That, Cam-Hoan
HappyAppy Inc
25 Stillman St
San Francisco, California 94107
United States
(415) 627-8634 Fax –Technical Contact:
Ton-That, Cam-Hoan
HappyAppy Inc
25 Stillman St
San Francisco, California 94107
United States
(415) 627-8634 Fax –Domain servers in listed order:
NS1.AFRAID.ORG
NS2.AFRAID.ORG
You can see that the site has only been around for a couple of days. Also, if you go to the root, you’ll see that ViddyHo is “Coming Soon”, but if you go to /videos.php, you can see the full list of sites that they’re trying to capture credentials from:
- MSN Messenger
- AIM
- ICQ
- Yahoo!
- Google Talk
- Myspace
Another thing: all the images on the ViddyHo site are being served up from a photobucket account, which has a few other albums aside from one called viddyho:
1. Twitquizzes- Featuring photos of twitter users like Shaq, Hammer, and other celebrities.
2. HaveYou- Which seems kind of random.
3. Yourather- Which has a lot of random images.
So, it looks like someone has created a bunch of sites aimed at hijacking usernames and passwords, and likely are holding them for ransom or paying them.
Filed under: GTalk Phishing, social media, ViddyHo
Seems to me that the HaveYou photobucket album is pics or peoples avatars/display pics that have fallen foul of the scam
Uggggh. I just received an IM from a friend and was skeptical about entering my Gmail info into the form at Viddyho.com as well. But I stupidly typed in my account username and password and the site froze. I’m not sure that anything happened but I changed my Gmail password just now — just in case. What a pain!
[...] My small VPS was not able to handle so many concurrent users. Sorry for any downtime. Blogstring confirms that Viddyho is indeed part of a phishing network with similar phishing hooks for Myspace, [...]
You want to know the source – look up RBN…..
Pete- good point.
MaryJ- yes, definitely change your password.
[...] El Blogger Nathan Burke buscó la información de ese nombre de dominio viddyho.com y descubrió que el sitio Web existe solo desde la semana pasada. También observó que viddyho.com está dirigido a varios protocolos distintos de chat más allá de Gmail, incluyendo AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger y MySpace. [...]
Can’t believe bastards! Thanks for the heads up Nathan!